Folder Redirection by Security group - what happens if a user is not a member of the security group?
Hi all,
I am playing around with the idea of redirecting some of our users folders (e.g. Pictures, Music, Videos etc) based on whether they are a member of a particular Security group.
(in the example below I am setting up redirection for users in "Member Services")
This GPO is already applied to all users and is already handling folder redirection for Documents and Favourites. My question is, if I change the redirection as above, what will happen to users who are NOT a member of the "Member Services" security group? Will they continue to have their Pictures saved locally on the c:\ drive?
I am playing around with the idea of redirecting some of our users folders (e.g. Pictures, Music, Videos etc) based on whether they are a member of a particular Security group.
(in the example below I am setting up redirection for users in "Member Services")
This GPO is already applied to all users and is already handling folder redirection for Documents and Favourites. My question is, if I change the redirection as above, what will happen to users who are NOT a member of the "Member Services" security group? Will they continue to have their Pictures saved locally on the c:\ drive?
Muhammad Burhan
yes, users will receive errors like group policy update failed regarding folder redirection because of smb/ntfs permissions, and windows will make the default location in their profiles.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think you guys are getting the wrong end of the stick. This is nothing to do with security filtering.
This is a standard GPO setting with User Configuration >> Policies >> Windows Settings >> Folder Redirection >> Folder (eg Pictures) >> Properties
If I select Advanced and redirect the folder for the 'Member Services' security group, I want to know what happens if a user is not a member of that security group?
Please also note that this is already configured for ALL off our users for 'Documents' and 'Favorites' so permissions on the file share etc are already configured.
This is a standard GPO setting with User Configuration >> Policies >> Windows Settings >> Folder Redirection >> Folder (eg Pictures) >> Properties
If I select Advanced and redirect the folder for the 'Member Services' security group, I want to know what happens if a user is not a member of that security group?
Please also note that this is already configured for ALL off our users for 'Documents' and 'Favorites' so permissions on the file share etc are already configured.
think you guys are getting the wrong end of the stick. This is nothing to do with security filtering
Did you read my entire original post?
Will Szymkowski
The Security Group that you have referenced above is the Group Membership that is associated with the Target Folder Location below.
If members are not part of this group you have defined and they do not have permissions already on this share then the folders will not be created because they do not have the proper ACL's on the share/directory.
Example
Share = Home$
Permission Group = Member Services (as we already know this group has permissions on this share/directory)
Not Part of Member Services Group but is part of another group that already has access to this share/directory or directly added by username to the share/directory
Share = Home$
Permission Group = Member Service (user is not part of this group)
*note - If user1 is not part of the Member Service Group but is part of another group that also has access to this share then the users redirected folders will have permission and folders will be created. This will also work if the user is directly added to the Share/directory with appropriate permissions.
User is not part of Member Service Group or any other group that has permissions on this folder
Share = Home$
Permission Group = Member Service (user is not part of this group or any other group that might also have access to this share. The user is also not added directly to the share/directory)
*note - this user will not be able to create folders on this share when the GPO runs.
So that being said, as long as the users have access to this Share/directory it will work regardless of being part of the Member Service group.
I hope this is more clear.
Will.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I experimented with this and can answer my own question....
The answer is Yes, if the user is not a member of the specified security group, their folders (e.g. Pictured) will continue to be saved locally in their profiles on the C:\ drive.
The answer is Yes, if the user is not a member of the specified security group, their folders (e.g. Pictured) will continue to be saved locally in their profiles on the C:\ drive.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for fieldj's comment #a41213566
for the following reason:
Tested the process myself and was able to answer my own question
Accepted answer: 0 points for fieldj's comment #a41213566
for the following reason:
Tested the process myself and was able to answer my own question
Muhammad Burhan and Myself have both stated that this outcome will happen if the user is not part of the group. Accept the answers accordingly.
Will.
Will.