Announcement

Collapse
No announcement yet.

My Doc Redirection - Admin access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • My Doc Redirection - Admin access

    Hi there,

    I found several forum topics on this subject but they have not resolved my issue so I will ask away.

    I have 3 file servers. They are all doing DFSR in the same replication topology. Part of the data that is replicated is our user's home folders. My document redirection is setup specifically for each site and the redirected root path is: \\domain\dfsroot\home

    Everything is working fine but I've noticed that the domain admin group does not have access to user's my documents folders. When I try to look at permissions I am told I don't have permissions to view permissions. When I look at the root permissions everything looks good and is in line with this KB article:

    http://support.microsoft.com/default...b;en-us;288991

    The only way I can gain access to a user's my documents is to take ownership. I then can access their folder. When I try to take ownership I get this prompt:

    "You do not have permission to read the contens of directory D:blah\blah\blah. Do you want to replace the directory permissions with permissions granting you Full Control?"

    That's the thing. I already have full controll...but apparently not. If I click yes everything works fine.

    I need access as Backup Exec is failing periodically accessing user's my documents folders. It does not always happen but it happens enough that it's an issue.

    Has anyone seen this before?

    Should I just take ownership?

    The Microsoft article seems to imply that ownership will be setup correctly and Admins will have access. I don't want to negate any type of user access but given that DFSR is involved I don't want to screw anything up.

    Any info/help would be greatly appreciated.

    Thank you for reading.

  • #2
    Re: My Doc Redirection - Admin access

    That worked fine for us. What version/edition/architecture/SP of Windows/Windows Server are you running on the clients and servers?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: My Doc Redirection - Admin access

      That's the way My Documents redirection works. Admins get no permissions to the redirected My Documents folder unless you unselect the option to grant the user exclusive access on the redirection settings in your GPO and set the appropriate permissions on the root folder. If you read the article again you'll see that in order to overcome this you have to set the permissions for the Admins at the parent folder level AND unselect the option to grant the user exclusive access to the redirected folders. If you don't do both then you wind up in the situation you have. The point that the article does not make, which is important, is that these settings affect only NEW folders that are created and do not affect EXISTING folders. So for all new folders (root My Documents folders for new users and subsequent child folders of those root folders) you should be OK, but for all existing folders you'll need to manually take ownership, set the permissions, and then reset ownership back to the user.

      Comment


      • #4
        Re: My Doc Redirection - Admin access

        Thank you both for your replies, I really appreciate it.

        Joe,

        That's the funny thing. All the permissions are correct and the technote was followed. The "Grant User Exclusive Access" is removed and when viewing permissions on root folders they all look fine. It's as if something happened with the My Doc setup and it didn't take. Whatever the case I can take ownership and fix things manually even though it's a bit of a pain. Should I take ownership and then put the ownership back to the user after I can access the folders?

        Thanks again!

        Comment


        • #5
          Re: My Doc Redirection - Admin access

          It would be advisable to change the owner of the folder back, yes.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: My Doc Redirection - Admin access

            Fixed: Redirected Folders won't allow offline folders (article 288991) Access is denied

            I followed 288991 to a T and still got access denied for offline files and folders. The issue is offline file needs read access to root folder.

            So what I did was also add group 'domain users' group to the root share with:
            * list folder / read data
            * Read Permissions
            * Read Attributes
            * Read Extended Attributes
            but with the 'apply to' set to 'THIS FOLDER ONLY' in the advanced section and this solved the problem totally! All users can read the root folder but only see their folder and offline folders and files synchronizes without error!!! Administrators still have full access as well.

            Comment

            Working...
            X