We help IT Professionals succeed at work.

Windows Server 2012 R2 not setting redirected documents permissions so that new users can access the folder

robbie999
robbie999 asked
on
Dear experts

My Windows Server 2012 R2 not setting redirected documents permissions so that new users can access the folder

At the moment I am having to access the shared drive and manually add the users permissions to the folder when I add a new user

This domain was fomally run by a 2003 SBS DC and i can see that a 'Folder operators' group has rights on the folder

The redirection policy is setup as recommended with the server creating folders of \\server\%username%\documents

Old users created before the migration to the new DC have the correct permissions it seems

Any help is appreciated
Comment
Watch Question

Distinguished Expert 2018

Commented:
It looks like you haven't set up the share properly. It shouldn't be \\server\username as that'd end up being a TON of shares.

You create one folder and one share. Give all users read/write access to that folder and share at both the NTFS and at the share level.  As an example, you'd share a folder as \\server\redirectedfolders

Then set the GPO to \\server\share\username\documenets (or desktop or whatever)

That added level between server and username is the key difference. It is ONE share, not many. And the gpclient will create the username folder (don't create it ahead of time!!) and set the NTFS permissions. So even though \\server\share is readable by all users, the subfolders won't be so security is still preserved.

Author

Commented:
Hello Cliff,

Apologies I have setup

\\server\share\%username%

I do not create the folders ahead of time - the server does and unfortunately it does not seem to give the username folders the correct permissions

If i manually edit the permissions folder redirection works fine but id ideally like the server to do this automatically
Distinguished Expert 2018
Commented:
This is a good sign that the root share doesn't have adequate permissions so the GPclient *can't* set the right permissions (it doesn't have the authority.) The TechNet doc on folder redirection has the necessary permissions required on root share(s). Also look for event logs on the client after an initial logon. That's where the folder creation process occurs and where errors will be logged.