OK so I have trunas 12 in my domain to replace my windows file server. Everything is working fine on the truenas end right up till the point i start to setup user share permissions. I dont see how truenas can get granular with setting up each users folder inside of a dataset so that they only have access to their own folder and then give one public folder to share between. I have a VERY SIMPLE environment for a less than 50 users small business, I have 2 virtual host servers, with everything on VM’s . Both domain controllers, and app servers, etc… the only way i can think to do this, is to setup and ISCSI connection to the server that’s hosting all my VM’s and then have that basically be my windows file server? which is just what i wanted to eliminate. Or I can create a folder for each Domain user one at a time and only give that user and domain admins permission to said folders, which would be a lot of management work when AD will do that for me based on GP. So Im hoping that someone can give me an idea on what would be considered a “best practice” in this situation?
Just TrueNAS system to the AD then create shares with the AD user/group permissions.
Truenas is in the domain, and the shares that the servers use are based off the AD, so do you mean since i have 50 users, to add 50 individual user folder shares then? I was trying to reduce the amount of redundant workload, with Group Policy I can have the user folders created with the user accounts and the permissions already created. Is there a way still to do it like I can with the policy? I think im miss understanding what your saying…
Make one share and point the user folders to that share.
Not sure how new security may affect this, need to upgrade this summer and find out.
Set permission type to Windows and r/w permissions on the share to the group, but DO NOT allow it to be recursive! Set sub folders to creator owner permissions and this should “protect” people from reading or writing to folders that they don’t own. There is a GPO that will force admin permission into each folder as it is created so that an admin can go in and fix things or delete folders, etc. Again this may or may not work with the new permission schemes in Truenas, I need to test.
I do all this from the home folder mapping in user accounts, so the folder is created when the user logs in for the first time. Roaming profiles also go into this folder, again something put into the script when I bulk create users, or you can add them each time you create a user. I bulk add every semester so it makes more sense.
If you add users to the AD one at a time, when you finish the process it will create the home folder share and the folder will be ready when the user logs in.
Thanku, i see what your doing here and since what I’m doing is small this will probably work out the way I was wanting it to…