Re: GPO Folder Redirect causing Permissions Error

---

• From: Tommy Long <TommyLong@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 26 Jun 2008 23:54:00 -0700

---

Thanks for your reply Cliff,

I have been letting the clients create the folders or in some cases move the
folders. When it moved the folders I had to recreate most of the shortcuts
pinned to the start menu which was a pain.

I've had a look through the MSDN article you linked, I'm not at work yet but
I can see some discrepancies in the permissions. One that sticks out, each
user's redirected folder has the user who creates it as full control, admin
inherits full control, but the local system I don't believe has a permission
set at all when I checked them, and according to the article require full
control which I guess makes sense why a user can browse through their folder,
but not run the contents of the folder?

You said I should be creating the folder's for each new user? I had hoped
the policy would be able to do it. With inheritable permissions set to the
folders the policy creates, in the future they should be ok if the above
fixes the problem, right?

Why do you say I should be creating them myself? (I'm not arguing, just
curious). And would it be advisable to set up a script to automate the
folder creation in that case? such as the one found here:
http://www.visualbasicscript.com/m_56578/tm.htm

Thanks for the reply Cliff
--
-------------------------------
Please respond to my posts via the newsgroup as the e-mail provided is not
monitored.


"Cliff Galiher" wrote:

1) Are you letting the client create the appdata and desktop folders? Or
are you creating them and setting the permissions yourself. You *should* be
doing the former.

2) Windows needs permissons on the root folder about the user's folders.
Both on the share and NTFS level
http://technet2.microsoft.com/windowsserver/en/library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true

-Cliff

"Tommy Long" <TommyLong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CA04DF0C-1A4C-4749-8444-7F5C14022072@xxxxxxxxxxxxxxxx

Last night I applied a new policy to redirect user folders.

An example from the policy report:

User Configuration > Windows Settings > Folder Redirection > Application
Data
Group: DomainAdmin
Path: \\FileServer\Admin\%USERNAME%\AppData
Grant User exclusive rights...: Enabled
Move the contents of App...: Enabled
Policy Removal Behavior: Leave Contents

This has been mirrored to four other groups, to four other locations, for
App Data, Desktop, My Docs, and Start Menu.

The share has the permissions:
Everyone: Full Control

The folders created for Appdata, Desktop, etc have the permissions:
Admin: Full Control
%USERNAME%: Full Control

I still have the default policies enabled and have scanned through them
but
can't see a reason for there to be a conflict or problem.

The problem is, since the change, if you try to run a iexplore shortcut
(for
example) from the QuickLaunch bar (effectively AppData folder), from the
Desktop, or from MyDocs, you receive a permissions error:

"C:\Program Files....iexplore.exe"
"Windows cannot access the specified device, path, or file. You may not
have the appropriate permissions to access the item"

This also happen regardless of what you try to execute within the above
listed folders (shortcut, exe, etc).

Shortcuts will run from the start menu however, despite the start menu
folder sharing mirrored policy and permissions as the other 3 folders.

I'm stumped, anyone know what I've done wrong?

Thanks in advance,
Tommy

--
-------------------------------
Please respond to my posts via the newsgroup as the e-mail provided is not
monitored.

.

---

• Follow-Ups:
  • Re: GPO Folder Redirect causing Permissions Error
    • From: Cliff Galiher

• References:
  • Re: GPO Folder Redirect causing Permissions Error
    • From: Cliff Galiher

• Prev by Date: Re: GPO Folder Redirect causing Permissions Error
• Next by Date: Re: OWA Certificate Error - Cannot get laptop to install SBS Self-Signed Certificate
• Previous by thread: Re: GPO Folder Redirect causing Permissions Error
• Next by thread: Re: GPO Folder Redirect causing Permissions Error
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Permissions on a file server- how to reconcile sharing and securit ... I'm sharing various folders on a drive on the network, ... control under the sharing tab. ... NTFS permissions. ... write access on individual folders using security. ... (microsoft.public.windows.server.active_directory) Re: Stoping users removing administrator rights ... Users are able to modify permissions because object owner is always able to ... modify permissions in discretionary access control model used in Windows. ... However, this should not cause any problems with backup, because ntbackup ... I need to allow my users to able setup folders within ... (microsoft.public.windows.file_system) Re: NTFS Security Question. ... A subordinate object DOES not inherit the PARENT perms (in ... will assume "Nebulous" permissions that refer to the LINK ... The trick is to PROPOGATE to all FILES (not Folders and Files - that would ... Since Windows 2000 deny NTFS permission does not work ... (microsoft.public.windowsxp.security_admin) Re: File and Folder Permissions ... have permissions determined by where they are. ... UserX to have Full control over all new files and folders then ... account, such as a new profile directory. ... (microsoft.public.security) Re: Turn off Simple File Sharing ... Even in XP Pro it amazes me that in certain folders don't have Administrators granted full control. ... When you go messing with permissions it's always a good idea to pay close attention and really understand what you're doing. ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)