I know this has been asked before on EE (and elsewhere!) but I can't seem to find a straight answer on this.
In Server 2008, when setting up redirected folders, the default settings work fine for the server to automatically create user folders on first login. Likewise, users can't browse into other users' folders. But neither can a domain administrator (access denied). I'm working off of the TechNet article at http://technet.microsoft.com/en-us/library/cc757013
I've seen quite a few articles on this, but I haven't found a way to keep everything just like that, but give administrators access to all of the folders.
Adding administrators to have full access on the parent folder doesn't fix the problem, because the individual user folders don't inherit permissions, and access is limited to the target user.
Un-checking the "Grant user exclusive rights ..." checkbox allows the administrator in, but then all other users have access to each others' folders, which isn't desirable.
The GPO setting "Add Administrators group to roaming user profiles ..." doesn't appear to have any effect, even when I apply it using Default Domain Policy.
Here's my current setup:
Server 2008 R2, Windows 7 Pro client
Share-level permissions for parent folder (\\servername\User Redirected Folders$)
Administrators: Full Control
Affected users group: Full Control
NTFS permissions for parent folder (\\servername\User Redirected Folders$)
CREATOR OWNER: Full Control, Subfolders and files only
Administrators: Full Control, This folder, subfolders, and files
Affected users group: List Folder/Read Data, Create Folders/Append Data, This folder only
SYSTEM: Full Control, This folder, subfolders, and files
User folders are redirected to \\servername\User Redirected Folders$\username\folderna
I've built many of the systems before and I've always left the administrator without access, but I really would like to set this one up the right way and do it in the future. Can someone please help with a final answer on how to configure this enviroment?