Microsoft KB Archive/817009

= The default permissions for home folders in Windows Server 2003 and in Windows 2000 are different =

Article ID: 817009

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-





SUMMARY
When you use the Microsoft Windows Server 2003 Active Directory Users and Computers utility (click Start, point to Administrative Tools, and then click Active Directory Users And Computers), you can create new home folders so that they can inherit the permissions of their home (parent) folder. The Windows Server 2003 Active Directory Users and Computers utility was designed this way to provide more flexibility to an administrator. This flexibility provides an administrator with the ability to set the preferred permissions on the parent folder before creating the home folders (which will be child folders of the parent). Then, when the Windows Server 2003 Active Directory Users and Computers utility is used to create home folders, each new home folder will automatically inherit the permissions of the pre-configured parent folder.

For example, if you try to use the Windows Server 2003 Active Directory Users and Computers utility to create a home folder on a Microsoft Windows 2000 domain controller, you may see that the default permissions applied to the new home folder is set so that the Everyone group has Full Control user permission. This behavior is by design because the parent folder is typically set with the Everyone group assigned Full Control.

The Windows 2000 Active Directory Users and Computers utility does not have the capability for a new home folder to inherit the permissions of its parent. Therefore, the Windows 2000 Active Directory Users and Computers utility automatically defines the permissions on a new home folder for you by assigning the administrator and the owner of the home folder Full Control permission. This default permission behavior that is used by the Windows 2000 Active Directory Users and Computers utility for a new home folder cannot be configured (changed).



MORE INFORMATION
To obtain Windows 2000 home-folder-like behavior, you can continue to use the Windows 2000 Active Directory Users and Computers utility to create a new home folder, or use the Windows Server 2003 Active Directory Users and Computers utility and modify the permissions on the parent folder so that the newly created home folder will automatically inherit the customized permissions.

You can also turn off the ability for the parent folder to propagate its permissions to child folders (turning off inheritance). To do this, follow these steps on the server that is hosting the home folders:
 * 1) In Windows Explorer, right-click the parent folder, and then click Properties.
 * 2) On the Security tab, click Advanced.
 * 3) Click to clear the Allow inheritable permissions from the parent to propagate to this object and all child objects check box.
 * 4) Click OK.

