Slightly weird permissions with folder redirection?
I've set up dynamically created redirected folders with the usual permissions from How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003 to use with our staff desktops with the permissions below...
Redirection is set to create new folders under the root e.g. \\server\user$\username\Documents (and so on for Pictures, Movies etc). I prefer this way as it's neater and avoids the whole desktop.ini issue. The redirection and roaming profiles are working fine so I should be happy, right?
CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
System - Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
Everyone - List Folder/Read Data (Apply onto: This Folder Only)
Everyone - Read Attributes (Apply onto: This Folder Only)
Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
As usual I had a further check to make sure all the permissions were correct but found something a bit odd that seems to appear on Folder Redirection and Rights Bug Server 2008 R2 as well...
If I look at a folder within Documents and check the permissions I see the user's name with a Full Control permission but Apply To "This folder only" then CREATOR OWNER underneath with Full Control to Subfolders and Files only. Not sure where it's getting the "this folder only" Full Control from? Would think it should be the user's name with Full Control to subfolders and files?
If I look at a file within any of the folders there's no CREATOR OWNER permission mentioned at all, just the user with Full Control (what I would've expected). The permissions are being inherited from the Root folder and the other ones set there look normal (SYSTEM, Administrators, Domain Admins)
As per the Technet thread if I look in my Roaming Profile folders (set up with exactly the same root folder permissions) there's no mention of CREATOR OWNER, just the user with Full Control. Is it something weird folder redirection does and seeing as everything is working OK nothing to worry about? Users will be copying files from their old home areas to the new one so need to make sure the files will work when they get copied.