Solved

Is it possible for a single user account to have full access to the data on Essential Server 2012 including redirected user folders?

Posted on 2015-02-03
6
14 Views
Last Modified: 2016-06-23
Hi
We recently upgraded a client to Windows Essential Server 2012 R2, and it is working 100%, one of the directors however insists that she has access to all the data on the server including the redirected folders data, her staff do alot of travelling and she wants to be able to access their information if required from the office. I have tried the public folder route for essential info, but she says it wont work for her (she is full of crap, and doesn't want to understand much), I have enabled the Administrator account but when I log in to the server as Administrator I still cannot access the Redirected Documents etc. The other option is for me to make each user a Network Administrator, and she can then login to the server as each seperate user and see there documents, but this is a crappy solution as far as I am concerned for security reasons etc. Is there any way she can login and view all the necessary data without me having to change permissions on all the redirected data (this will just cause endless problems i am sure) using a single admin account?
0
Comment
Question by:duzbin
6 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40585679
There is no good way to do this. You can edit the GPO so that future users folders allow admin access (this isn't the default) but it won't impact existing folders, only new ones, AND it requires making her a domain admin, which goes against nearly every security principle out there.

In short, no matter what, you'd be editing permissions manually no matter what, and the only way to automate future users is a huge security hole.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40585874
view all the necessary data I question the 'necessary' part of this
yes you can change the permissions to the root folder \\server\redirected folders to allow administrators i.e. domain admins to have any permissions but IMHO this is not right.  Any work related documents should be stored on folders that all users of that department have access to. I see this all of the time where bosses want total control where they shouldn't the end result is that you can advise the customer that what they want is wrong but they are paying the bills and if you don't then they will fire you and find someone that will change the permissions. Mind you once you do this the redirected users folders will show up as documents (for everyone i.e.
\\server\redirectedusers\documents for all of the users vice the users name since you have access to the desktop.ini which you should restrict from the admins so you will see \\server\redirectedusers\joeblow and all of the other users names.

You can only advise but in the end they own the machine and can do what they want with it.
0
 
LVL 1

Author Comment

by:duzbin
ID: 40585929
Hi David , Cliff

in my client's case the necessary data is the redirected folders...

That is the exact problem I have, I will discuss with her once more, and see if there is another solution? Thanks Cliff, I will heed your advice as well and see what I can do. At least I am correct in knowing that there is no easy way to do this! thanks
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question