Guest Fiammenghi Fabrizio Posted January 31, 2008 Posted January 31, 2008 Hi, I enabled folder redirection on my domain. I used the group policy management to create the policy. The folders are created correctly on the share, but the problems is that all my collegues manage to enter on this shared folder see documents of other collegues. If in group policy i enable the "Grant the user exclusive rights to my documents" only the owner can access the redirected folder,and domain admins can't do that. Is there a way to let only the owner and domain admins access the redirected folder , like the settings for roaming profiles ? Many thanks in advance Fabrizio
Guest Lanwench [MVP - Exchange] Posted January 31, 2008 Posted January 31, 2008 Re: Folder redirection Fiammenghi Fabrizio <fabrizio.fiammenghi@fastwebnet.it> wrote: > Hi, > I enabled folder redirection on my domain. > I used the group policy management to create the policy. > The folders are created correctly on the share, but the problems is > that all my collegues manage to enter on this shared folder see > documents of other collegues. > If in group policy i enable the "Grant the user exclusive rights to my > documents" only the owner can access the redirected folder,and domain > admins can't do that. > > Is there a way to let only the owner and domain admins access the > redirected folder , like the settings for roaming profiles ? > > Many thanks in advance > Fabrizio Set the NTFS permissions on the parent share appropriately so they'll be inherited by subfolders - and then you won't need to use the "grant exclusive use" option (which I also dislike). Let's suppose you're redirecting My Documents, "Redirect everyone to the same location" and "Create a subfolder under the root" - and in the path, you're specifying \\server\users . Share permissions on Users should be Everyone = full control The NTFS permissions on Users should be: Administrators = Full Control System = Full Control ....then click Advanced. ....then click Add Add Creator Owner - ....apply onto "Subfolders and Files only" ....grant Full Control (tick all items) Add Authenticated Users ....apply onto "This folder, subfolders and files" ....Tick the following: x Read Attributes x Read Extended Attributes x Create Folders / Append Data x Read Permissions This should do it properly going forward. For your existing users' subfolders folders you may need to manually adjust the permissions to allow Administrators/System/.%username% full control.
Recommended Posts