Windows Server 2012 R2 not setting redirected documents permissions so that new users can access the folder

Dear experts

My Windows Server 2012 R2 not setting redirected documents permissions so that new users can access the folder

At the moment I am having to access the shared drive and manually add the users permissions to the folder when I add a new user

This domain was fomally run by a 2003 SBS DC and i can see that a 'Folder operators' group has rights on the folder

The redirection policy is setup as recommended with the server creating folders of \\server\%username%\documents

Old users created before the migration to the new DC have the correct permissions it seems

Any help is appreciated
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
It looks like you haven't set up the share properly. It shouldn't be \\server\username as that'd end up being a TON of shares.

You create one folder and one share. Give all users read/write access to that folder and share at both the NTFS and at the share level.  As an example, you'd share a folder as \\server\redirectedfolders

Then set the GPO to \\server\share\username\documenets (or desktop or whatever)

That added level between server and username is the key difference. It is ONE share, not many. And the gpclient will create the username folder (don't create it ahead of time!!) and set the NTFS permissions. So even though \\server\share is readable by all users, the subfolders won't be so security is still preserved.
robbie999Author Commented:
Hello Cliff,

Apologies I have setup


I do not create the folders ahead of time - the server does and unfortunately it does not seem to give the username folders the correct permissions

If i manually edit the permissions folder redirection works fine but id ideally like the server to do this automatically
Cliff GaliherCommented:
This is a good sign that the root share doesn't have adequate permissions so the GPclient *can't* set the right permissions (it doesn't have the authority.) The TechNet doc on folder redirection has the necessary permissions required on root share(s). Also look for event logs on the client after an initial logon. That's where the folder creation process occurs and where errors will be logged.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.