Solved

Is it possible for a single user account to have full access to the data on Essential Server 2012 including redirected user folders?

Posted on 2015-02-03
6
13 Views
Last Modified: 2016-06-23
Hi
We recently upgraded a client to Windows Essential Server 2012 R2, and it is working 100%, one of the directors however insists that she has access to all the data on the server including the redirected folders data, her staff do alot of travelling and she wants to be able to access their information if required from the office. I have tried the public folder route for essential info, but she says it wont work for her (she is full of crap, and doesn't want to understand much), I have enabled the Administrator account but when I log in to the server as Administrator I still cannot access the Redirected Documents etc. The other option is for me to make each user a Network Administrator, and she can then login to the server as each seperate user and see there documents, but this is a crappy solution as far as I am concerned for security reasons etc. Is there any way she can login and view all the necessary data without me having to change permissions on all the redirected data (this will just cause endless problems i am sure) using a single admin account?
0
Comment
Question by:duzbin
6 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40585679
There is no good way to do this. You can edit the GPO so that future users folders allow admin access (this isn't the default) but it won't impact existing folders, only new ones, AND it requires making her a domain admin, which goes against nearly every security principle out there.

In short, no matter what, you'd be editing permissions manually no matter what, and the only way to automate future users is a huge security hole.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40585874
view all the necessary data I question the 'necessary' part of this
yes you can change the permissions to the root folder \\server\redirected folders to allow administrators i.e. domain admins to have any permissions but IMHO this is not right.  Any work related documents should be stored on folders that all users of that department have access to. I see this all of the time where bosses want total control where they shouldn't the end result is that you can advise the customer that what they want is wrong but they are paying the bills and if you don't then they will fire you and find someone that will change the permissions. Mind you once you do this the redirected users folders will show up as documents (for everyone i.e.
\\server\redirectedusers\documents for all of the users vice the users name since you have access to the desktop.ini which you should restrict from the admins so you will see \\server\redirectedusers\joeblow and all of the other users names.

You can only advise but in the end they own the machine and can do what they want with it.
0
 
LVL 1

Author Comment

by:duzbin
ID: 40585929
Hi David , Cliff

in my client's case the necessary data is the redirected folders...

That is the exact problem I have, I will discuss with her once more, and see if there is another solution? Thanks Cliff, I will heed your advice as well and see what I can do. At least I am correct in knowing that there is no easy way to do this! thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question