Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Is it possible for a single user account to have full access to the data on Essential Server 2012 including redirected user folders?

Posted on 2015-02-03
6
Medium Priority
?
21 Views
Last Modified: 2016-06-23
Hi
We recently upgraded a client to Windows Essential Server 2012 R2, and it is working 100%, one of the directors however insists that she has access to all the data on the server including the redirected folders data, her staff do alot of travelling and she wants to be able to access their information if required from the office. I have tried the public folder route for essential info, but she says it wont work for her (she is full of crap, and doesn't want to understand much), I have enabled the Administrator account but when I log in to the server as Administrator I still cannot access the Redirected Documents etc. The other option is for me to make each user a Network Administrator, and she can then login to the server as each seperate user and see there documents, but this is a crappy solution as far as I am concerned for security reasons etc. Is there any way she can login and view all the necessary data without me having to change permissions on all the redirected data (this will just cause endless problems i am sure) using a single admin account?
0
Comment
Question by:duzbin
3 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40585679
There is no good way to do this. You can edit the GPO so that future users folders allow admin access (this isn't the default) but it won't impact existing folders, only new ones, AND it requires making her a domain admin, which goes against nearly every security principle out there.

In short, no matter what, you'd be editing permissions manually no matter what, and the only way to automate future users is a huge security hole.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40585874
view all the necessary data I question the 'necessary' part of this
yes you can change the permissions to the root folder \\server\redirected folders to allow administrators i.e. domain admins to have any permissions but IMHO this is not right.  Any work related documents should be stored on folders that all users of that department have access to. I see this all of the time where bosses want total control where they shouldn't the end result is that you can advise the customer that what they want is wrong but they are paying the bills and if you don't then they will fire you and find someone that will change the permissions. Mind you once you do this the redirected users folders will show up as documents (for everyone i.e.
\\server\redirectedusers\documents for all of the users vice the users name since you have access to the desktop.ini which you should restrict from the admins so you will see \\server\redirectedusers\joeblow and all of the other users names.

You can only advise but in the end they own the machine and can do what they want with it.
0
 
LVL 1

Author Comment

by:duzbin
ID: 40585929
Hi David , Cliff

in my client's case the necessary data is the redirected folders...

That is the exact problem I have, I will discuss with her once more, and see if there is another solution? Thanks Cliff, I will heed your advice as well and see what I can do. At least I am correct in knowing that there is no easy way to do this! thanks
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question