Solved

Home Folders & Folder Redirection: Problem getting both to work with limited access to user and administrators.

Posted on 2004-08-06
2
1,004 Views
Last Modified: 2010-08-30
I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy)  = \\Server\User\%username%\My Documents

I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents.  The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work.  With that being the case the home folder created by AD when the user is created inherates the full control for all users.  I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.

I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive.  If I use the same directory file sync fails.

Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?
0
Comment
Question by:mberryaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 250 total points
ID: 11737877
Try setting the permissions on the \\server\user folder this way:

Admins "Full Control"
Domain Users "Special" Read+Create Folders on this folder only
Creator owner "Special" Full control on Files and sub folders only

This will take care of permissions on the \\Server\User\%username% folders.  

I also had the same problem with Admins not getting permissions to redirected folders.  For this, I created a login script to allow Admin rights to those folders everytime they log in.  I used the SUBINACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)  command in my script to do it.  I hope this helps.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 11765458
PKundtz -

You'da Man!!!

The permissions for the \\server\user worked great.

I didn't have to do the login script because in the GPO I unchecked the option to grant exclusive access to the user.  With the root's permissions the user and admins have full control.

Thanks again -

JLG
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question