Re: server 2008 questions

[Forwarded to Server General and Server Security newsgroups for broader
exposure.]

Kim K wrote:
> I am struggling with my first server 08.....I would like to make the
> password policy less restrictive and cannot figure it out, and nothing I
> have read applies to what the screens are. Please help!!!
>
> Additinally I am trying to create a user directory for each employee and
> will make that their home directory. In server 03 I created this using
> the
> name$ to hide it from others. What are the steps I need to create folders
> for each staff member?
>
> Lastly regarding folders, I want to create a shared folder that will lauch
> via a script for all employees and others folders for certain groups, with
> read/modify and move permissions but no delete. How do I do so?

Kim,
Is your Windows Server 2008 a domain controller or it is in a workgroup.

If it is in a workgroup, then go to start, Administrative Tools, Local
security policy, and on Account Policies, you will see password policy. If
you are in a domain, then you may want to look into your default domain
policy in GPO by going to start, administrative tools, Group policy
management, and select your domain and choose default domain policy, right
click and edit. Go to computer configurations, policies, windows settings,
account policies, password policy.



--
Isaac Oben [MCTIP:EA, MCSE]
"PA Bear [MS MVP]" <> wrote in message
news:...
> [Forwarded to Server General and Server Security newsgroups for broader
> exposure.]
>
> Kim K wrote:
>> I am struggling with my first server 08.....I would like to make the
>> password policy less restrictive and cannot figure it out, and nothing I
>> have read applies to what the screens are. Please help!!!
>>
>> Additinally I am trying to create a user directory for each employee and
>> will make that their home directory. In server 03 I created this using
>> the
>> name$ to hide it from others. What are the steps I need to create
>> folders
>> for each staff member?
>>
>> Lastly regarding folders, I want to create a shared folder that will
>> lauch
>> via a script for all employees and others folders for certain groups,
>> with
>> read/modify and move permissions but no delete. How do I do so?
>

Hello Kim,

Password policy has to be configured in a GPO in the domain policy under
computer configuration, windows settings, security settings, Password policy.

If you have forest/domain functional level windows server 2008 you can also
use the "fine grained password policy" to have different settings based on
OU's:
http://technet.microsoft.com/en-us/l.../cc770394.aspx

http://technet.microsoft.com/en-us/l.../cc770842.aspx

Have a look here abolut folder redirection:
http://technet.microsoft.com/en-us/l.../cc732275.aspx

http://technet.microsoft.com/en-us/l.../cc778976.aspx

http://technet.microsoft.com/en-us/l.../cc785925.aspx

When you use Group policy preferences you can map a network drive to the
users. For OS versions earlier then Vista/2008 you have to install the Client
side extensions on the machines.

CSE XP 32bit:
http://www.microsoft.com/downloads/d...displaylang=en

CSE XP 64bit:
http://www.microsoft.com/downloads/d...displaylang=en

CSE 2003 32 bit:
http://www.microsoft.com/downloads/d...displaylang=en

CSE 2003 64bit:
http://www.microsoft.com/downloads/d...displaylang=en

CSE Vista 32bit:
http://www.microsoft.com/downloads/d...displaylang=en

CSE Vista 64bit:
http://www.microsoft.com/downloads/d...displaylang=en


If they should have the permissions to modify, they also need the delete
permission, modifying is deleting the old file and saving the new file, but
you will not see this in reality.

I assume you like to prevent users from deleting folders you created in the
structure, so you can use the "Advanced" permission and configure in detail
the different levels of folder/file structure for the users/groups. Try it
out with a test share for yourself first. If you edit here a user/group you
can see the "Apply to" field, here you can set the level where your permissions
will apply.

Keep in mind as deep as you configure it, as much work in case of problems
you will have, especially if you do not document it!!!

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> [Forwarded to Server General and Server Security newsgroups for
> broader exposure.]
>
> Kim K wrote:
>
>> I am struggling with my first server 08.....I would like to make the
>> password policy less restrictive and cannot figure it out, and
>> nothing I have read applies to what the screens are. Please help!!!
>>
>> Additinally I am trying to create a user directory for each employee
>> and
>> will make that their home directory. In server 03 I created this
>> using
>> the
>> name$ to hide it from others. What are the steps I need to create
>> folders
>> for each staff member?
>> Lastly regarding folders, I want to create a shared folder that will
>> lauch via a script for all employees and others folders for certain
>> groups, with read/modify and move permissions but no delete. How do
>> I do so?
>>

Thank you so much for your help! After a long day trying to figure out what
is wrong with a login script at work I came home to find that server 2008 was
a bit different adn my patience had worn quite thin.

I managed to find the advanced setting for NTFS permissions, I am glad as
with your help I can function now.

My ONLY other question is that when I set up a folder and share it out, and
I am specifying/wanting one user for a home directory, is this correct? And
do I no longer or maybe its not even necessary to hide it?

Thank you again!
--
Thanks,,
Kim


"Meinolf Weber [MVP-DS]" wrote:

> Hello Kim,
>
> Password policy has to be configured in a GPO in the domain policy under
> computer configuration, windows settings, security settings, Password policy.
>
> If you have forest/domain functional level windows server 2008 you can also
> use the "fine grained password policy" to have different settings based on
> OU's:
> http://technet.microsoft.com/en-us/l.../cc770394.aspx
>
> http://technet.microsoft.com/en-us/l.../cc770842.aspx
>
> Have a look here abolut folder redirection:
> http://technet.microsoft.com/en-us/l.../cc732275.aspx
>
> http://technet.microsoft.com/en-us/l.../cc778976.aspx
>
> http://technet.microsoft.com/en-us/l.../cc785925.aspx
>
> When you use Group policy preferences you can map a network drive to the
> users. For OS versions earlier then Vista/2008 you have to install the Client
> side extensions on the machines.
>
> CSE XP 32bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> CSE XP 64bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> CSE 2003 32 bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> CSE 2003 64bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> CSE Vista 32bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> CSE Vista 64bit:
> http://www.microsoft.com/downloads/d...displaylang=en
>
>
> If they should have the permissions to modify, they also need the delete
> permission, modifying is deleting the old file and saving the new file, but
> you will not see this in reality.
>
> I assume you like to prevent users from deleting folders you created in the
> structure, so you can use the "Advanced" permission and configure in detail
> the different levels of folder/file structure for the users/groups. Try it
> out with a test share for yourself first. If you edit here a user/group you
> can see the "Apply to" field, here you can set the level where your permissions
> will apply.
>
> Keep in mind as deep as you configure it, as much work in case of problems
> you will have, especially if you do not document it!!!
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > [Forwarded to Server General and Server Security newsgroups for
> > broader exposure.]
> >
> > Kim K wrote:
> >
> >> I am struggling with my first server 08.....I would like to make the
> >> password policy less restrictive and cannot figure it out, and
> >> nothing I have read applies to what the screens are. Please help!!!
> >>
> >> Additinally I am trying to create a user directory for each employee
> >> and
> >> will make that their home directory. In server 03 I created this
> >> using
> >> the
> >> name$ to hide it from others. What are the steps I need to create
> >> folders
> >> for each staff member?
> >> Lastly regarding folders, I want to create a shared folder that will
> >> lauch via a script for all employees and others folders for certain
> >> groups, with read/modify and move permissions but no delete. How do
> >> I do so?
> >>
>
>
>

Hello Kim,

Hiding or not for the folders depends on you. On the ADUC user account properties
you can point the to the home folder.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thank you so much for your help! After a long day trying to figure
> out what is wrong with a login script at work I came home to find that
> server 2008 was a bit different adn my patience had worn quite thin.
>
> I managed to find the advanced setting for NTFS permissions, I am glad
> as with your help I can function now.
>
> My ONLY other question is that when I set up a folder and share it
> out, and I am specifying/wanting one user for a home directory, is
> this correct? And do I no longer or maybe its not even necessary to
> hide it?
>
> Thank you again!
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Kim,
>>
>> Password policy has to be configured in a GPO in the domain policy
>> under computer configuration, windows settings, security settings,
>> Password policy.
>>
>> If you have forest/domain functional level windows server 2008 you
>> can also
>> use the "fine grained password policy" to have different settings
>> based on
>> OU's:
>> http://technet.microsoft.com/en-us/l.../cc770394.aspx
>> http://technet.microsoft.com/en-us/l.../cc770842.aspx
>>
>> Have a look here abolut folder redirection:
>> http://technet.microsoft.com/en-us/l.../cc732275.aspx
>> http://technet.microsoft.com/en-us/l.../cc778976.aspx
>>
>> http://technet.microsoft.com/en-us/l.../cc785925.aspx
>>
>> When you use Group policy preferences you can map a network drive to
>> the users. For OS versions earlier then Vista/2008 you have to
>> install the Client side extensions on the machines.
>>
>> CSE XP 32bit:
>> http://www.microsoft.com/downloads/d...D=e60b5c8f-d7d
>> c-4b27-a261-247ce3f6c4f8&displaylang=en
>> CSE XP 64bit:
>> http://www.microsoft.com/downloads/d...d=249C1AED-C1F
>> 1-4A0B-872E-EF0A32170625&displaylang=en
>> CSE 2003 32 bit:
>> http://www.microsoft.com/downloads/d...d=BFE775F9-5C3
>> 4-44D0-8A94-44E47DB35ADD&displaylang=en
>> CSE 2003 64bit:
>> http://www.microsoft.com/downloads/d...d=29E83503-768
>> 6-49F3-B42D-8E5ED23D5D79&displaylang=en
>> CSE Vista 32bit:
>> http://www.microsoft.com/downloads/d...D=ab60dc87-884
>> c-46d5-82cd-f3c299dac7cc&displaylang=en
>> CSE Vista 64bit:
>> http://www.microsoft.com/downloads/d...d=B10A7AF4-8BE
>> E-4ADC-8BBE-9949DF77A3CF&displaylang=en
>> If they should have the permissions to modify, they also need the
>> delete permission, modifying is deleting the old file and saving the
>> new file, but you will not see this in reality.
>>
>> I assume you like to prevent users from deleting folders you created
>> in the structure, so you can use the "Advanced" permission and
>> configure in detail the different levels of folder/file structure for
>> the users/groups. Try it out with a test share for yourself first. If
>> you edit here a user/group you can see the "Apply to" field, here you
>> can set the level where your permissions will apply.
>>
>> Keep in mind as deep as you configure it, as much work in case of
>> problems you will have, especially if you do not document it!!!
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> [Forwarded to Server General and Server Security newsgroups for
>>> broader exposure.]
>>>
>>> Kim K wrote:
>>>
>>>> I am struggling with my first server 08.....I would like to make
>>>> the password policy less restrictive and cannot figure it out, and
>>>> nothing I have read applies to what the screens are. Please
>>>> help!!!
>>>>
>>>> Additinally I am trying to create a user directory for each
>>>> employee
>>>> and
>>>> will make that their home directory. In server 03 I created this
>>>> using
>>>> the
>>>> name$ to hide it from others. What are the steps I need to create
>>>> folders
>>>> for each staff member?
>>>> Lastly regarding folders, I want to create a shared folder that
>>>> will
>>>> lauch via a script for all employees and others folders for certain
>>>> groups, with read/modify and move permissions but no delete. How
>>>> do
>>>> I do so?