Set the permissions of \\fileserver\users as described in the Microsoft TechNet article entitled "Security Considerations when Configuring Folder Redirection" http://technet.microsoft.com/en-us/library/cc775853(WS.10).aspx. The situation you are describing is exactly the situation in which folder redirection operates. The permissions described will allow regular user accounts to create their own folders and then to access them, but they will not allow users to access folders belonging to others. Thus, a logon script will operate as you desire once these permissions are set.
For what it's worth, your next step along the road to best practices is to actually use folder redirection and get rid of drive mapping altogether. Windows surfaces redirected folders throughout the user interface, and so it is easier for users to find a redirected folder than a mapped drive. Also, folder redirection requires no scripting, and folder creation is automatic, which is what you want.
When you open the users profile in ADUC, you will see that there is a field called "Home Folder". You can use the "Connect to" option to map a drive to the share on the file and print server eg \\fileserver\users\%UserName%
On the fileserver, create a folder called users and share it. Change the permissions as follows:
1) Turn off inheritance on the folder and copy the permissions. You do this by:
a. Click the Advanced button found on the Security tab.
b. Clear Allow inheritable permissions to propagate to this object check box in the Advanced Security Settings dialog box.
c. Click Copy when prompted by the Security dialog box.
2) Click OK to return to the Security tab. Ensure we have the following permissions set:
Administrators: Full Control
System: Full Control
Creator Owner: Full Control
Authenticated Users: Read & Execute, List Folder Contents, Read
3) Change permissions for Authenticated Users so they cannot access other users’ folders. You do this by:
a. Click Advanced on the Security tab.
b. Click Authenticated Users, and then click Edit.
c. On the Permissions Entry for users dialog box, drop down the Apply onto and select This folder only.
d. Click OK twice.
You can find the original article for Windows 2003 (Should work in 2008) here
Best Answer
on server 2008, you can map a home drive to the users login via active directory profile setting. it will also give the ownership of that folder to the user so security permissions are set automatically and when you create new users by copying current ones it will create the home folder and set permissions automatically in the same directory on the server as well.