Avatar of genusys
 asked on

Folder Redirect Permissions Incorrect Windows 2012 R2 Essentials

New admin on this system.  I have users who's offline files are not syncing with the redirected folder because they don't have permissions on lower level folders below their user names. The sync error shows up as an event ID 502 in the application log. Also, the domain admin id can't view or copy any of the folders. I suspect that some how or another someone jumbled the permissions.

Is there a powershell script to set the permissions back correctly? Does anyone have advice as to the steps I should take? I don't want to lose any data guessing at a solution.

Avatar of undefined
Last Comment

8/22/2022 - Mon
Larry Struckmeyer MVP

Hi,  By default the admin does not have access to redirected folders.  afaik all SBS linage servers have been this way since SBS 2008.  There is an approved way of gaining access.  

For the permissions issues, check this:


Permission issues usually originate from manually moving the user’s folder from one location to another, or if the administrator takes ownership of the user’s folder to gain access to the contents. To prevent the first scenario from occurring, use the Move Users’ Redirected Documents Data wizard . A typical error you will receive on the client machine will be something like this:

Event Type: Error
Event Source: Folder Redirection
Event Category: None
Event ID: 102
Date: Date
Time: Time
User: Domain\User
Computer: Computername
Description: Failed to perform redirection of folder My Documents. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to \\ servername \ sharename \%username%. Files were being moved from C:\Documents and Settings\ user \My Documents to \\ servername \ sharename \ user . The following error occurred: The security descriptor structure is invalid.

If you suspect that you are in this situation, verify the following:

The redirected user account must have at least Read, Traverse folder, List folder, Read attributes, and Read extended attributes on the actual share \\SERVERNAME\RedirectedFolders. If you cannot open this share from the client machine because you get an “Access Denied”, folder redirection will not work.
The redirected user account must have Full control and be the Owner of their personal folder \\SERVERNAME\RedirectedFolders\%USERNAME%\. If not, the GPO will fail to apply to that user upon login.


Do I take the chance of losing the user's offline data by changing permissions?
Larry Struckmeyer MVP

Do you have backups?  Can you copy out the data folders on the laptop while connected or disconnected from the domain?  If not sure, then every piece of user data is at risk.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

If I log in as each user i have access to the offline folders. Please ansswer my question about permissions. i know enough to back up what i can see.
Larry Struckmeyer MVP

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Thank you larry