In our AD, we create new users by copying a default user in ADUC. For the default user we specified a home folder using the %USERNAME% variable (mapped to H:): \fileserver\homes\%USERNAME%
For new users, the home folder on the server is automatically created with BUILTIN\Administrators set as owner. But we need the user to be set as owner. How can we achieve this?
The permissions set on the parent folder (homes) are the following:
CREATOR OWNER Full Subfolders and files only
g_admins Full This folder, subfolders and files
SYSTEM Full This folder, subfolders and files
Authenticated Users Read, Append This folder only
(Owner: g_admins)
Why? Your permissions seem odd too. Assuming you haven't changed the default server behavior for "bypass traverse checking" then all you need is:
\fileserver\homes
Domain Admins = Full
G_Admins = Full
When you create a user in ADUC and assign their home drive:
\fileserver\homes\%username%
it should set those permissions as:
If you want authenticated users to have read access to everyone's home folder then add them to the \fileserver\homes folder with Read access.
But maybe there's a reason for your setup...just showing you how I would do it.
You need to add the CREATOR OWNER security principle to your "homes" folder and assign it whatever permissions you want the user to ultimately have when their home folder gets created. This will automatically set them as the owner and also preset their permissions.
Note, as a best practice, you should give the users Modify permissions and not Full, even for their own files. A common problem that I have seen is that a "savvy" user will go in and remove SYSTEM and Administrators permissions from their files, which ultimately prevents their files from being backed up and may even affect the enforcement of quotas or other maintenance done by server administrators.