Offline files permissions query?

[Guest UselessUser]

Hi,

 

I have walked into a new scenario which is odd for me!

 

Basically I have a server which has this structure

 

E:\HomeDirectory\%username%

 

The folder HomeDirectory is shared, with share permissions set as Everyone

Full Access. NTFS permissions have only administrators, creater owner, and

system as full control.

 

If we create a new user in AD with their H drive set to:

 

\\server\HomeDirectory\%username%

 

This creates the folder correctly and it is perfectly usable...

 

Now we have a few users who are right clicking their H and selecting make

available offline, and this is working fine. However I could not do this

myself (I do not run as domain admin etc).. and consequently began to look

into this, (Before a user asks me about it!)

 

Basically I found on the Microsoft docs that offline files checks the parent

of the folder you are trying to make offline for permissions and as I had

none I was getting access denied. The way to fix this is to have the

HomeDirectory share to have read access for everyone etc.

 

Now here is the question, how are people doing this at the moment! And no

they are not admins, and no there are not permissions on the share etc...

 

What I discovered was that if I give myself read access to the share, then

setup the offline files and synchronize it works fine. If I then remove my

read access and reboot the client, it still seems to work? If this is the

case why is there a need to check the parent permissions, and is there a

client registry fix I can use to get around this??

[Guest Robert Kochem]

Re: Offline files permissions query?

 

On 26 Feb., 16:37, UselessUser <UselessU...@discussions.microsoft.com>

wrote:

> Basically I found on the Microsoft docs thatofflinefiles checks the parent

> of the folder you are trying to makeofflinefor permissions and as I had

> none I was gettingaccessdenied. The way to fix this is to have the

> HomeDirectory share to have readaccessfor everyone etc.

 

The complete strangness of this behavior comes out if you monitor the

file access attempts

with ProcessMonitor:

MobSync.exe (the offline client) first checks the file/folder to be

made offline available

and afterwards it checks for each file the root of the share (which

fails and produces the access

denied message).

> What I discovered was that if I give myself readaccessto the share, then

> setup theofflinefiles and synchronize it works fine. If I then remove my

> readaccessand reboot the client, it still seems to work? If this is the

> case why is there a need to check the parent permissions, and is there a

> client registry fix I can use to get around this??

 

I agree that a client fix would be the only real solution to this

problem. The "solution"

Microsoft proposes in KB275461 is nothing more than a nasty

workaround.

I searched for a registry entry that might change this behavior - but

it looks

like such an entry does not exists. While monitoring mobsync I did

not

recognize anything useful regarding this problem.

 

Robert