5.5 Creating a User Home Folder Policy

Prior to creating the user policy, you must determine if the policy should pertain to the members of the domain, organizational unit, or a group.

  1. Launch NSMAdmin.

  2. In the Main menu, click Policy Management.

  3. In the Manage Policies menu, select Create Policy > Create User Home Folder Policy.

    The following screen appears:

  4. Specify a descriptive name in the Name field and leave the User and Home Folder options selected.

    The Policy Options page appears.

  5. Continue with Section 5.5.1, Setting Policy Options.

5.5.1 Setting Policy Options

Settings within Policy Options let you indicate how to apply the policy, set policy inheritance and policy weight, and write an expanded policy description.

  1. In the Policy Options region, fill in the following fields:

    Process Events for Associated Managed Storage: Select this check box to apply the settings in this policy to all users within the domain or organizational unit where this policy is assigned. Deselect this check box to create a Blocking policy that can be applied to a specific user, group, or container. For more information on blocking policies, see Section 4.6, Creating a Blocking Policy.

    Automatically Attempt to Bypass Events in Bypassable State: Select this check box to allow Novell Storage Manager to automatically attempt to address any pending events that can bypass administrative action.

    Be careful when considering applying this setting to a policy. Doing so has the potential to make incorrect associations and, thus, grant a user access to a folder that he or she shouldn’t have. For example, suppose Tom Smith and Tammy Smith are in the same container and managed by the same policy, and that there is a home folder already created named TSMITH. Novell Storage Manager might consider this a bypassable event and, if this check box is selected, might associate the home folder to Tammy Smith, when it should belong to Tom Smith.

  2. In the Policy Inheritance region, fill in the following fields:

    Policy applies to subcontainers: Select this check box to have this policy inherited for all organizational units that reside within the domain or organizational unit where this policy is assigned.

    Policy applies to nested group members: When the policy applies to or is effective for groups, this option determines if nested group members will also be affected.

    Policy Weight: When a user is a member of multiple groups and each group has a separate effective policy, Novell Storage Manager uses this setting to determine which policy to apply. Novell Storage Manager applies the policy with the largest numerical weight.

    In the case where multiple policies have the same weight, the event will go into a pending state indicating that multiple polices have the same weight and one must be changed in order for the event to process.

  3. In the text field in the Description region, specify a description of the policy you are creating.

  4. Click Apply to save your settings.

  5. Proceed with Section 5.5.2, Setting Associations.

5.5.2 Setting Associations

The Associations page is where you assign the policy you are creating to a domain, organizational unit, Group object, or—if you are creating a Blocking policy—a User, Group, or Container object.

  1. In the left pane, click Associations.

  2. Click Add to bring up the Object Browser.

  3. If you plan to assign the policy to a User object, select the Users check box in the Filter region of the Object Browser.

  4. Browse through the directory structure and select the domain, organizational unit, Group object, or User object you want to associate the policy to.

    The Domain Users group cannot be a target for a policy association.

  5. Drag the object to the Selected Items pane, then click OK.

    The Object Browser is closed and the object is displayed in fully qualified name format in the right pane of the window. For example, CN=Managers,OU=Las Vegas Groups,DC=NVB,DC=local.

  6. Click OK to close the Object Browser.

  7. Click Apply to save your settings.

  8. Proceed with Section 5.5.3, Provisioning Options.

5.5.3 Provisioning Options

The Provisioning Options page is where you indicate home folder rights, the network drive letter for the home folder, the location of a template for provisioning folder structure and content in a home folder when it is created, and more.

  1. In the left pane, click Provisioning Options.

    The following page appears:

  2. In the Folder Properties region, specify the following settings:

    Default Rights: By default, Novell Storage Manager grants the user all file rights to the home folder except for Full Control. Granting Full Control is not recommended because it provides administrator rights to the home folder, and enables the user to rename and delete the folder.

    Policy Defined Default Attributes: Select this check box to enable the Archive, System, and Hidden check boxes, which provide the user the ability to set these attributes for the home folder. For example, if you wanted home folders to be hidden from view, you could enable the Hidden attribute by selecting the Hidden check box.

    By default, Novell Storage Manager assigns the user for whom a home folder is created as the home folder owner. Because this essentially provides the owner administrative rights to the home folder, you might want to provide ownership to the network administrator instead. To override the ownership and indicate a new owner, click the Override Path Owner check box, then browse to and select the User object you want to establish as the owner.

    The home folder user still has all rights—with the exception of administrative rights—to the home folder.

  3. (Optional) To have subfolders and documents provisioned in the home folder when it is created, use an existing file path as a template.

    For example, if you wanted each home folder to have an HR subfolder with some HR documents inside, click Browse to locate and select the HR folder in the file system.

    Everything beneath the selected folder is copied into the user’s home folder.

  4. In the Home Folder Options region, indicate the network drive letter that users associated with this policy will use to access their home folders.

  5. Click Apply to save your settings.

  6. Proceed with Section 5.5.4, Setting Target Paths.

5.5.4 Setting Target Paths

The Target Paths page is where you set the paths to the shares where user home folders will be hosted.

  1. In the left pane, click Target Paths.

  2. In the Target Placement region, fill in the following fields:

    Distribution: If you create more than one target path for a policy, you can indicate any of the following options:

    • Random: Distributes storage randomly among the number of target paths.

    • Actual Free Space: Distributes the creation of user home folders according to shares with the largest amount of absolute free space. For example, if you have two target paths listed, target path 1 has 15 GB of free space, and target path 2 has 10 GB, the home folders are created using target path 1.

    • Percentage Free Space: Distributes the creation of user home folders to volumes with the largest percentage of free space. For example, if you have two target paths listed, target path 1 is to a 10 TB share that has 30 percent free space and target path 2 is to a 500 GB share with 40 percent free space, the home folders are created using target path 2, even though target path 1 has more absolute available disk space. You should be cautious when using this option with target paths to shares of different sizes.

    Leveling Algorithm: Use this option to structure the home folders so that they are categorized by the first or last letter of a username through a subordinate folder. For example, if you choose First Letter, and the Leveling Length field is set to 1, a user named BSMITH has a home folder located in a path such as \\SERVER1\HOME\B\BSMITH.

    If you choose Last Letter, and the Leveling Length field is set to 1, the same user has a home folder located in a path such as \\SERVER1\HOME\H\BSMITH.

    The Last Letter means the last character of the attribute Novell Storage Manager uses to create storage. Once again, Novell Storage Manager uses the SAM, not the character of the last name.

    The Leveling Length field allows you to enter up to 4 characters. This makes it so that you can organize home folders by year. For example, if your Leveling Algorithm setting is Last Letter, and the Leveling Length setting is 4, a user named BMITH2014 has a home folder located in a path such as \\SERVER\HOME\2014\BSMITH2014.

    Maximum Unreachable Paths: If you have a substantial number of target paths listed on this page, this field lets you indicate the number of target paths Novell Storage Manager accesses to attempt to create a home folder before it suspends the attempt.

  3. For each target path that you want to establish, click Add to access the Path Browser.

  4. Browse to the location of the target path you want and click Add to add the target path to the Selected Paths pane.

  5. Click Apply to save your settings.

  6. Proceed to Section 5.5.5, Setting Quota Options.

5.5.5 Setting Quota Options

This page lets you establish user storage quotas. Until quota management is established, users have unlimited storage disk space for their home folders.

NOTE:Quota management on NAS devices needs to be managed by the NAS vendor software.

This page is also where you establish quota management settings for quota managers. A quota manager is a specified user or group—for example, a help desk administrator or technical support rep—who is granted the ability to increase a user’s quota, without having rights to the file system. Quota management actions are performed through Quota Manager, which is a separate Web browser-based management interface. For more information on Quota Manager, see Section 8.0, Using Quota Manager.

  1. In the left pane, click Quota Options.

    The following page appears:

  2. Select the Enabled check box to enable an initial storage quota for users to whom this policy will apply.

    Leaving this check box deselected gives users unlimited user home folder storage.

  3. In the MB field, specify the initial storage quota for the user home folders.

  4. Set up quota managers and enable the Quota Manager Web interface for this policy by filling in the following fields:

    Enable Quota Manager / Quota Preservation for this policy: Select this check box to enable the Quota Management region of the page and to enable quota preservation.

    Quota preservation preserves the home folder quota settings for users that are moved. For example, if a user is moved from the Sales organizational unit to the Marketing organizational unit, if the user’s quota allocation for the policy that applies to Sales were higher than the quota allocation for the policy that applies to Marketing, the quota allocations from the policy associated with the Sales policy are preserved for the user.

    Quota Maximum: Indicate whether the user home folders associated with this policy will have a maximum quota setting. If so, indicate the maximum quota.

    Quota Increment: Indicate whether quota managers will set the quota manually or in set increments. If you use manual increments, the quota manager can increase the quota in any increment until it meets the maximum quota setting. If you establish set increments, the quota manager can only increase the quota by the increment setting.

    Quota Managers: Click Add and use the Object Browser to browse to and select a user or group you want to serve as a quota manager by dragging the User or Group object over to the right pane. Repeat this for each user or group you want to establish as a quota manager.

    If you do not specify a user or group as a quota manager, only members of the NSMAdmins group will be able to use the Quota Manager Web interface.

  5. Click Apply to save your settings.

  6. Proceed with Section 5.5.6, Setting the Move Schedule.

5.5.6 Setting the Move Schedule

This page lets you use a grid to specify when data can be moved during data movement operations.

By default, all days and times are available for data movement. If data movement during regular business hours creates unacceptable network performance, you can choose to move data after regular business hours.

  1. In the left pane, click Move Schedule.

  2. In the Data Move Schedule grid, click the squares for the day and hour you want to disable for data movement.

  3. Click Apply to save your settings.

  4. Proceed with Section 5.5.7, Setting Cleanup Options.

5.5.7 Setting Cleanup Options

This page lets you enable and specify cleanup rules for the user policy. Options for cleanup include deleting a home folder after a set number of days following the removal of a User object from Active Directory, or vaulting (rather than deleting) the home folder.

  1. In the left pane, click Cleanup Options.

  2. Enable storage cleanup by filling in the following fields:

    Enable: Select this check box to enable storage cleanup rules.

    Cleanup storage: Specify the number of days a user home folder remains after the associated User object is removed from Active Directory.

  3. Enable vault on cleanup by filling in the following fields:

    Enable: Select this check box to enable vault on cleanup rules.

    Vault Path: Click Browse to browse and select the share where you want the cleaned-up user home folders to be vaulted.

    When you indicate this path, it also appears in the Vault Path field of the Grooming Rules page, because grooming rules and vault on cleanup rules share the same vault path.

  4. Click Apply to save the settings.

  5. Proceed with Section 5.5.8, Setting Vault Rules.

5.5.8 Setting Vault Rules

When a User object is removed from Active Directory, you can have Novell Storage Manager vault the contents of the user’s home folder from a primary storage device to a less expensive secondary storage device. Novell Storage Manager lets you specify what to vault or delete through vault rules. For example, before vaulting a user’s home folder, you might want to remove all .tmp files. Or, you might want to vault only the user’s My Documents folder and nothing else in the home folder. You accomplish all of this through settings in the Vault Rules Editor.

  1. In the left pane, click Vault Rules.

    The Vault Path field displays the vault path that you established when you set up cleanup rules.

  2. Click Add to bring up the Vault Rules Editor.

  3. In the Description field, specify a description of the vault rule.

    For example, “Files to delete before vaulting,” or “Files to vault.”

  4. Fill in the following fields:

    Action: Select whether this vault rule will delete or vault files.

    If you select Vault, only the files or folders that you list in the Masks text box are vaulted and the remainder of the home folder contents is deleted. Conversely, if you select Delete, only the files or folder that you list in the Masks text box is deleted and the remainder is vaulted.

    Files: If the vault rule you are creating will vault or delete content at the file level, leave the File option selected.

    Folders: If the vault rule you are creating will vault or delete content at the folder level, select the Folders option.

    Selecting Folders disables the filter settings in the lower portion of the Vault Rules Editor.

    Masks: List the files or folders you want to be vaulted or deleted, according to what is indicated in the Action drop-down menu.

    File or folder names can contain an asterisk.

  5. (Conditional) If the vault rule you are creating is specific to files, complete the applicable filter settings.

    Leaving the setting as [Disabled]-Any Size, vaults or deletes all file types listed in the Mask text box according to what is indicated in the Action drop-down menu. Choosing any of the other options from the drop-down menu lets you indicate files to delete or vault according to size, when created, when last modified, and when last accessed.

  6. Click OK to save the vault rule.

  7. If necessary, create any needed additional vault rules by repeating the procedures above.

  8. Proceed with Section 5.5.9, Setting Grooming Rules.

5.5.9 Setting Grooming Rules

Grooming rules in Novell Storage Manager specify the file types that you do not want network users storing in their home folders. Examples of these might be MP3 and MP4 files, MOV files, and many others. You specify in the grooming rule whether to delete or vault a groomed file.

Grooming takes place as a Management Action that is run by the administrator. A Management Action is a manual action that is enacted through NSMAdmin. For more information, see Section 10.1.5, Management Actions.

  1. In the left pane, click Grooming Rules.

    The Vault Path field displays the vault path that you established when you set up cleanup rules.

  2. Click Add to bring up the Grooming Rules Editor.

  3. In the Description field, enter a description of the grooming rule.

    For example, “Files to groom in Henderson OU.”

  4. Fill in the following fields:

    Action: Select whether this grooming rule will delete or vault groomed files.

    Files: If the grooming rule you are creating will vault or delete content at the file level, leave the File option selected.

    Folders: If the grooming rule you are creating will vault or delete content at the folder level, select the Folders option.

    Masks: List the files or folders you want to be vaulted or deleted, according to what is indicated in the Action drop-down menu.

    File or folder names can contain an asterisk.

  5. (Conditional) If the grooming rule you are creating is specific to files, complete the applicable filter settings.

    Leaving the setting as [Disabled]-Any Size, vaults or deletes all file types listed in the Mask text box according to what is indicated in the Action drop-down menu. Choosing any of the other options from the drop-down menu lets you indicate files to delete or vault according to size, when created, when last modified, and when last accessed.

  6. Click OK to save the grooming rule.

  7. Proceed with Section 5.5.10, Notes.

5.5.10 Notes

The Notes page lets you enter up to 64,000 characters of notes for the policy you are creating. A practical use of this page is to provide a better description of the policy.

5.5.11 Policy Summary

The Policy Summary page displays a summary of the policy settings in HTML format. The Policy Summary page provides an easy way to view all of the policy settings in a single page.