Link to home
Start Free TrialLog in
Avatar of genusys
genusys

asked on

Folder Redirect Permissions Incorrect Windows 2012 R2 Essentials

New admin on this system.  I have users who's offline files are not syncing with the redirected folder because they don't have permissions on lower level folders below their user names. The sync error shows up as an event ID 502 in the application log. Also, the domain admin id can't view or copy any of the folders. I suspect that some how or another someone jumbled the permissions.

Is there a powershell script to set the permissions back correctly? Does anyone have advice as to the steps I should take? I don't want to lose any data guessing at a solution.
Avatar of Larry Struckmeyer MVP
Larry Struckmeyer MVP
Flag of United States of America image

Hi,  By default the admin does not have access to redirected folders.  afaik all SBS linage servers have been this way since SBS 2008.  There is an approved way of gaining access.  
https://support.microsoft.com/en-us/help/288991/enabling-the-administrator-to-have-access-to-redirected-folders

For the permissions issues, check this:

https://blogs.technet.microsoft.com/sbs/2010/10/08/folder-redirection-in-small-business-server-2008/

Permission issues usually originate from manually moving the user’s folder from one location to another, or if the administrator takes ownership of the user’s folder to gain access to the contents. To prevent the first scenario from occurring, use the Move Users’ Redirected Documents Data wizard . A typical error you will receive on the client machine will be something like this:

Event Type: Error
Event Source: Folder Redirection
Event Category: None
Event ID: 102
Date: Date
Time: Time
User: Domain\User
Computer: Computername
Description: Failed to perform redirection of folder My Documents. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to \\ servername \ sharename \%username%. Files were being moved from C:\Documents and Settings\ user \My Documents to \\ servername \ sharename \ user . The following error occurred: The security descriptor structure is invalid.

If you suspect that you are in this situation, verify the following:

The redirected user account must have at least Read, Traverse folder, List folder, Read attributes, and Read extended attributes on the actual share \\SERVERNAME\RedirectedFolders. If you cannot open this share from the client machine because you get an “Access Denied”, folder redirection will not work.
The redirected user account must have Full control and be the Owner of their personal folder \\SERVERNAME\RedirectedFolders\%USERNAME%\. If not, the GPO will fail to apply to that user upon login.
Avatar of genusys
genusys

ASKER

Larry:

Do I take the chance of losing the user's offline data by changing permissions?
Do you have backups?  Can you copy out the data folders on the laptop while connected or disconnected from the domain?  If not sure, then every piece of user data is at risk.
Avatar of genusys

ASKER

If I log in as each user i have access to the offline folders. Please ansswer my question about permissions. i know enough to back up what i can see.
ASKER CERTIFIED SOLUTION
Avatar of Larry Struckmeyer MVP
Larry Struckmeyer MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of genusys

ASKER

Thank you larry