[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Home Folders & Folder Redirection: Problem getting both to work with limited access to user and administrators.

Posted on 2004-08-06
2
Medium Priority
?
1,014 Views
Last Modified: 2010-08-30
I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy)  = \\Server\User\%username%\My Documents

I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents.  The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work.  With that being the case the home folder created by AD when the user is created inherates the full control for all users.  I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.

I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive.  If I use the same directory file sync fails.

Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?
0
Comment
Question by:mberryaz
2 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 1000 total points
ID: 11737877
Try setting the permissions on the \\server\user folder this way:

Admins "Full Control"
Domain Users "Special" Read+Create Folders on this folder only
Creator owner "Special" Full control on Files and sub folders only

This will take care of permissions on the \\Server\User\%username% folders.  

I also had the same problem with Admins not getting permissions to redirected folders.  For this, I created a login script to allow Admin rights to those folders everytime they log in.  I used the SUBINACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)  command in my script to do it.  I hope this helps.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 11765458
PKundtz -

You'da Man!!!

The permissions for the \\server\user worked great.

I didn't have to do the login script because in the GPO I unchecked the option to grant exclusive access to the user.  With the root's permissions the user and admins have full control.

Thanks again -

JLG
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question