My documents redirection

Posted on 2009-04-24
Last Modified: 2012-08-14
This might be a bit complicated.
AD 2003 Domain, 1 tree forest, XP Pro Workstations

User Configuration (Enabled)
Windows Settings

Folder Redirection
My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\%ServerName%\users\%username%          (%servername% is actually not part of the path the real server name is)
Grant user exclusive rights to My Documents -> Enabled
Move the contents of My Documents to the new location -> Enabled
Policy Removal Behavior Leave contents

Issue:  User's folder not redirecting to correct location (local instead) and not changeable.

RSoP says:
Component Status
Component Name - Status - Last Process Time
Group Policy Infrastructure - Success - 4/24/2009 9:25:32 AM

Folder Redirection Failed 4/24/2009 9:25:25 AM
--Folder Redirection failed due to the error listed below.
---This security ID may not be assigned as the owner of this object.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 4/24/2009 9:25:24 AM and 4/24/2009 9:25:25 AM.

I think since the user isn't the owner, and the policy says exclusive rights are to be assigned its not redirecting to correct location, & that if the user was the owner, it would.

BUT, why would the path on the workstation be grayed out, and unchangeable?  Its this way even for those people who ARE redirecting correctly.
Question by:alexianit
    LVL 58

    Accepted Solution


    The location of the My Documents folder can be prevented from being edited via Group Policy: User Configuration > Admin Templates > Desktop > Prohibit user from changing My Documents path. If that is enabled, the location setting on the My Documents folder properties will be greyed out.

    Each user needs to be the Owner of their own folder; you are correct. I suggest you allow the system to create the folders itself, rather than manually create them. This will ensure the security is properly configured. See for details.


    Author Comment

    I would go a step further here and note something from the page linked to.
    Default settings in the GPO for this give the user EXCLUSIVE rights to the folder allowing only the user and the local system account access.  So that AT this point its only possible for the administrator to access the folder by Taking Ownership of the directory and manually adding the Admin or Domain Admin group to the folder.  

    I can't be 100% sure, but it seems that by doing this (taking ownership) your actually removing the users ability to change the path correctly to the folder.  I say this because I have found that by granting the user ownership to the folder that and logging out and in again as that user, the path is once again changeable.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now