Solved

Home Folders & Folder Redirection: Problem getting both to work with limited access to user and administrators.

Posted on 2004-08-06
2
1,000 Views
Last Modified: 2010-08-30
I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy)  = \\Server\User\%username%\My Documents

I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents.  The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work.  With that being the case the home folder created by AD when the user is created inherates the full control for all users.  I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.

I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive.  If I use the same directory file sync fails.

Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?
0
Comment
Question by:mberryaz
2 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 250 total points
ID: 11737877
Try setting the permissions on the \\server\user folder this way:

Admins "Full Control"
Domain Users "Special" Read+Create Folders on this folder only
Creator owner "Special" Full control on Files and sub folders only

This will take care of permissions on the \\Server\User\%username% folders.  

I also had the same problem with Admins not getting permissions to redirected folders.  For this, I created a login script to allow Admin rights to those folders everytime they log in.  I used the SUBINACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)  command in my script to do it.  I hope this helps.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 11765458
PKundtz -

You'da Man!!!

The permissions for the \\server\user worked great.

I didn't have to do the login script because in the GPO I unchecked the option to grant exclusive access to the user.  With the root's permissions the user and admins have full control.

Thanks again -

JLG
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now