RE: Redirected Folders won't allow offline folders (article 288991
- From: Bob <86c6c2e6-2146512712@xxxxxxxxxxxxxx>
- Date: Sat, 10 Jun 2006 13:41:01 -0700
Hi Vincent,
I reset the OS back to the original install default security setting, but no
change.
I should be clear that this is not happening on just one workstation. This
problem exists on all three independent Windows 2003 Servers I have applied
article 288991 to. And all workstations (that I've checked), exhibit the same
symptom.
It does not require setting a GPO for Folder Redirection of “My Documents”
either as this problem exists with any folder a Domain User wishes to cache
offline (assuming the folders are prepared as article 288991 instructs).
You can test this for yourself by following the instructions I have outlined
below:
1. Log on as an administrator to the server and run the following from the
command prompt:
cd \
md \Test288991
net share "Test288991"="C:\Test288991" /grant:Everyone,full /remark:"Article
288991 Test Folder"
cacls "C:\Test288991" /t /g Administrators:f System:f "Creator Owner":f
2. You'll need to use the GUI to add the last security settings for
"Authenticated Users" as I can't see how to do it with cacls.
Click Add, and add Authenticated Users.
Click Advanced.
Select Authenticated Users from the Permissions tab and click Edit.
Ensure only the following permissions are allowed:
o Read Attributes
o Read Extended Attributes
o Create Folders / Append Data
o Read Permissions
Accept the default “Apply onto: This folder, subfolder and files”.
Ensure the box “Apply these permissions…” is left unchecked. Click “OK”
three times until the properties dialog is closed.
3. Create a subfolder: md \Test288991\TestUser
4. The “TestUser” folder will inherit all the security attributes from
“Test288991”. However, you’ll need to grant a domain user (such as TestUser)
to have full control of “This folder only”. (This simulates what Folder
Redirection does).
5. From a workstation, log onto a user that is only a member of the “Domain
Users” group. e.g. “TestUser”.
6. Have TestUser go to the share \\server\Test288991\TestUser and create the
folder “MyDocuments”.
7. Create a document within the folder MyDocuments.
8. Right-click folder “MyDocuments”
(\\server\Test288991\TestUser\MyDocuments) and click “Make Available
Offline”. You should find this to fail with error “Access is denied”.
9. Log off TestUser and make TestUser a member of the Domain Admins security
group.
10 Log back onto TestUser and repeat step 8 above.
You’ll find that TestUser is now able to make MyDocuments an offline cached
folder. This is why I believe article 288991 is not working as is should
because it won’t allow the Domain Users to make their redirected “My
Documents” folder go to offline cache.
You can remove the Domain Admins security group from TestUser and you’ll
find MyDocuments will continue to synchronize, but this is not an adequate
circumvention because if TestUser logs onto some other workstation (via
Roaming User Profiles), they’ll find they can not make MyDocuments go to
offline cache once again.
I hope this explains the problem a little bit better. Thanks!
--
Bob
.
- Follow-Ups:
- RE: Redirected Folders won't allow offline folders (article 288991
- From: Vincent Xu [MSFT]
- RE: Redirected Folders won't allow offline folders (article 288991
- References:
- RE: Redirected Folders won't allow offline folders (article 288991)
- From: Vincent Xu [MSFT]
- RE: Redirected Folders won't allow offline folders (article 288991
- From: Vincent Xu [MSFT]
- RE: Redirected Folders won't allow offline folders (article 288991)
- Prev by Date: RE: Server disconnecting users
- Next by Date: Can't boot from a dynamic disk, FIXMBR issue and EFI question
- Previous by thread: RE: Redirected Folders won't allow offline folders (article 288991
- Next by thread: RE: Redirected Folders won't allow offline folders (article 288991
- Index(es):
Relevant Pages
|
