Folder redirection - root folder security setting

I have usd group policy to setup folder redirection on my Win 2003 server.  I selected the option 'Grant the User Exclusive Rights to My Documents' and everything works great.  However, I now want to security group for backup operators (users on the server) so that they can 'see' the contents of the domain users My Documents so that they can do their backup & restore operations.

I created a new security group and gave it full control of the root folder used for redirection and set the permissions to apply to 'this folder, subfolders and files'.  

Even after I add backup users to this security group, the backup user can not access the contents of the individual redirected My DOcuments folders.  The backup operators can see the root folder, the subfolders for each user and can see that each user subfolder has a My Documents subfolder, but that's as far down the tree as I can go.

What am I missing ?

I realize that when setting up folder redirection there is another setting - to NOT 'Grant the User Exclusive Rights to My Documents' , but I'm not sure what the implications are for this setting.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ownership - if you have not taken ownership of the files and folders they will be owned by the creator, so you do not have permission to change permissions. :)

You need to take ownership of everything, then repply the permissions.

New files added after you do this will be owned by the creator, but it won't matter as they will inherit the permissions you assign now, so backups will still happen.
RockjodoAuthor Commented:
Doesn't group policy folder redirection need the network user to be the owner of his / her version of My Documents ?  

In addition, it seems like every time GP folder redirection adds a new user I would have to manually go through the take owner for the new folder.  

There must be a better  way ?
No, and no.

Ownership is really only used to decide if you have permissions beyod those listed in the security tab. If you do not own something, but have full control over it you can do anything you want to that item, including stripping everyone of their rights and taking owership.

If a new user is added the only action is to check that your new folder has the permissions you need down the track - full access for them, your backup group and system. Any new files will gain this permission regardless of who owns them.

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

RockjodoAuthor Commented:
I'm still having problems with this - maybe they're conceptual - but here's the story

The administrators group owns the volume where user 'My Documents' are being redirected. (E:\) by group policy
The administrators group also owns the root folder where user 'My Documents' are being redirected (\User_Documents)
The administrators group has full control on the volumne and  the root folder.

Now, everytime a domain user logs on to the network for the first time, Windows creates a folder for this user - as in
E:\User_documents\Joe\My Documents

Windows makes the domain user Joe the owner of 'Joe' and 'Joe\My Documents'

If I understand your note correctly, the local adminstrator on the server where the redirected share is located needs to take ownership of the folder
(E:\User_documents\Joe) and then apply the security settings that I want (i.e. allow the backup_group to read and write).  After I do this, do I turn ownership back to Joe ?

This seems like a tedious process since we have quite a few users; so I suspect that I am missing something

Thanks again for your help.

Yes, Yes, Yes to the first 3 statements.

Yes to both the next, Folder is created, Joe is owner and sole rightholder, although system will be there, too (to allow backups)

the local (or domain) admin will have permission to take ownership, but that is all. After taking over you can then apply permissions. I wouldn't bother changing the ownership back, as who owns it does not matter to the end user in this case.

It is easier to grant full rights to \user documents then manually create the folder for the new user as it will inherit \user documents permission. Then you just add the user to the folder and they are good to go...
RockjodoAuthor Commented:
On your last sentence 'It is easier to grant full rights .....'  -  this seems to be the crux of the problem:

The adminstrators group, and my new backup operators group alrady have full rights to \user documents, but when Windows creates the new users folder - John\My Documents - the adminstrators group, and my new backup operators group righs to R+W are not getting inherited by the new John\My Documents. I'm sorry to be dense about this

Are you saying that if I manually create the folder for the user instead of letting group policy create the folder that the administators & backup operators will be able to R+W the folder contents without having to take ownership?

Yep, exaclty.

The creator of the folder is automatically its owner. If it's autocreated then it's not going to get the perms you need, the only way is by manually adding it, or going back later. It's a bummer...


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.