Re: Update: REPOST: My Documents Redirection Sync Errors

Glad you got it figured out.

My recommendation would be not to use the Power User template unless you
have very trusted and computer savvy users - it might be necessary in an
office that uses an external consultant for someone in-house to have that
level of privilege on the domain, but with you there as the admin, it's a
risk you probably don't need to take. There's always an issue with Admins
having rights to everything on the domain, and there's really no way around
it other than for them not to be admins.

I think that why there's not a registry setting as you describe is that
there are two kinds of sync - you can select network content and choose to
have it available offline, or the server can be set to cache certain files
offline when the users use them. In your case, it was the latter instance,
so it was not workstation-initiated synchronization. (That's the Caching
setting I was talking about in the Share settings on the server).

BTW, this can be a handy thing. For example, I store Office templates on
the server in a share with the caching turned on. When users log out, the
templates are automatically made available offline, so they can work in the
event the SBS or network goes down, and without me configuring anything in
group policy or on the workstations.

"Stu" <sheodi@please dont spam me.cogeco.ca> wrote in message
news:OFuzOdYqFHA.3304@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Dave,
>
> Your second suggestion worked. Thanks very much. Thanks to Les as well.
> All is now the way I wanted it.
>
> I have to say that Power User's should not be able to traverse the folders
> of an Administrator. Period. I understand WHY they can on SBS - but
> nevertheless, this is a poor choice.
>
> Second, there MUST be a registry setting on the client machine where one
> could delete these rogue sync entries. Having to temporarily rename a
> user folder while successful , could lead to some unexpected issues in
> some cases. Obviously, the sync manager is getting its "directions"
> somewhere - so we should be able to go to that source in the future.
>
> Thanks again!
>
> Stu
>
>
>
> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:%23P61v9PqFHA.2968@xxxxxxxxxxxxxxxxxxxxxxx
>> Two things you can try:
>>
>> What happens if you log into his account and open Windows Explorer. Go
>> to Tools -> Folder Options -> Offline Files and click the Delete Files
>> button. I'm hoping that by deleting the cached files, it won't look for
>> your files again unless they get opened from that profile again.
>>
>> Failing that, what happens if you rename your server directory so it's
>> not available to synchronization, then log in and back out of his
>> profile? Offline Files should not keep trying to sync a file that has
>> been deleted from the server, and I'm hoping if it thinks that's the
>> case, it'll quit trying. After that, you should be able to rename the
>> directory back and again, it won't try to sync until the files are opened
>> again.
>>
>>
>>
>> "Stu" <sheodi@please dont spam me.cogeco.ca> wrote in message
>> news:eugSAAPqFHA.3404@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Dave,
>>>
>>> Your KB article requires a call to MS for the files. I don't mind doing
>>> this of course, but thought there had to be another was, as he is not
>>> synching ALL of my files - only trying to sync the few that his account
>>> had opened. I opened a few of my files under his account as a test -
>>> which abviously led to this!
>>>
>>> So, since it is only the few files I opened, I can't believe I would
>>> need the patch for the larger issues. Maybe I do.
>>>
>>> To clarify - there are NO errors when doing a manual sync while logged
>>> on as this user. None. The errors ONLY occur upon logoff - and then it
>>> is only the few files that I had opened of mine under his account.
>>>
>>> Stu
>>>
>>>
>>>
>>> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
>>> message news:ucQQO1OqFHA.2432@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Did you look at the KB I posted previously about synchronization? I'm
>>>> wondering if it's the issue that the KB describes - that his profile is
>>>> trying to use your sync settings.
>>>>
>>>> It appears that the same things are synchronized whether synching
>>>> manually or automatically (at logoff), which argues for him trying to
>>>> sync your files. I'd try logging in to your profile. Remove all
>>>> synchronization, then log in to his profile and see what happens. Or,
>>>> do whatever that KB says to prevent it.
>>>>
>>>> Do you get a specific enough error to tell you what's failing to sync?
>>>>
>>>>
>>>> "Stu" <sheodi@please dont spam me.cogeco.ca> wrote in message
>>>> news:eoUxItOqFHA.2588@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hi Guys,
>>>>>
>>>>> First fo all - Thank you.
>>>>>
>>>>> Now, I have changed the "problem power user" to a User - and as
>>>>> expected, this solves the issues regarding their being able to access
>>>>> my folder. Excellent. However, I could have left this user as a PU and
>>>>> simply set a deny to them on my folder, because when they log off, the
>>>>> same errors occur.
>>>>>
>>>>> That is, the sync manager is trying to 'sync' files that this account
>>>>> had opened from my folder on SBS.
>>>>>
>>>>> Caching is set as it should be on SBS - the first choice being the one
>>>>> selected.
>>>>>
>>>>> So, how do I stop sync manager from looking for these few files? The
>>>>> errors halt the logoff. And again, if I simpy do a sync as this user
>>>>> while logged on - no errors - only upon logoff.
>>>>>
>>>>> Stu
>>>>>
>>>>>
>>>>>
>>>>> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>> message news:eTeqBeNqFHA.3108@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>I would do what you did - explicitly deny access to the other user -
>>>>>>as a workaround until you can figure out what's wrong with the
>>>>>>permissions.
>>>>>>
>>>>>> When I look at my directory under Users Shared Folders, the only
>>>>>> permissions are Domain Admins, Folder Operators, and System, all with
>>>>>> full control inherited from the parent folder, and me, with full
>>>>>> control not inherited. With the permissions set according to the KB,
>>>>>> that's how they should all be, with the user who owns the folder as
>>>>>> the only explicitly listed user.
>>>>>>
>>>>>> A couple of things come to mind. Could User B be a member of Domain
>>>>>> Admins or Folder Operators? Could the permissions have been set
>>>>>> manually at some point, or could the share have been created with
>>>>>> different permissions, then changed?
>>>>>>
>>>>>> You could see what happens if you go to the top-level folder (Users
>>>>>> Shared Folders). Click Advanced and check the box "Replace
>>>>>> permission entries on all child objects with entries shown here that
>>>>>> apply to child objects." However, if anything is set wrong you'll be
>>>>>> propagating that to all the user folders, which could cause some
>>>>>> temporary discomfort while you sort it out.
>>>>>>
>>>>>> With the permissions set according to the KB, users can see each
>>>>>> other's folders, but not their contents. If you do the "replace
>>>>>> permissions" thing, you could try creating a new user account to see
>>>>>> what results you get on the new user's folder.
>>>>>>
>>>>>> On the sync issue, one thing to check is in the properties of the
>>>>>> Users Shared Folder directory, on the Sharing tab click Caching.
>>>>>> There's an option to automatically cache any file that the user
>>>>>> opens. Is that checked? It's the middle option, and it would account
>>>>>> for why the client PC is trying to cache the files when it's not set
>>>>>> to do so.
>>>>>>
>>>>>> "Stu" <sheodi@please dont spam me.cogeco.ca> wrote in message
>>>>>> news:eOHCKLNqFHA.3204@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> Hi Dave,
>>>>>>>
>>>>>>> I can report that the share and security settings outlined in your
>>>>>>> first KB article are the settings in use on the Users Shared Folder
>>>>>>> on SBS.
>>>>>>>
>>>>>>> This excercise allows me to be more specific now with the issue.
>>>>>>>
>>>>>>> A Power User can read my files (I am an administrator) From the
>>>>>>> Power User's account, I was able to drill down through the Users
>>>>>>> folder on SBS and open documents in MY FOLDER on the SBS server.
>>>>>>>
>>>>>>> Is this by design? Holy crap!
>>>>>>>
>>>>>>> My realization that this was the case is what LED me to deny
>>>>>>> permissions on the folder - which then led to the sync errors from
>>>>>>> the PU account upon logging out. It appears that in that scenario,
>>>>>>> the sync is looking for the documents that the PU account
>>>>>>> read/opened from within the Administrator's My Documents folder on
>>>>>>> SBS in an attempt to sync them locally - or at least sync something
>>>>>>> (perhaps a "recent" documents list..??)
>>>>>>>
>>>>>>> Please note that those sync errors only occur on LOGOUT. If I right
>>>>>>> click on the Power User's My Documents folder in XP and select
>>>>>>> "Synchronize", no errors occur.
>>>>>>>
>>>>>>> So - one thing at a time. Why in the world can a power user read an
>>>>>>> administraotr's documents with impunity and how do I stop it???
>>>>>>>
>>>>>>> That is priority number one.
>>>>>>>
>>>>>>> Stu
>>>>>>>
>>>>>>> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>>>> message news:e6swm2LqFHA.2724@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>> Hi Stu - Two things:
>>>>>>>>
>>>>>>>> - If you set the permissions on the Users share exactly as
>>>>>>>> described in this KB, you won't have any issues with people being
>>>>>>>> able to see each other's stuff. This will save you from worrying
>>>>>>>> about who can see what, and from manually applying permissions
>>>>>>>> every time you add a user. You need to pay special attention to the
>>>>>>>> Advanced settings. (This is the real KB even though the name
>>>>>>>> implies otherwise).
>>>>>>>> "Home Folder" error when running the Add User Wizard
>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;294667
>>>>>>>>
>>>>>>>> - See if this KB helps for the other issue:
>>>>>>>> Files that you add to the Offline Files folder on a Windows
>>>>>>>> XP-based computer are synchronized when another person uses the
>>>>>>>> computer
>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;811660
>>>>>>>>
>>>>>>>>
>>>>>>>> "Stu" <sheodi@please dont spam me.cogeco.ca> wrote in message
>>>>>>>> news:eNkW4ALqFHA.248@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>> Hello Everyone,
>>>>>>>>>
>>>>>>>>> Odd issue here.
>>>>>>>>>
>>>>>>>>> User A is Administrator (me). User B is not. I noticed when
>>>>>>>>> logged in as
>>>>>>>>> User B that User A's folder was accessible to User B when
>>>>>>>>> exploring the
>>>>>>>>> "Users" Folder on SBS.
>>>>>>>>>
>>>>>>>>> Obviously, I want to protect my files from others, so I logged out
>>>>>>>>> and set
>>>>>>>>> Deny permissions on User A's own folder (inside the Users Folder
>>>>>>>>> on SBS)
>>>>>>>>>
>>>>>>>>> Now however, when User B logs out and triggers a syncronization,
>>>>>>>>> there are
>>>>>>>>> errors being diplayed, as apparently it tries to access User A's
>>>>>>>>> folder (
>>>>>>>>> specifically - files that User B viewed from within User A's
>>>>>>>>> folder.)
>>>>>>>>>
>>>>>>>>> How can I stop these errors, thus allowing a smooth logoff or
>>>>>>>>> shutdwn by
>>>>>>>>> User B? The errors stop the computer from completing a logoff or
>>>>>>>>> shutdown.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Stu
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.