Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Administrator access to redirected folders

Posted on 2014-01-22
3
Medium Priority
?
621 Views
Last Modified: 2014-01-24
I know this has been asked before on EE (and elsewhere!) but I can't seem to find a straight answer on this.

In Server 2008, when setting up redirected folders, the default settings work fine for the server to automatically create user folders on first login. Likewise, users can't browse into other users' folders. But neither can a domain administrator (access denied). I'm working off of the TechNet article at http://technet.microsoft.com/en-us/library/cc757013

I've seen quite a few articles on this, but I haven't found a way to keep everything just like that, but give administrators access to all of the folders.

Adding administrators to have full access on the parent folder doesn't fix the problem, because the individual user folders don't inherit permissions, and access is limited to the target user.
Un-checking the "Grant user exclusive rights ..." checkbox allows the administrator in, but then all other users have access to each others' folders, which isn't desirable.
The GPO setting "Add Administrators group to roaming user profiles ..." doesn't appear to have any effect, even when I apply it using Default Domain Policy.

Here's my current setup:

Server 2008 R2, Windows 7 Pro client

Share-level permissions for parent folder (\\servername\User Redirected Folders$)
Administrators: Full Control
Affected users group: Full Control

NTFS permissions for parent folder (\\servername\User Redirected Folders$)
CREATOR OWNER: Full Control, Subfolders and files only
Administrators: Full Control, This folder, subfolders, and files
Affected users group: List Folder/Read Data, Create Folders/Append Data, This folder only
SYSTEM: Full Control, This folder, subfolders, and files

User folders are redirected to \\servername\User Redirected Folders$\username\foldername

I've built many of the systems before and I've always left the administrator without access, but I really would like to set this one up the right way and do it in the future. Can someone please help with a final answer on how to configure this enviroment?
0
Comment
Question by:milhouse537
  • 2
3 Comments
 

Author Comment

by:milhouse537
ID: 39801953
Just wanted to clarify that I have the "Grant user exclusive ... " checkbox turned on, and the "Add Administrators to roaming profile ..." GPO also enabled. And rsop shows that it's being applied properly to the computer.

Currently, the folder \\servername\User Redirected Folders$\username has the administrator added with Full Control rights, but the folder \\servername\User Redirected Folders$\username\My Documents shows access denied when I try to go in as administrator.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 1500 total points
ID: 39804871
I have never found an automated way to deal with this problem.  What I do is leave the checkbox for "Grant user exclusive rights" UNchecked when creating the top-level folder.  Then I immediately go to the top-level folder that has just been created and edit the security settings to remove any other user groups and add the individual user with full rights, and also give that user ownership of the folder(s). There's no problem with inheritance, since the folder is still empty at this point. After that, anything added to the folder as the user works will inherit those top-level rights.

This is a lot of work, although you can automate it with a script, but again despite many years of experience I've never been able to find any other way to do it.
0
 

Author Comment

by:milhouse537
ID: 39804901
Thanks hypercat, that's a fair answer (if a bit disappointing, of course). I'm just going to leave this question open a bit more to see if anybody else has found a way.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question