Successful Group Policy Redirection with Adobe CS3/Adobe Acrobat Pro

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a user changed a setting on PC1 for word, that change would not follow them to the next computer they log into - unless of course you have redirected application data!

On my mission to get redirected folders working with a network (a school network), I found that most programs would redirect fine, however I was having a large amount of trouble with the Adobe Suite.
The teachers at the school already use them with no problems, so I figured it would be a breeze to setup for students (who previously used a mandatory profile) – wrong. I ended up hitting a snag with dreamweaver; it wouldn’t start unless the student was a member of the Local Administrators group for the file server housing the redirected profiles. Obviously I couldn’t just do that, so more investigating was in order. After some testing I found out adobe had trouble writing data, to App Data, for dreamweaver; even though students get full control of their own home directories.
Now to give you a bit of background, here is how the permissions were before I ‘fixed’ them:
Students had full access to their home drives at:
They had no access to:
\\server\files_student\ – not even read.
Now as I found out, the way adobe works, is by ‘stepping down’ the UNC path to the users app data, which means it needs at least read permissions on all folders from the root of the share, to their profile folder where they have full access.
So in my case, when adobe tried to open dreamweaver (and in turn, create files in the redirected app data) dreamweaver would hit:
and be granted permission, but would then hit:
and get denied, because students couldn't read that folder.
By simply granting read only permissions to:
and setting it to ‘Apply to this folder only’, dreameaver was able to successfully step through each part of the UNC path, and ultimately create the required folders within each users redirected App Data. Best of all, this can be done without any security risk, as you only apply to the files_student folder, not every folder inside files_student. If a student stumbles across \\server\files_student\, sees all the home directories and then decides to try and steal some work from his/her classmates, they will simply get access denied on every folder but their own.
Such a simple fix to a very puzzling problem! I will also note that this fixes a problem when trying to open Acrobat Pro/Reader 9.x when using a redirected profile. I used to get this error:
‘This application has requested the Runtime to terminate it in an unusual way’
Applying the above fix should also stop this problem from happening.
Hope this was helpful!

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.