Re: My Documents Folder Redirection

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/31/04 

Date: Wed, 31 Mar 2004 00:48:42 -0700

That is actually a tough one, at least as far as I can see.
As it is something that only surfaces at runtime, I cannot
think of a tool that will show you which policy is impacting
the behavior.
(BTW, one can find references in the docs for XP that an
account should be owner of and have full control over its
profile.)
The first thought approach is to use GPMC to make a copy
of the restricted policy, and link this to a test OU. Once you
have verified the behavior is present in the test OU under the
GPO copy, start using the divide and conquer technique.
First, disable the computer or user section to determine if the
behavior ceases. Then, within the section causing the behavior,
remove half of the policies. If the behavior remains, make a
GPMC backup of the policy and then remove a further half.
If the behavor ceases, restore from the most recent backup
and instead remove the other half. Etc.
If the behavor is not the result of a combination of policies
interacting, this divide and conquer technique is a least step
method for blind search of the behavior's cause. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Shahir A. Ahang" <thisisbs.saa@thisisbsintrinsic.thisisbsnet> wrote in
message news:OjB1kbpFEHA.3188@TK2MSFTNGP10.phx.gbl...
> All,
>
> I am experiencing a very strage problem with redirecting My Documents.  My
> AD domain is 2003 native mode and my clients are all XP.  I have the
> following OU structure:
>
> Accounts
>     Restricted
>     Unrestricted
>
> I have a GPO called ALL ACCOUNTS which redirects My Documents to
> \\SERVER\Users$\%Username% that is applied to the "Accounts" OU
>
> I have another GPO called RESTRICTED which has many different settings
> applied (too many to list) applied to the "Restricted" OU
>
> I have another GPO called UNRESTRICTED which has only a few settings
applied
> to the "Unrestricted" OU
>
> On the file server where the users's home directories exist (\\SERVER),
each
> directory which corresponds to the user's home drive has the following
> setup:
>
> Share Level Permissions - Everyone - Full Control
> NTFS Permissions - Administrators - Full Control
> NTFS Permissions - user - Modify
>
> The owner of these folders is the Administrator and the "Grant the user
> exclusive rights to my documents" is disabled.
>
> What happens is when I login with a user ID which is in the "Unrestricted"
> OU, the folder redirection works.  When I login with an ID that is in the
> "Restricted" OU, folder redirection fails with the following error:
>
> Failed to perform redirection of folder My Documents. The files for the
> redirected folder could not be moved to the new location. The folder is
> configured to be redirected to <\\SERVER\Users$\%Username%>. Files were
> being moved from <D:\Documents and Settings\testlogin\My Documents> to
> <\\SERVER\Users$\testlogin>. The following error occurred while copying
> <D:\Documents and Settings\testlogin\My Documents\My Music\Desktop.ini> to
> <\\SERVER\Users$\testlogin\My Music\Desktop.ini>:
>
> This security ID may not be assigned as the owner of this object.
>
> From this, I gather that some policy element in the RESTRICTED GPO is
> preventing the redirection from taking place.  Now the restricted GPO
> contains many different settings.  I tried to disable some of the more
> obvious ones but it not work.  Here is what did work though:
>
> I changed the NTFS Permissions such that the user, instead of having
modify
> permission to their home folder, I gave them Full Control.  That seems to
> have done the trick and I was able to re-direct My Documents.  But, I
would
> rather identify the policy element in the RESTRICTED GPO which is not
> allowing the redirection to occure instead of assigning Full Control to
all
> home directories.  I have used GPMC but have not been able to pinpoint the
> problem using the GP Modeling or GP Results
>
> So my question is that what is the best way to identify exactly which
policy
> element is PREVENTING the redirection to occure?
>
>

Relevant Pages

  • Re: W2008: new location for folder redirection does not work
    ... I have just had some problems with folder redirection. ... One of the GPO setting is what to do with the redirected folder when the PC ... some settings still kept until you revert them. ...
    (microsoft.public.windows.server.general)
  • Re: My Documents on Server?
    ... detailed reports of your folder redirection policy: ... to the folder redirection. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Citrix and Folder Redirection?
    ... The Target Folder Location ... on the working policy was set to "Redirect to the user's home directory", ... The Citrix logon should be with a TS profile, ... It's interesting how my desktop users folder redirection works but not ...
    (microsoft.public.windows.group_policy)
  • Re: My Documents Folder Redirection
    ... way to pinpoint the offending policy element. ... > GPO copy, start using the divide and conquer technique. ... >> Failed to perform redirection of folder My Documents. ... Now the restricted GPO ...
    (microsoft.public.windows.group_policy)
  • Re: User Profiles
    ... You can use Folder redirection for the Start Menu, ... Exactly what icons are you getting from the Default Domain Policy, ... and in which GPO setting are they defined? ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)