RE: Redirected Folders won't allow offline folders (article 288991

Hi Bob,

I tried to follow your steps but I cannot reproduce your problem. Here is
my steps:

1. Create a folder called Test288991 and grant Administrators, System and
Creator Owner full controll permission.

2. Cretae a new user called abc in domain and it is in Domain Users group.

3. Grant abc only permission:
Read Attributes
Read Extended Attributes
Create Folders / Append Data
Read Permissions

on Test288991

4. Create a subfolder TestUser under Test288991and give user account abc
Full Controll permission on this folder only

5. Log on to one client Windows XP with abc and try to access
\\server\Test288991\TestUser and create a folder called My Documents. Also
create a txt file under "My Documents"

6. Right-click folder "My documents" and try to make it offline. Success!

Let me know if I have any inaccurate steps as above. If the steps is the
same, I'd like to suggest you run cacls to export the permission on
"Test288991" , "TestUser" "My Documents" to a txt file. I'll try to check
the permission on it. You can attach the three txt file in your reply.

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Thread-Topic: Redirected Folders won't allow offline folders (article
288991
thread-index: AcaMzi+82aq7R+l8TYG5OZGjZkCEHA==
X-WBNR-Posting-Host: 68.191.63.19
From: =?Utf-8?B?Qm9i?= <86c6c2e6-2146512712@xxxxxxxxxxxxxx>
References: <58063D0E-6A0B-4E0E-8FB6-A78663628A4E@xxxxxxxxxxxxx>
<ptQNHiEiGHA.4896@xxxxxxxxxxxxxxxxxxxxx>
<20AB3CDC-2889-4351-9F8E-9F118763F0D0@xxxxxxxxxxxxx>
<qMRUW$iiGHA.5608@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Redirected Folders won't allow offline folders (article
288991
Date: Sat, 10 Jun 2006 13:41:01 -0700
Lines: 77
Message-ID: <D13687F7-D8A3-47A7-83FD-D2C6035A784C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.general
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:97976
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.general

Hi Vincent,
I reset the OS back to the original install default security setting, but
no
change.

I should be clear that this is not happening on just one workstation.
This
problem exists on all three independent Windows 2003 Servers I have
applied
article 288991 to. And all workstations (that I've checked), exhibit the
same
symptom.

It does not require setting a GPO for Folder Redirection of â??My
Documentsâ??
either as this problem exists with any folder a Domain User wishes to
cache
offline (assuming the folders are prepared as article 288991 instructs).

You can test this for yourself by following the instructions I have
outlined
below:

1. Log on as an administrator to the server and run the following from
the
command prompt:
cd \
md \Test288991
net share "Test288991"="C:\Test288991" /grant:Everyone,full
/remark:"Article
288991 Test Folder"
cacls "C:\Test288991" /t /g Administrators:f System:f "Creator Owner":f

2. You'll need to use the GUI to add the last security settings for
"Authenticated Users" as I can't see how to do it with cacls.

Click Add, and add Authenticated Users.
Click Advanced.
Select Authenticated Users from the Permissions tab and click Edit.
Ensure only the following permissions are allowed:
o Read Attributes
o Read Extended Attributes
o Create Folders / Append Data
o Read Permissions
Accept the default â??Apply onto: This folder, subfolder and filesâ??
Ensure the box â??Apply these permissionsâ?¦â??is left unchecked. Click
â??OKâ??
three times until the properties dialog is closed.

3. Create a subfolder: md \Test288991\TestUser

4. The â??TestUserâ??folder will inherit all the security attributes from
â??Test288991â?? However, youâ??ll need to grant a domain user (such as
TestUser)
to have full control of â??This folder onlyâ?? (This simulates what
Folder
Redirection does).

5. From a workstation, log onto a user that is only a member of the
â??Domain
Usersâ??group. e.g. â??TestUserâ??

6. Have TestUser go to the share \\server\Test288991\TestUser and create
the
folder â??MyDocumentsâ??

7. Create a document within the folder MyDocuments.

8. Right-click folder â??MyDocumentsâ??
(\\server\Test288991\TestUser\MyDocuments) and click â??Make Available
Offlineâ?? You should find this to fail with error â??Access is deniedâ??

9. Log off TestUser and make TestUser a member of the Domain Admins
security
group.

10 Log back onto TestUser and repeat step 8 above.
Youâ??ll find that TestUser is now able to make MyDocuments an offline
cached
folder. This is why I believe article 288991 is not working as is should
because it wonâ??t allow the Domain Users to make their redirected â??My
Documentsâ??folder go to offline cache.

You can remove the Domain Admins security group from TestUser and youâ??
ll
find MyDocuments will continue to synchronize, but this is not an
adequate
circumvention because if TestUser logs onto some other workstation (via
Roaming User Profiles), theyâ??ll find they can not make MyDocuments go
to
offline cache once again.

I hope this explains the problem a little bit better. Thanks!

--
Bob


.

Relevant Pages

  • NTFS Permissions Question
    ... granted the Delete permission. ... does include the Delete Subfolders and Files special permission. ... To see how this played out, I created a new user, TestUser, and created ... TestUser has Modify rights on the Modify folder and Full Control rights ...
    (microsoft.public.cert.exam.mcse)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • MCSA/MCSE Self-training book from MS PRESS for exam 70-215 incorrect on file permission questions?
    ... includes the AccountingDept folder, which contains documents specific to the ... accounting department. ... The Accounting group includes all members of the ... AccountingDept folder by granting Read permission to the Accounting group ...
    (microsoft.public.win2000.file_system)
  • Re: Practice Test with Wrong Answers?
    ... "The Modify permission does not include the Delete Subfolders and Files ... so permanent employees cannot delete files form the Progress ... When I try this out the modify permissions for the parent folder get ...
    (microsoft.public.cert.exam.mcsa)
Loading