Re: SBS 2003 folder redirection, offline files, ..and more

If the user is a local admin, and offline files is turned on, the files are viewable.

--
Les Connor [SBS MVP]


"TravisF" <tdqh1922@xxxxxxxxx> wrote in message news:1183149604.216366.326020@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 29, 12:57 pm, "Les Connor [SBS MVP]" <les.con...@xxxxxxxxxxxx>
wrote:
With some creative GPO configuration, you can set up off-line folders so
they're only active when you log onto a specific computer (or computers),
but not others.

I often have to do this in cases where we have older DOS based LOB
applications that require users have admin rights on workstations, and a
"boss" who likes to roam around the facility, logging onto various
workstations, and who also has a laptop.

The challenge is to have my doc's redirection enabled for the desktops,
without off line folders, and a synchronized copy of the "boss" documents on
his laptop, but nowhere else - as with local admin rights his documents -
once synced to a workstation - are no longer private ;-).

--
Les Connor [SBS MVP]

"TravisF" <tdqh1...@xxxxxxxxx> wrote in message

news:1183134625.384440.136570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



> On Jun 21, 3:58 pm, "Dave Nickason [SBS MVP]"
> <gwdib...@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>> You can have both redirection and Home Folders. That's what I do - >> I've
>> set
>> up a different location for the documents outside of the home folders. >> A
>> few of my users use the home folder for any purpose they wish, knowing
>> it's
>> backed up while the desktop PC is not. Most don't use the home >> folders
>> so a
>> lot of them are sitting there empty.

>> You don't need a drive letter for redirection - it's pretty much
>> automatic
>> and fully configured by group policy.

>> If something blows up: Right now my docs are redirected to the server
>> and
>> cached on my local PC with Offline Files. If my client PC blows up, I
>> can
>> log in at any other PC in the office and see the server copy of my >> docs -
>> redirection will be set up on that PC the first time I log in and I'll
>> just
>> magically see my docs on the server. If the server blows up, I'll be
>> able
>> to see all the cached copies of my documents that are stored on my >> local
>> PC.
>> Although I would not want to rely on the cached copies as my only >> backup,
>> I
>> could easily restore from the cache on this PC if I had to.

>> If I log in at a different PC, my documents will cache in my own >> profile
>> on
>> that PC. That can be a minor drawback due to the time taken by the >> first
>> sync and the drive space used, but it's a minor annoyance and you're >> kind
>> of
>> stuck with it anyway, as the policy is going to force that sync. >> Users
>> of
>> shared PCs don't have access to each other's synched files. If I log
>> into a
>> client PC that I don't normally use, I just cancel the sync. I'm >> trying
>> to
>> develop the habit of using the local admin account for routine IT >> chores
>> at
>> client PCs to avoid this altogether.

>> Backup works fine, although I never gave any thought to why. As for
>> recovering files, the users can do that themselves with shadow copy. >> If
>> you
>> need access for the Administrator account, you'll have to take >> ownership
>> and
>> change the security settings. This can be a minor pain as the default
>> permissions don't even let the administrator see the size or number of
>> files
>> in the users' directories.

>> I'm not familiar with Netware, but I drank the SBS kool aid in 1998 >> and
>> never looked back. Once you roll this out, you'll see that there's
>> little
>> or nothing that could make redirection any easier than it is. >> Besides, a
>> little complexity is good for job security : -) All seriousness >> aside,
>> my
>> current SBS box has been running since Feb '06 without a single moment >> of
>> unplanned down time. I'm willing to put up with a little complexity >> for
>> that level of bulletproof-ness (what's the correct term for the state >> of
>> being bulletproof, anyway?).

>> "TravisF" <tdqh1...@xxxxxxxxx> wrote in message

>>news:1182453125.636799.108120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

>> > Ok I hope this is not too stupid of me to ask.
>> > Am about to setup a new sbs 03 server.
>> > I've worked lots with pcs, general networking , Netware server etc.
>> > Not many w2k03 servers.

>> > I am familiar with folder redir, offline files etc.

>> > I'd like to utilize this for all (15 or so) of my pc users.

>> > I'm used to the old way of doing network data storage creating a >> > Home
>> > folder, mapping a common drive letter for each user in a system >> > logon
>> > script so each user sees U: drive as their respective home personal
>> > data area. U:\Larry etc. That and we used to have them responsible
>> > for copying their own data . Can you imagine !!

>> > Anyway the folder redir / offline files combo looks much better to >> > me.
>> > The way I see it, they don't even need a drive letter mapped,
>> > correct?...since the whole thing is transparent anyway?

>> > Well what if their pc or notebook blows up and they HAVE to get >> > their
>> > data now - well again (in the old days) they would go to another
>> > machine, logon as themselves, get their data off their U drive...yes >> > I
>> > know.. IF they backed it up!

>> > Ok so what happens now if they do this with folder redir / offline
>> > enabled - they go to another machine , logon.. won't it try to sync
>> > the new machine's "my documents" with that on the server? I don't >> > want
>> > that to happen - just need them to get at their files...in this
>> > case...off the server. I want to have it as automatic as possible -
>> > cause otherwise they will forget if its set to manual then they will
>> > scream where's my documents when its deleted...... you know...

>> > As well....regarding backup...this excerpt from
>> >http://technet2.microsoft.com/windowsserver/en/library/ab9f7e44-afbf-...

>> > "Grant the user exclusive rights to My Documents. If selected, this
>> > sets the NTFS security descriptor for the %username% folder to Full
>> > Control for the user and local system only; this means that
>> > administrators and other users do not have access rights to the
>> > folder. This option is enabled by default. Note: Changing this >> > option
>> > after the policy has been applied to some users will only effect new
>> > users receiving the policy."

>> > I'm wondering will a backup application have trouble with this
>> > if..."administrators and other users do not have access rights to >> > the
>> > folder".

>> > Of course we don't want other users to even be able to read others
>> > documents so yes the user must have exclusivity that way. But
>> > administrators should be able to "see" everything .
>> > What if we have to recover a deleted document or folder?

>> > Man I miss Netware's (NWadmin) simplicity sometimes... (sniff)...

>> > Thanks;
>> > Travis- Hide quoted text -

>> - Show quoted text -

> Thanks for the replies here.
> Ok right. The folder redirection / offline files is working on my sbs
> 03 server very good.
> But am I getting this right from what you are saying?
> For instance, when I logon onto my own pc, my documents is redirected
> to the server and cached on the pc.
> Great. Now if I go to another pc and login with the same id, the "my
> documents" on my profile on THAT pc will get redirected on the server.
> Won't it overwrite the "my documents" from my own pc? I don't want
> that to happen. That seems kinda dumb. I'd like a way so that only my
> documents on my pc are redirected regardless if I login elsewhere. Or
> for other clients of course who know nothing of this activity.

> Thanks;
> Travis- Hide quoted text -

- Show quoted text -

That doesn't seem to be the case.
If userB logs on after userA, userB does not see a "my doc" under
\docs and settings belonging to userA - even if he's (userB)
administrator.
So it must cache it elsewhere and encrypt it? I did not use efs.
Logged in as userB , I searched (even hidden files) and I can find
files belonging to userA which I know where there. This is a good
thing.

Thanks;
Travis


.

Relevant Pages

  • RE: SBS 2003 users and mail question
    ... Small Business Server Folder Redirection, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... you log into a shared PC with admin rights and go to Windows Explorer Folder ... documents are redirected to the server. ... without redirection, they wouldn't have been. ...
    (microsoft.public.windows.server.sbs)
  • RE: Folder Redirection woes.
    ... Did you make the Fold Redirection manually or using SBS Configure My ... Which is your SBS server, ... My Documents to a network folder, input the location and then click OK. ...
    (microsoft.public.windows.server.sbs)
  • Re: My Documents redirection to another server?
    ... requirements) on the SBS box was getting to be too much. ... _plus_ have these separate Users folders on the file server. ... I'd redirect as follows - all users to the same location, create a folder ... Is it possible to set up My Documents redirection and roaming ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2003 - Archiving and deleting emails
    ... The log file folder should only have a few megs or so of logs. ... Have you deleted old logs on server? ... Not old Exchange logs as those ... See what SBS support is working on ...
    (microsoft.public.windows.server.sbs)
Loading