Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is it possible for a single user account to have full access to the data on Essential Server 2012 including redirected user folders?

Posted on 2015-02-03
6
Medium Priority
?
20 Views
Last Modified: 2016-06-23
Hi
We recently upgraded a client to Windows Essential Server 2012 R2, and it is working 100%, one of the directors however insists that she has access to all the data on the server including the redirected folders data, her staff do alot of travelling and she wants to be able to access their information if required from the office. I have tried the public folder route for essential info, but she says it wont work for her (she is full of crap, and doesn't want to understand much), I have enabled the Administrator account but when I log in to the server as Administrator I still cannot access the Redirected Documents etc. The other option is for me to make each user a Network Administrator, and she can then login to the server as each seperate user and see there documents, but this is a crappy solution as far as I am concerned for security reasons etc. Is there any way she can login and view all the necessary data without me having to change permissions on all the redirected data (this will just cause endless problems i am sure) using a single admin account?
0
Comment
Question by:duzbin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40585679
There is no good way to do this. You can edit the GPO so that future users folders allow admin access (this isn't the default) but it won't impact existing folders, only new ones, AND it requires making her a domain admin, which goes against nearly every security principle out there.

In short, no matter what, you'd be editing permissions manually no matter what, and the only way to automate future users is a huge security hole.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40585874
view all the necessary data I question the 'necessary' part of this
yes you can change the permissions to the root folder \\server\redirected folders to allow administrators i.e. domain admins to have any permissions but IMHO this is not right.  Any work related documents should be stored on folders that all users of that department have access to. I see this all of the time where bosses want total control where they shouldn't the end result is that you can advise the customer that what they want is wrong but they are paying the bills and if you don't then they will fire you and find someone that will change the permissions. Mind you once you do this the redirected users folders will show up as documents (for everyone i.e.
\\server\redirectedusers\documents for all of the users vice the users name since you have access to the desktop.ini which you should restrict from the admins so you will see \\server\redirectedusers\joeblow and all of the other users names.

You can only advise but in the end they own the machine and can do what they want with it.
0
 
LVL 1

Author Comment

by:duzbin
ID: 40585929
Hi David , Cliff

in my client's case the necessary data is the redirected folders...

That is the exact problem I have, I will discuss with her once more, and see if there is another solution? Thanks Cliff, I will heed your advice as well and see what I can do. At least I am correct in knowing that there is no easy way to do this! thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question