When selected, this option directs Active Roles to attempt the creation or renaming of a (non-local) home folder on the file server when the Home Directory property is set or modified on a user account in Active Directory. The renaming of the home folder is attempted if the Home Directory property value contains the %username% notation and the changes to the user account include modification of the pre-Windows 2000 logon name of the user account. In other cases, the creation of a new home folder is attempted.
For example, with the Connect: Z: To: \\Server\Share\%username% policy setting, selecting this check box together with the option to apply the policy setting upon creation of a user account causes Active Roles to attempt the creation of the home folder for the user account. Active Roles attempts to create the holder with the following network path: \\Server\Share\LogonName where LogonName stands for the pre-Windows 2000 logon name of the user account.
Another example is setting the Home Drive and Home Directory properties on an existing user account in Active Directory: With this check box selected, Active Roles attempts to create the folder specified by the network path that is assigned to the Home Directory property.
If creation or renaming of the home folder fails on the file server, then the creation or modification of the user account fails as well. To prevent such an error condition, you could un-select this check box.
The result is that Active Roles applies the changes to the Home Drive and Home Directory properties in Active Directory without attempting an operation on the file server, which allows the use of a different tool for creating home folders on the file server.
Upon creation or renaming of a home folder for a particular user account, this option ensures that the user account has the same rights on the home folder as it has on the folder in which the home folder resides.
With the Grant Full Access setting, the user account is authorized to perform any operation on the folder and its contents except for making changes to permission settings. With the Grant Change Access setting, the user account is authorized to view and modify the contents of the folder.
Figure 60: Home share management
When you configure the policy to create home shares, you can specify the prefix and suffix for the home share names.
Specifying a prefix and suffix allows you to establish a naming convention for home shares. Suppose you want home shares to be displayed at the top of the list of shares. To do so, you can use an underscore as the prefix. You may also assign a suffix to distinguish home shares created by the policy. For example, to distinguish the home shares of users from the Sales department, you could use the suffix _s. Then, when you create a user account with the pre-Windows 2000 logon name set to JohnB, the policy will map the user’s home folder to the selected drive and specify \\Server\_JohnB_s as the path to the home folder. The policy will also create the share _JohnB_s that points to the folder \\Server\Home\JohnB.
You can also limit the number of users that can connect to the share at one time. Click Maximum allowed or Allow this number of users. With the latter option, specify a number in the box next to the option.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책