Adding additional permissions to user home directories

Question

Is it possible to add additional groups to the default permissions assigned to user home directories created with Ranger Account Manager?

Resolution

Instructions

When setting permissions on account home directories, Ranger Account Manager explicitly replaces the DACL (permissions) with Domain Admins (full), System (full), (full) and (optionally) additional groups defined in the advanced settings dialog (full).

Inheritance is also turned off so that the user's root folder does not inherit permissions from the parent folder.

This is by design as typically user home directories are created under a path such as "d:users". Default Windows 2000 and NT4 permissions on the "users" folder typically give "Everyone" full control. If this is inherited then access problems are likely to occur. Likewise, if the existing permissions were simply added to those inherited, then the inherited permissions could allow unauthorised user access.

This functionality is implemented for security reasons to remove the chance of users being able to access each other's home areas.

Additional groups to whom full control is given when creating users can be added via the OptionsSettings dialog.



Alternatively, user accounts and home directories can be created manually or permissions can be modified post-Ranger Account Manager: