Solved

Is it possible for a single user account to have full access to the data on Essential Server 2012 including redirected user folders?

Posted on 2015-02-03
6
17 Views
Last Modified: 2016-06-23
Hi
We recently upgraded a client to Windows Essential Server 2012 R2, and it is working 100%, one of the directors however insists that she has access to all the data on the server including the redirected folders data, her staff do alot of travelling and she wants to be able to access their information if required from the office. I have tried the public folder route for essential info, but she says it wont work for her (she is full of crap, and doesn't want to understand much), I have enabled the Administrator account but when I log in to the server as Administrator I still cannot access the Redirected Documents etc. The other option is for me to make each user a Network Administrator, and she can then login to the server as each seperate user and see there documents, but this is a crappy solution as far as I am concerned for security reasons etc. Is there any way she can login and view all the necessary data without me having to change permissions on all the redirected data (this will just cause endless problems i am sure) using a single admin account?
0
Comment
Question by:duzbin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40585679
There is no good way to do this. You can edit the GPO so that future users folders allow admin access (this isn't the default) but it won't impact existing folders, only new ones, AND it requires making her a domain admin, which goes against nearly every security principle out there.

In short, no matter what, you'd be editing permissions manually no matter what, and the only way to automate future users is a huge security hole.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40585874
view all the necessary data I question the 'necessary' part of this
yes you can change the permissions to the root folder \\server\redirected folders to allow administrators i.e. domain admins to have any permissions but IMHO this is not right.  Any work related documents should be stored on folders that all users of that department have access to. I see this all of the time where bosses want total control where they shouldn't the end result is that you can advise the customer that what they want is wrong but they are paying the bills and if you don't then they will fire you and find someone that will change the permissions. Mind you once you do this the redirected users folders will show up as documents (for everyone i.e.
\\server\redirectedusers\documents for all of the users vice the users name since you have access to the desktop.ini which you should restrict from the admins so you will see \\server\redirectedusers\joeblow and all of the other users names.

You can only advise but in the end they own the machine and can do what they want with it.
0
 
LVL 1

Author Comment

by:duzbin
ID: 40585929
Hi David , Cliff

in my client's case the necessary data is the redirected folders...

That is the exact problem I have, I will discuss with her once more, and see if there is another solution? Thanks Cliff, I will heed your advice as well and see what I can do. At least I am correct in knowing that there is no easy way to do this! thanks
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question