Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

My documents redirection

Posted on 2009-04-24
2
Medium Priority
?
632 Views
Last Modified: 2012-08-14
This might be a bit complicated.
AD 2003 Domain, 1 tree forest, XP Pro Workstations

User Configuration (Enabled)
Windows Settings

Folder Redirection
My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\%ServerName%\users\%username%          (%servername% is actually not part of the path the real server name is)
Options
Grant user exclusive rights to My Documents -> Enabled
Move the contents of My Documents to the new location -> Enabled
Policy Removal Behavior Leave contents

Issue:  User's folder not redirecting to correct location (local instead) and not changeable.

RSoP says:
Component Status
Component Name - Status - Last Process Time
Group Policy Infrastructure - Success - 4/24/2009 9:25:32 AM

Folder Redirection Failed 4/24/2009 9:25:25 AM
--Folder Redirection failed due to the error listed below.
---This security ID may not be assigned as the owner of this object.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 4/24/2009 9:25:24 AM and 4/24/2009 9:25:25 AM.

I think since the user isn't the owner, and the policy says exclusive rights are to be assigned its not redirecting to correct location, & that if the user was the owner, it would.

BUT, why would the path on the workstation be grayed out, and unchangeable?  Its this way even for those people who ARE redirecting correctly.
0
Comment
Question by:alexianit
2 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 24226892

The location of the My Documents folder can be prevented from being edited via Group Policy: User Configuration > Admin Templates > Desktop > Prohibit user from changing My Documents path. If that is enabled, the location setting on the My Documents folder properties will be greyed out.

Each user needs to be the Owner of their own folder; you are correct. I suggest you allow the system to create the folders itself, rather than manually create them. This will ensure the security is properly configured. See http://support.microsoft.com/kb/288991 for details.

-Matt
0
 

Author Comment

by:alexianit
ID: 24273008
I would go a step further here and note something from the page linked to.
Default settings in the GPO for this give the user EXCLUSIVE rights to the folder allowing only the user and the local system account access.  So that AT this point its only possible for the administrator to access the folder by Taking Ownership of the directory and manually adding the Admin or Domain Admin group to the folder.  

I can't be 100% sure, but it seems that by doing this (taking ownership) your actually removing the users ability to change the path correctly to the folder.  I say this because I have found that by granting the user ownership to the folder that and logging out and in again as that user, the path is once again changeable.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question