+ Post New Thread
Results 1 to 9 of 9
Windows Thread, More folder redirection/profile problems. Insanity beckons.. in Technical; We're in the process of building a new domain at the moment and have set up a basic share called ...
  1. #1

    Join Date
    Jul 2005
    Posts
    15
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    More folder redirection/profile problems. Insanity beckons..

    We're in the process of building a new domain at the moment and have set up a basic share called something like "student users".

    When we create a user account, we have set a roaming profile to \\student users\%username%\profile

    Then, we have used folder redirection to make my documents \\student users\%username%\data

    So, when a new user account is created, the first time they log in, these folders are created.

    Now to the difficult bit.. When these folders are created, the user is given exclusive access to them. This isn't a problem until, for some reason, we need to look at that user's files. This could be in the case of misuse for example. In order to look at them, we have to take ownership of the folders. This isn't a problem either. However, once we have done this, even if we then give the user full control over the folders again, they can no longer access their profile or their documents.

    WHY THE HELL DOES WINDOWS SERVER 2003 DO THIS!?!?! ..And more to the point, how can we stop it?

    You can probably notice that I'm a tad wound up about it

    Anyone any ideas?

  2. #2

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,224
    Thank Post
    54
    Thanked 276 Times in 184 Posts
    Rep Power
    133

    Re: More folder redirection/profile problems. Insanity beckons..

    Try a look at this - its what I used

    http://support.microsoft.com/default...;en-us;Q288991

    Alternatively - and I think this has been covered here before - set up the users areas yourself and set the permissions required with a script (also shown here somewhere) - wish I'd done this myself as using the MS method above gives irritating permissions problems when you copy files into the user areas (as I've had to do with digital photos etc)

  3. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,786
    Thank Post
    572
    Thanked 2,154 Times in 982 Posts
    Blog Entries
    23
    Rep Power
    626

    Re: More folder redirection/profile problems. Insanity becko

    When we create a user account, we have set a roaming profile to \\student users\%username%\profile
    Why pray tell? There are plenty of posts and threads here to let everyone know just how evil and unnecercery these are for education and the problems they create. It is far simpler to map the My Documnets folder to the root of their share, so in the redirect policy simply state \\servername\users\%username% this way you need only one policy to acheive everything.

  4. #4

    Join Date
    Jul 2005
    Posts
    15
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: More folder redirection/profile problems. Insanity becko

    Well... I'd love to get rid of roaming profiles but for a mutlitude of reasons it's just not possible at the moment. I would like to find the person whose idea it was originally and shoot them though

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: More folder redirection/profile problems. Insanity becko

    <jolly sarcasm>
    Poor old DOS_BOX, just because he couldn't get roaming profiles to work, he assumes they are no good for anyone!</jolly sarcasm>

    I think you need to do 3 things

    1 - Modify the MyDocs redirection policy and untick the box that says 'Grant the user exclusive rights to My Documents'

    2 - Create a computer policy which will apply to all computers and under Admin Templates\System\User Profiles, enable the 'Add the Administrators group to roaming user profiles' and 'Do not check for user ownership of Roaming Profile Folders' settings.

    3 - Seperate user documents and profiles onto different shares e.g.

    profiles... \\server\profiles$\%username%
    files... \\server\users\%username%

    <screams at top of voice in general direction of the Anti-RP crew>
    Roaming profiles are not evil, but you do need to understand what they are and how they work to get the best from them.
    </screams at top of voice in general direction of the Anti-RP crew>

    climbs down off soapbox...

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: More folder redirection/profile problems. Insanity beckons..

    @ajbritton: It's not that they just cause loads of problems, there is very little need (if not no need) for them in a locked-down user environment.

    Why save information about a user's settings if you are going to reset them the next time that they log on?

  7. #7

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: More folder redirection/profile problems. Insanity beckons..

    You can grant administrators access to "My Docs" when redirected (or other folders too) by carrying out the following (now, this is off the top of my head so bear with me if there are errors- check it out on a test system first):

    1. Clear the "Grant User exclusive rights to My Documents" setting (in the settings tab within folder redirection)

    2. Set security on the subfolder you are sharing that will contain the redirected folder(s)

    To do (2), right click the folder and get to the security tab. Select "Advanced" and uncheck "allow inheritable permissions from parent to propogate to this object" check box and then remove the permissions; now add four groups and assign them permissions--like so:

    Admins- Full control, applying to "This folder, subfolders, and files"
    System- Full control, which applies to "This folder, subfolders and files"
    Creator Owner- Full control, which applies to "This folder, subfolder and files"
    Authenticated Users- Create folders/Append Data, Read Permissions, Read Extended Attributes which apply to "This folder" only.

    I think the KB article for all this is Q2888991. If you have *already* set up the redirected folders and need to gain admin rights after the fact, let me know and I can dig out the commands you can use to get those rights applied in any case.

    HTH

    Paul

  8. #8

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: More folder redirection/profile problems. Insanity beckons..

    If you need to reset the rights, PM me next week and I will send the VBScript

  9. #9
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: More folder redirection/profile problems. Insanity beckons..

    [topic locked - use the sticky thread regarding use of roaming profiles]

    PM me thomas if you need to add more to this topic - i.e. if you still need help with this one

    Cheer
    N.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 11
    Last Post: 1st November 2007, 08:02 PM
  2. Redirection or Exclude from Profile?
    By TechSupp in forum Wireless Networks
    Replies: 2
    Last Post: 21st September 2007, 01:07 PM
  3. Folder redirection
    By kerrymoralee9280 in forum Windows
    Replies: 3
    Last Post: 3rd August 2007, 09:30 AM
  4. Random Folder Redirection Problems
    By ken_kaniff in forum Windows
    Replies: 8
    Last Post: 4th January 2006, 05:18 PM
  5. Folder redirection no desktop??
    By mullet_man in forum Wireless Networks
    Replies: 4
    Last Post: 6th December 2005, 10:34 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •