Folder Redirection by Security group - what happens if a user is not a member of the security group?

Hi all,

I am playing around with the idea of redirecting some of our users folders (e.g. Pictures, Music, Videos etc) based on whether they are a member of a particular Security group.

(in the example below I am setting up redirection for users in "Member Services")

Folder Redirection
This GPO is already applied to all users and is already handling folder redirection for Documents and Favourites.  My question is, if I change the redirection as above, what will happen to users who are NOT a member of the "Member Services" security group?  Will they continue to have their Pictures saved locally on the c:\ drive?
fieldjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad BurhanManager I.T.Commented:
yes, users will receive errors like group policy update failed regarding folder redirection because of smb/ntfs permissions, and windows will make the default location in their profiles.
0
Will SzymkowskiSenior Solution ArchitectCommented:
When you are working with GPO's specifically you are probably talking about security filtering. The Securiyt Group that you have referenced above is the Group Membership that is associated with the Target Folder Location below.

So that means if the user is not part of this group and does not have any other ACL's that are tied to Shared directory (meaning does not have proper ACL's) then the users folder will not be created and will error out.

If you check RSOP the policy will be applied but if they do no have access to the share as well then the proper folders cannot be created upon login.

Will.
0
fieldjAuthor Commented:
I think you guys are getting the wrong end of the stick.  This is nothing to do with security filtering.

This is a standard GPO setting with User Configuration >> Policies >> Windows Settings >> Folder Redirection >> Folder (eg Pictures) >> Properties

If I select Advanced and redirect the folder for the 'Member Services' security group, I want to know what happens if a user is not a member of that security group?

Please also note that this is already configured for ALL off our users for 'Documents' and 'Favorites' so permissions on the file share etc are already configured.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Will SzymkowskiSenior Solution ArchitectCommented:
think you guys are getting the wrong end of the stick.  This is nothing to do with security filtering

Did you read my entire original post?

Will Szymkowski
The Security Group that you have referenced above is the Group Membership that is associated with the Target Folder Location below.

If members are not part of this group you have defined and they do not have permissions already on this share then the folders will not be created because they do not have the proper ACL's on the share/directory.

Example

Share = Home$
Permission Group = Member Services (as we already know this group has permissions on this share/directory)

Not Part of Member Services Group but is part of another group that already has access to this share/directory or directly added by username to the share/directory

Share = Home$
Permission Group = Member Service (user is not part of this group)

*note - If user1 is not part of the Member Service Group but is part of another group that also has access to this share then the users redirected folders will have permission and folders will be created. This will also work if the user is directly added to the Share/directory with appropriate permissions.

User is not part of Member Service Group or any other group that has permissions on this folder
Share = Home$
Permission Group = Member Service (user is not part of this group or any other group that might also have access to this share. The user is also not added directly to the share/directory)

*note - this user will not be able to create folders on this share when the GPO runs.

So that being said, as long as the users have access to this Share/directory it will work regardless of being part of the Member Service group.

I hope this is more clear.

Will.
0
Muhammad BurhanManager I.T.Commented:
is this what you want ?1.jpg2.jpg
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fieldjAuthor Commented:
I experimented with this and can answer my own question....

The answer is Yes, if the user is not a member of the specified security group, their folders (e.g. Pictured) will continue to be saved locally in their profiles on the C:\ drive.
0
fieldjAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for fieldj's comment #a41213566

for the following reason:

Tested the process myself and was able to answer my own question
0
Will SzymkowskiSenior Solution ArchitectCommented:
Muhammad Burhan and Myself have both stated that this outcome will happen if the user is not part of the group. Accept the answers accordingly.

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.