Solved

Home Folders & Folder Redirection: Problem getting both to work with limited access to user and administrators.

Posted on 2004-08-06
2
996 Views
Last Modified: 2010-08-30
I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy)  = \\Server\User\%username%\My Documents

I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents.  The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work.  With that being the case the home folder created by AD when the user is created inherates the full control for all users.  I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.

I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive.  If I use the same directory file sync fails.

Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?
0
Comment
Question by:mberryaz
2 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 250 total points
Comment Utility
Try setting the permissions on the \\server\user folder this way:

Admins "Full Control"
Domain Users "Special" Read+Create Folders on this folder only
Creator owner "Special" Full control on Files and sub folders only

This will take care of permissions on the \\Server\User\%username% folders.  

I also had the same problem with Admins not getting permissions to redirected folders.  For this, I created a login script to allow Admin rights to those folders everytime they log in.  I used the SUBINACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)  command in my script to do it.  I hope this helps.
0
 
LVL 1

Author Comment

by:mberryaz
Comment Utility
PKundtz -

You'da Man!!!

The permissions for the \\server\user worked great.

I didn't have to do the login script because in the GPO I unchecked the option to grant exclusive access to the user.  With the root's permissions the user and admins have full control.

Thanks again -

JLG
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now