Solved

Redirected Home Drives - Prolems installing software

Posted on 2009-05-13
11
1,091 Views
Last Modified: 2012-05-06
Ok, I'll start at the beginning.

I had an issue where a new user couldn't install software (windows installer), the error message they get is;

Error 1324. the path My Documents contains an invalid character.

I've also seen a similar message which I havn't got to hand which goes something like;

the <username> is not a valid short name.

Right, my documents has been redirected for all users to one of our file servers. After lot's of reading, I have nothing. I've done lot's of testing too and come up with something. If I make the user in question a local admin of the file server storing my documents, he can install with no errors.

So this leads me to the file server and permissions on that. They have full control to my documents and I tried giving him full control to the share but no joy. I've also looked at the local security policy and given them rights to any objects that seemed could be remotely relevant (like by traverse checking, backup files and directories etc) yes, clutching at straws here.

The answer has to be within the rights on the file server but I just can see what. Can anybody give me a clue on where I should be looking next. I naturally don't want to give them admin rights to the file server, nor do I want to do what the previous admins have done which is add them to domain admins :)

Oh, windows 2003 R2 SP2 servers Windows 2003 AD domain in mixed (I think)
Thanks
0
Comment
Question by:stantechserv
  • 6
  • 3
  • 2
11 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402352
When you applied Full Control permissions to the My Documents folder, did you ensure this change propagated to all sub folders/files?

On the top folder, go Properties | Security | Advanced | Tick 'Replace permission entries on all child objects...'

Also, do the users actually have permissions to install new software regardless of file redirection? Usually standard Domain Users do not.

There is a policy you can set to have Windows Installer run with elevated permissions:

Computer Configuration | Administrative Templates | Windows Components | Windows Installer | Always Install with Elevated Privileges

This would have to be applied to the users' workstations, not the server.

Hope this helps.


0
 

Author Comment

by:stantechserv
ID: 24411270
In order;

1. Yes. Full control is applied to all files and folders inherrited down through the three

2. The users in question have been put into the administrators group on the local security policy of the machine in question. so AFAIC they have sufficent rights to install software onto that machine

3. This doesn't seem relevant, the ssue seems to be around permissions or the way the windows installer sees the re-directed home drive. Regardless, I'll try this out and report back as anything is worth a try
0
 

Author Comment

by:stantechserv
ID: 24411655
#3 tested, sorry this didn't help :(

I think I might need to test the behaviour of redirected documents and installing windows installer apps in a test lab. see if it's my environment or a "feature"
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24411885
How have you redirected the folders in the policy? What string have you used to denote the username?

You should be using %username%.

Also, you haven't used an administrative share such as c$ in the UNC have you?
0
 

Author Comment

by:stantechserv
ID: 24411990
Good question.

We're using
User Config\Windows Settings\Folder Redirection\My Documents\
Setting : Basic : redirect everyone's folder to the same location
Path: \\<server>home drives\%username%\my documents

One thing I noticed there was Grant user exclusive rights to my documents was disabled
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 27

Expert Comment

by:bluntTony
ID: 24421730
Granting exclusive access just block administrators from accessing the profile, so this shouldn't be causing your problem.

Have a look in the registry under the following keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

How do the paths show in here? (My documents is 'Personal') Anything funny looking?
0
 

Author Comment

by:stantechserv
ID: 24515975
Personal shows as;

 \\<server>\home drives\<username>My Documents

in both locations. Nothing seems to suggest any foul play in that key. As a test, I can unc to that from that machine
0
 

Author Comment

by:stantechserv
ID: 24515977
Increasing points fwiw
0
 
LVL 1

Accepted Solution

by:
trafsta earned 500 total points
ID: 24714514
I had this same exact issue with only certain users. It occured in Windows Vista and Windows RC7 clients (one user was upgraded from Vista to Win7 and the issue still existed after that). UNC paths is "\\<server>\home$\<username>\My Documents" as well. I too figured it must be server-side permissions. And after some more digging, found out earlier today that indeed it was permissions.

The \\<server>\home$ share did not allow "Domain Users" to list contents of the root. The users only had permissions to their own subfolder of that root.

So, for example, 'testuser', could access \\<server>\home$\testuser, but could not access \\<server>\home$ (access denied).

I tried giving the group "Domain Users" special permissions on to the root home$ folder applied to "This Folder Only" and removed checkboxes on "read permissions" (so they only have "traverse folder/execute file", "list folder/read data", "read attributes", and "read extended attributes" to that one folder only, not subfolders [which would be a huge security issue :)])

Doing this instantly solved the problem. Users receiving the windows installer error could now install software without an issue.

I hope this resolves the problem for you, and many others out there. I probably wasted many many days in total resolving this little problem. ;)
0
 

Author Comment

by:stantechserv
ID: 24719379
Trafsta, you genious!

Strange thing is, I just came about another issue with people not benig able to create mail merges, this also boiled down to permisions on \\<server>\home. So I did exactly what you'd said on Monday and that problem went away but I never thought of testing the installation issue after making that change

So I just tested it and yes, the issue seems to be resolved.
0
 
LVL 1

Expert Comment

by:trafsta
ID: 24719750
Hey strantechserv :) Yes it was a very strange problem. Fixing the permissions actually fixed another "Offline files" issues that I've been having for about 1 1/2 years (offlines files would stay offline and now allow the user to go back online after resuming from hibernate or sleep mode)... it was much more troublesome than this windows installer error even. I posted pretty much the same answer to that problem here (check it out): http://www.thebitguru.com/articles/21-Fixing%20Offline%20Files%20in%20Windows%20Vista

So I'm guessing there might be even more problems out there that can be solved by correcting permissions on users home folder share.

I'm going to check out other strange problems that users have been having today to see if this fix might have resolved their issues as well. :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now