I have a Windows Server 2003 Domain with 70+ user accounts. Each user account has a home directory mapped to a folder on the file server. The mapping is for the "H:" drive is \\fileserver\users\USERNAME. I have been told that from time to time some users open their H: drive and find not their own files and folders, but the parent directory showing all the users folders. One of the users believes that someone recently accessed information in her home directory and would like to know who. How is it that these drives could be mapping to the parent directory in the first place, and how do I track who is accessing someone else's home directories?

Audit Object Access: Reports file and folder access. Must be implemented here, and then the individual file/folder must be configured for auditing within its properties in order to fully enable this feature. As far as I know, that's what's needed to determine who accessed the home directory. You really can't blame the user if the entire directory was available. Correct the permissions to avoid it in the future. How do you know when a politician is lying? His mouth is moving.

The sharename should be: \\servername\userid$ and not the way you have it set up. EEOC

I would look at two things. 1) Check the way the shares are mapped. You can either set it up as per the previous post with shared folders for each user. I personally prefer sharing the root home folder i.e. \\servername\homearea$\%username%. I feel limiting the number of shares is tidier and also limits the risks should your network become infected with a virus that expoits shares such as vbs.runauto. 2) Ensure security is set correctly on the root of the home area share and that this is inherited through the folders. At most, SYSTEM, Administrators/Domain Admins and the user should have full control of their folder. No one else should even be able to read. I suspect it is a security setting that is causing your issues. Can I also ask how the H:\ drive is mapped? Do you do it through the login script section of the users properties in Active Directory or through the logon script section of a Group Policy. I find the policy route more reliable. Hope this helps. IT Services Manager