Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1235
  • Last Modified:

Redirected Home Drives - Prolems installing software

Ok, I'll start at the beginning.

I had an issue where a new user couldn't install software (windows installer), the error message they get is;

Error 1324. the path My Documents contains an invalid character.

I've also seen a similar message which I havn't got to hand which goes something like;

the <username> is not a valid short name.

Right, my documents has been redirected for all users to one of our file servers. After lot's of reading, I have nothing. I've done lot's of testing too and come up with something. If I make the user in question a local admin of the file server storing my documents, he can install with no errors.

So this leads me to the file server and permissions on that. They have full control to my documents and I tried giving him full control to the share but no joy. I've also looked at the local security policy and given them rights to any objects that seemed could be remotely relevant (like by traverse checking, backup files and directories etc) yes, clutching at straws here.

The answer has to be within the rights on the file server but I just can see what. Can anybody give me a clue on where I should be looking next. I naturally don't want to give them admin rights to the file server, nor do I want to do what the previous admins have done which is add them to domain admins :)

Oh, windows 2003 R2 SP2 servers Windows 2003 AD domain in mixed (I think)
  • 6
  • 3
  • 2
1 Solution
When you applied Full Control permissions to the My Documents folder, did you ensure this change propagated to all sub folders/files?

On the top folder, go Properties | Security | Advanced | Tick 'Replace permission entries on all child objects...'

Also, do the users actually have permissions to install new software regardless of file redirection? Usually standard Domain Users do not.

There is a policy you can set to have Windows Installer run with elevated permissions:

Computer Configuration | Administrative Templates | Windows Components | Windows Installer | Always Install with Elevated Privileges

This would have to be applied to the users' workstations, not the server.

Hope this helps.

stantechservAuthor Commented:
In order;

1. Yes. Full control is applied to all files and folders inherrited down through the three

2. The users in question have been put into the administrators group on the local security policy of the machine in question. so AFAIC they have sufficent rights to install software onto that machine

3. This doesn't seem relevant, the ssue seems to be around permissions or the way the windows installer sees the re-directed home drive. Regardless, I'll try this out and report back as anything is worth a try
stantechservAuthor Commented:
#3 tested, sorry this didn't help :(

I think I might need to test the behaviour of redirected documents and installing windows installer apps in a test lab. see if it's my environment or a "feature"
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

How have you redirected the folders in the policy? What string have you used to denote the username?

You should be using %username%.

Also, you haven't used an administrative share such as c$ in the UNC have you?
stantechservAuthor Commented:
Good question.

We're using
User Config\Windows Settings\Folder Redirection\My Documents\
Setting : Basic : redirect everyone's folder to the same location
Path: \\<server>home drives\%username%\my documents

One thing I noticed there was Grant user exclusive rights to my documents was disabled
Granting exclusive access just block administrators from accessing the profile, so this shouldn't be causing your problem.

Have a look in the registry under the following keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

How do the paths show in here? (My documents is 'Personal') Anything funny looking?
stantechservAuthor Commented:
Personal shows as;

 \\<server>\home drives\<username>My Documents

in both locations. Nothing seems to suggest any foul play in that key. As a test, I can unc to that from that machine
stantechservAuthor Commented:
Increasing points fwiw
I had this same exact issue with only certain users. It occured in Windows Vista and Windows RC7 clients (one user was upgraded from Vista to Win7 and the issue still existed after that). UNC paths is "\\<server>\home$\<username>\My Documents" as well. I too figured it must be server-side permissions. And after some more digging, found out earlier today that indeed it was permissions.

The \\<server>\home$ share did not allow "Domain Users" to list contents of the root. The users only had permissions to their own subfolder of that root.

So, for example, 'testuser', could access \\<server>\home$\testuser, but could not access \\<server>\home$ (access denied).

I tried giving the group "Domain Users" special permissions on to the root home$ folder applied to "This Folder Only" and removed checkboxes on "read permissions" (so they only have "traverse folder/execute file", "list folder/read data", "read attributes", and "read extended attributes" to that one folder only, not subfolders [which would be a huge security issue :)])

Doing this instantly solved the problem. Users receiving the windows installer error could now install software without an issue.

I hope this resolves the problem for you, and many others out there. I probably wasted many many days in total resolving this little problem. ;)
stantechservAuthor Commented:
Trafsta, you genious!

Strange thing is, I just came about another issue with people not benig able to create mail merges, this also boiled down to permisions on \\<server>\home. So I did exactly what you'd said on Monday and that problem went away but I never thought of testing the installation issue after making that change

So I just tested it and yes, the issue seems to be resolved.
Hey strantechserv :) Yes it was a very strange problem. Fixing the permissions actually fixed another "Offline files" issues that I've been having for about 1 1/2 years (offlines files would stay offline and now allow the user to go back online after resuming from hibernate or sleep mode)... it was much more troublesome than this windows installer error even. I posted pretty much the same answer to that problem here (check it out):

So I'm guessing there might be even more problems out there that can be solved by correcting permissions on users home folder share.

I'm going to check out other strange problems that users have been having today to see if this fix might have resolved their issues as well. :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now