Redirected "My Documents" folder, Disk Quotas, and Permissions management in Windows server 2003 Active Directory

I am having issues with "My Documents" folders in Windows Server 2003 Active Directory. The users are setup to redirect their documents to a share on the server and to receive "Exclusive Rights" on the folder. The problem is that in order to delete their documents I have to take ownership of their folder and then after I am done deleting give them the ownership back for Redirection to continue to work. The folders are getting way out of hand as initially I did not foresee this and I did not implement any kind of limitations on their space.

What is the best way for me to implement limitations while keeping hassles to the users to a minimum?
What would happen if I turned on disk quotas and the users are way above the set quota?

I would much prefer to get answers from people who are using this setup and have experience on the topic. I have read most of the KB documentation on these features. So if you have not used this in a production environment, you may comment, but please let me know that you are speaking from theory only.
Who is Participating?
Brian PierceConnect With a Mentor PhotographerCommented:
1. Make them delete their own documents !
2. If you set the quota to deny space (not just warn), they wont be able to save until they have deleted stuff to free up space
Brian PiercePhotographerCommented:
3 If you really want administartor access to their home folders add domain admins to the permissions on the root folder
Hypercat (Deb)Connect With a Mentor Commented:
I agree with KCTS, in principal, about making them delete their own documents.  You could initially set up the quotas without checking the "Deny disk space" option, and just set a warning level. You would then need to tell the users what their disk space limit is going to be, and let everyone know that they will have a limited time to clean up their folders to the point where they are below the limit.  Then, after the clean up time has elapsed, enable to "Deny disk space" option, and of course let everyone know that now they will not be able to save their documents if they are going over the limit that has been set.  

But, if you can't get the users to delete their own documents, then you can get access to their folders permanently without having to change ownership each time.  If you change ownership on their folders, set the permissions so that both you and they have Full Control, and then set back ownership to the user, you will still have Full Control of the folder(s) but they will have ownership so that redirection will work.  This is the way I set up my user's folders from the get-go so that I know I can manage them if I need to.
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

jangeadorAuthor Commented:
Thanks a lot, that was a very quick and very clear answer.
jangeadorAuthor Commented:
hypercat, you say that's how you set them from the get go, can you elaborate a bit more on that. How can I implement that?
Hypercat (Deb)Commented:
Sure - on the top-level shared folder, I have the following permissions:

Administrators (or you could use Domain Admins) - Full Control
Domain Users - Read & Execute, List Folder Contents, Read
System - Full Control

In the group policy, I do NOT check the box to allow the user exclusive rights to the folder.  Since I am using the user's home folders as the location for My Documents redirection, this does mean that when I create a new user and configure the home folder location, I initially have to manually go into the properties of the folder and change the owner from Administrator to the user's account.  If you aren't using the home folder for the My Docs redirection, I'm not sure what would happen.  I've never experimented with it, but you could try it and see how it works.  Does the group policy create the folder automatically, or do you have to create a folder manually?  If it's automatic, it might make the user the Owner of the folder, since the user is actually creating the folder at that point.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.