jangeador
asked on
Redirected "My Documents" folder, Disk Quotas, and Permissions management in Windows server 2003 Active Directory
I am having issues with "My Documents" folders in Windows Server 2003 Active Directory. The users are setup to redirect their documents to a share on the server and to receive "Exclusive Rights" on the folder. The problem is that in order to delete their documents I have to take ownership of their folder and then after I am done deleting give them the ownership back for Redirection to continue to work. The folders are getting way out of hand as initially I did not foresee this and I did not implement any kind of limitations on their space.
Questions:
What is the best way for me to implement limitations while keeping hassles to the users to a minimum?
What would happen if I turned on disk quotas and the users are way above the set quota?
I would much prefer to get answers from people who are using this setup and have experience on the topic. I have read most of the KB documentation on these features. So if you have not used this in a production environment, you may comment, but please let me know that you are speaking from theory only.
Questions:
What is the best way for me to implement limitations while keeping hassles to the users to a minimum?
What would happen if I turned on disk quotas and the users are way above the set quota?
I would much prefer to get answers from people who are using this setup and have experience on the topic. I have read most of the KB documentation on these features. So if you have not used this in a production environment, you may comment, but please let me know that you are speaking from theory only.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brian Pierce
3 If you really want administartor access to their home folders add domain admins to the permissions on the root folder
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot, that was a very quick and very clear answer.
ASKER
hypercat, you say that's how you set them from the get go, can you elaborate a bit more on that. How can I implement that?
Sure - on the top-level shared folder, I have the following permissions:
Administrators (or you could use Domain Admins) - Full Control
Domain Users - Read & Execute, List Folder Contents, Read
System - Full Control
In the group policy, I do NOT check the box to allow the user exclusive rights to the folder. Since I am using the user's home folders as the location for My Documents redirection, this does mean that when I create a new user and configure the home folder location, I initially have to manually go into the properties of the folder and change the owner from Administrator to the user's account. If you aren't using the home folder for the My Docs redirection, I'm not sure what would happen. I've never experimented with it, but you could try it and see how it works. Does the group policy create the folder automatically, or do you have to create a folder manually? If it's automatic, it might make the user the Owner of the folder, since the user is actually creating the folder at that point.
Administrators (or you could use Domain Admins) - Full Control
Domain Users - Read & Execute, List Folder Contents, Read
System - Full Control
In the group policy, I do NOT check the box to allow the user exclusive rights to the folder. Since I am using the user's home folders as the location for My Documents redirection, this does mean that when I create a new user and configure the home folder location, I initially have to manually go into the properties of the folder and change the owner from Administrator to the user's account. If you aren't using the home folder for the My Docs redirection, I'm not sure what would happen. I've never experimented with it, but you could try it and see how it works. Does the group policy create the folder automatically, or do you have to create a folder manually? If it's automatic, it might make the user the Owner of the folder, since the user is actually creating the folder at that point.