[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Folder redirection - assign folder to new user

Posted on 2011-10-27
3
Medium Priority
?
440 Views
Last Modified: 2013-12-02
In SBS 2011, using the built-in 'folder redirector' feature. Everything is working beautiful, however, I have 2 issues.

1) As administrator, why don't I have permission to get into the user's 'desktop' and 'documents' folder?

2) If I create a new user account to replace an existing user, is there a clean and easy way to transfer the files (that are being redirected) from the old to the new user??

I don't want to mess up any of the permission, I would like to know how to do it the correct way.
0
Comment
Question by:clesin
  • 2
3 Comments
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 37040031
1) That is the default behavior of the folder redirection policy. ONLY the user is granted read and write access to the folder. If you want to change this policy, you must manually edit the underlying group policy that the wizard creates. You'll see a simple checkbox that says "grand administrator access." This will only apply to NEW folders that are created, however, since permissions are created at that time. It will not affect existing redirected folders. If you want access, you must manually edit the permissions of existing folders as well. Realistically though, you should be asking yourself WHY you want it. If there is a legitimate business need, by all means, do so. But if your thinking is "I am adminstrator, so I should have access" and that is your only justification, you may want to rethink the process. What business problem are you trying to solve and is there a better way? In most cases, it is best to leave things as-is....messing with permissions gets sticky at best, and granting administrator access to user folders opens a door for disgruntled employee abuse and high liability.

2) A new account is a new account. I'd ask about the circumstances here. First, if this is a new user, why should they get access to an old user's files? If the old files were not private then they should have been on a public share or in SharePoint, or made available for sharing in some other fashion. User's private document storage, even redirected folders, are for personal use only and therefore when the user leaves, there should be no need for a new user to have unrestricted access.

-Cliff
0
 

Author Comment

by:clesin
ID: 37040067
1) The only reason I would 'need' to have access to the files is, in a situation like this, where I need to move the files from one user to another.

2) You are correct in theory that 'docs' are 'only' for personal stuff and everything else should be on a share, however, in the real world, users are not so careful with where they save what.

I was wondering if there was an easy, no mess way to accomplish what I want, I guess the answer is no??
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 37040110
No. Regarding #1, I would suggest that in such a circumstance, you can take ownership on an as-needed basis instead of doing so agency wide via policy. It reduces that liability footprint, but still lets you get access when required (which would be rare in most circumstances.) And, in such a situation, you are on the right track. Take ownership, move just the files that the new user needs....and move them to a public folder at that since that is clearly where they should've belonged, and let the folder redirection policy create new private folders for the new user. This is in keeping with good privacy protection, low access, and still provide the new user access to the necessary files that the old user incorrecty saved privately. Setting up business processes and policies on how and where data gets saved, well spelled out, and providing a folder structure or a SharePoint repository that is easily understood by the average user can also reduce the occurences of this happening. Realistically you can get it to a near zero occurrence.

-Cliff
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question