What is the best way to secure a redirected My Documents folder?

We just recieved 160 student laptops by way of a grant.  Every student has their own folder on a student server and their My Documents folder is redirected to that folder.

The path is \\10.1.1.40\student$\

When they logon, a folder is automatically created for them.  Everything is working fine, but some of the kids have found that if they open My Documents and then click the UP arrow, they can eventually get back to where they can see everyone elses Folders.

Is there an option where I can redirect this folder as ROOT so that they cannot use the UP arrow at all? Would that be somewhere under folder redirection or somewhere else in Group Policy?

Also under the folder redirection area in Group Policy I removed the checkmark that the user has ownership or sole ownership over their folder.  This was because when this was checked, even administrators could not view the contents of their folders unless we took ownership.  Would rather not have to do that and right now we don't have to.

I guess if we could solve the first issue with them using the UP arrow then we wouldn't really have to worry about that part.

Thanks for any help!

Matt
diablo-26Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phillip_ChristensenCommented:
Change the NTFS permissions on the root of the share to only allow Administrators.  If they press the up arrow, they won't have permission to view the root folder.  I just checked my setup and this is what I'm doing.
0
diablo-26Author Commented:
Phillip,

If I change permissions on the root folder to only administrators, will it trickle down to all the student folders as well?   I don't want to block the kids from their folders either...

Will each student automatically have ownership rights on their own folder so that it won't matter if I change it to administrators only?

Thanks,

matt
0
Phillip_ChristensenCommented:
Before making the change, select all of the kids folders and make them not inherit permission from their parent folder.  You should be prompted to copy or remove the current permissions.  Copy the permissions, and they will retain their current state.  Then change the permissions on the root folder.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vnicolaeCommented:
You have to disable inheritance of permissions from parent folder on each home directory in order to implement Diablo's solution.

Or, even better, give only Administrators Full Control on the parent folder and the students Change permissions on their folder ONLY. With this second option, you can leave the inheritance on.

ie:

D:\users\                (administrators: Full Control)
D:\Users\Student1 (administrators:Full control)
                              (student1:  modify)

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.