?
Solved

Home Folders & Folder Redirection: Problem getting both to work with limited access to user and administrators.

Posted on 2004-08-06
2
Medium Priority
?
1,016 Views
Last Modified: 2010-08-30
I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy)  = \\Server\User\%username%\My Documents

I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents.  The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work.  With that being the case the home folder created by AD when the user is created inherates the full control for all users.  I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.

I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive.  If I use the same directory file sync fails.

Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?
0
Comment
Question by:mberryaz
2 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 1000 total points
ID: 11737877
Try setting the permissions on the \\server\user folder this way:

Admins "Full Control"
Domain Users "Special" Read+Create Folders on this folder only
Creator owner "Special" Full control on Files and sub folders only

This will take care of permissions on the \\Server\User\%username% folders.  

I also had the same problem with Admins not getting permissions to redirected folders.  For this, I created a login script to allow Admin rights to those folders everytime they log in.  I used the SUBINACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)  command in my script to do it.  I hope this helps.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 11765458
PKundtz -

You'da Man!!!

The permissions for the \\server\user worked great.

I didn't have to do the login script because in the GPO I unchecked the option to grant exclusive access to the user.  With the root's permissions the user and admins have full control.

Thanks again -

JLG
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question