Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What is the best way to secure a redirected My Documents folder?

Posted on 2007-03-30
4
Medium Priority
?
240 Views
Last Modified: 2010-04-20
We just recieved 160 student laptops by way of a grant.  Every student has their own folder on a student server and their My Documents folder is redirected to that folder.

The path is \\10.1.1.40\student$\

When they logon, a folder is automatically created for them.  Everything is working fine, but some of the kids have found that if they open My Documents and then click the UP arrow, they can eventually get back to where they can see everyone elses Folders.

Is there an option where I can redirect this folder as ROOT so that they cannot use the UP arrow at all? Would that be somewhere under folder redirection or somewhere else in Group Policy?

Also under the folder redirection area in Group Policy I removed the checkmark that the user has ownership or sole ownership over their folder.  This was because when this was checked, even administrators could not view the contents of their folders unless we took ownership.  Would rather not have to do that and right now we don't have to.

I guess if we could solve the first issue with them using the UP arrow then we wouldn't really have to worry about that part.

Thanks for any help!

Matt
0
Comment
Question by:diablo-26
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Expert Comment

by:Phillip_Christensen
ID: 18823258
Change the NTFS permissions on the root of the share to only allow Administrators.  If they press the up arrow, they won't have permission to view the root folder.  I just checked my setup and this is what I'm doing.
0
 

Author Comment

by:diablo-26
ID: 18823395
Phillip,

If I change permissions on the root folder to only administrators, will it trickle down to all the student folders as well?   I don't want to block the kids from their folders either...

Will each student automatically have ownership rights on their own folder so that it won't matter if I change it to administrators only?

Thanks,

matt
0
 
LVL 1

Accepted Solution

by:
Phillip_Christensen earned 1000 total points
ID: 18823606
Before making the change, select all of the kids folders and make them not inherit permission from their parent folder.  You should be prompted to copy or remove the current permissions.  Copy the permissions, and they will retain their current state.  Then change the permissions on the root folder.
0
 
LVL 4

Expert Comment

by:vnicolae
ID: 18823640
You have to disable inheritance of permissions from parent folder on each home directory in order to implement Diablo's solution.

Or, even better, give only Administrators Full Control on the parent folder and the students Change permissions on their folder ONLY. With this second option, you can leave the inheritance on.

ie:

D:\users\                (administrators: Full Control)
D:\Users\Student1 (administrators:Full control)
                              (student1:  modify)

0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question