This is probably something really easy, but I'm lost, so here goes. I'm running my file server on windows server 2003. I have a kixtart script set to run from my domain controller that will map a private P: drive for each user: \\server\profile$\username. It will create the folder 'username' if it doesn't already exist. It works great, but my question is, how do I automatically set permissions on the 'username' folder when it is created? ie: I don't want userA to be able to type the command "\\server\profile$\userB" and gain access to all of userB's private files... I know it's just a matter of permissions but how do i set them up dynamically? If i wasn't clear please ask any questions... any help is appreciated.

You set them on the folder that contains your user profiles (ie: \\servername\share\%username%) and make sure they're inherited. This way, when a new folder is created under \share, the perm's will be the same as all the other folders under \share.

I know that, but isn't there a way to do it dynamically upon folder creation, I don't want to go do this for 100+ users...? Thanks.

cacls, not sure of the syntax, but look that up, & add it to your Kix scripts.

If you've set your share up correctly and the perm's on the root folder for the user profile folders and have inheritance enabled....each new folder will get the appropriate perm's when it's created. It doesn't have to be done manually. In the normal course of things the only groups I would have added to the \\servername\share folder would be the administrator and/or the domain admin group, and the "Authenticated Users" group. Then, when the new folders are created, those groups would be added to the ACL of the new user profile folders with the appropriate permission levels (as copied from the root). If you understand anything about groups in 2000/2003 you'll know that the authenticated users group only allows the owner (ie: the person the profile folder is named after) into that folder (as well as the administrator). If anyone else tries, they get "access denied".

Thanks for your help CurtR it worked. I'd like to ask another question though, if you're still reading these. Having done the private user shares, I'm doing the same type of thing with departments; all of which have members in a different group, so I want everyone who's in particular security group to have access to these folders upon creation. Is there a way or default group like "authenticated users" that will acheive my goal? Thanks. Apologies if these questions seem trivial, but I'm new to windows server 2000/03.