Folder redirection - assign folder to new user

Posted on 2011-10-27
Last Modified: 2013-12-02
In SBS 2011, using the built-in 'folder redirector' feature. Everything is working beautiful, however, I have 2 issues.

1) As administrator, why don't I have permission to get into the user's 'desktop' and 'documents' folder?

2) If I create a new user account to replace an existing user, is there a clean and easy way to transfer the files (that are being redirected) from the old to the new user??

I don't want to mess up any of the permission, I would like to know how to do it the correct way.
Question by:clesin
    LVL 56

    Expert Comment

    by:Cliff Galiher
    1) That is the default behavior of the folder redirection policy. ONLY the user is granted read and write access to the folder. If you want to change this policy, you must manually edit the underlying group policy that the wizard creates. You'll see a simple checkbox that says "grand administrator access." This will only apply to NEW folders that are created, however, since permissions are created at that time. It will not affect existing redirected folders. If you want access, you must manually edit the permissions of existing folders as well. Realistically though, you should be asking yourself WHY you want it. If there is a legitimate business need, by all means, do so. But if your thinking is "I am adminstrator, so I should have access" and that is your only justification, you may want to rethink the process. What business problem are you trying to solve and is there a better way? In most cases, it is best to leave things as-is....messing with permissions gets sticky at best, and granting administrator access to user folders opens a door for disgruntled employee abuse and high liability.

    2) A new account is a new account. I'd ask about the circumstances here. First, if this is a new user, why should they get access to an old user's files? If the old files were not private then they should have been on a public share or in SharePoint, or made available for sharing in some other fashion. User's private document storage, even redirected folders, are for personal use only and therefore when the user leaves, there should be no need for a new user to have unrestricted access.


    Author Comment

    1) The only reason I would 'need' to have access to the files is, in a situation like this, where I need to move the files from one user to another.

    2) You are correct in theory that 'docs' are 'only' for personal stuff and everything else should be on a share, however, in the real world, users are not so careful with where they save what.

    I was wondering if there was an easy, no mess way to accomplish what I want, I guess the answer is no??
    LVL 56

    Accepted Solution

    No. Regarding #1, I would suggest that in such a circumstance, you can take ownership on an as-needed basis instead of doing so agency wide via policy. It reduces that liability footprint, but still lets you get access when required (which would be rare in most circumstances.) And, in such a situation, you are on the right track. Take ownership, move just the files that the new user needs....and move them to a public folder at that since that is clearly where they should've belonged, and let the folder redirection policy create new private folders for the new user. This is in keeping with good privacy protection, low access, and still provide the new user access to the necessary files that the old user incorrecty saved privately. Setting up business processes and policies on how and where data gets saved, well spelled out, and providing a folder structure or a SharePoint repository that is easily understood by the average user can also reduce the occurences of this happening. Realistically you can get it to a near zero occurrence.


    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
    You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now