Announcement

Collapse
No announcement yet.

Folder Redirection and Offline Files.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Folder Redirection and Offline Files.

    Greeting's,

    I have a windows server 2012, standard edition running roles of AD and WSUS. I need to enable Folder Redirection and Offiline Files. I've tried this multiple times including following the instructions in the following document "Deploy Folder Redirection with Offline Files" - technet.microsoft.com/en-us/library/jj649078.aspx right down to the GPO name and folder name. But I am just not able to implement folder redirection. I am unsure what other way can I secure the user data hence I am not trying with read / write access to EVERYONE (or authenticated users)

    Everyime I try to access the share folder I am prompted with credentials box (login ID and Password prompt), this is true in case of all machines joined to the domain; including with Administrator ID. I am sure it's permission problem due to this prompt.

    All the client machines are running windows 7. My AD isn't running on default folders (AD is installed on different partition) and the share folder is on a different partition (not on systemroot or the one where AD is installed).

    I would appreciate any help diagnostic or otherwise.

    Thanking you in anticipation,
    Parth Maniar

  • #2
    Re: Folder Redirection and Offline Files.

    How have you configured the permissions?

    Comment


    • #3
      Re: Folder Redirection and Offline Files.

      System - Full Control - This folder, subfolders and files

      Administrators - Full Control - This folder only

      Creator/Owner - Full Control - Subfolders and files only

      Security group of users needing to put data on share (Folder Redirection Users) - List folder / read data and Create folders / append data - This folder only

      *remove all other groups* and Disable inheritance, and Convert inherited permissions into explicit permission on this object.

      This is exactly as per the microsoft document i've mentioned above.

      Comment


      • #4
        Re: Folder Redirection and Offline Files.

        That sounds about right for the NTFS permissions. Are the share permissions set to Everyone Full Control?

        Have you taken a look at the event log for USERENV warning and errors?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Folder Redirection and Offline Files.

          I've followed the document that I've mentioned in the initial post.. There is no other step except (If you chose the SMB Share - Advanced profile, on the Management Properties page, select the User Files Folder Usage value.) for the share creation step of the KB article.

          Since I could access the share from the server itself, I did not add any other settings.

          Do i need to give to access to share to all users? If so should it be "full control".

          If i give "full control" to "all users" in share settings, will the NTFS permissions take care of the confidentiality and integrity of the data?

          Comment


          • #6
            Re: Folder Redirection and Offline Files.

            Honestly I haven't had a chance to take a close look at the sharing in 2012 so there may be some automation taking place. But as a general rule, if you have NTFS, make the share permissions Everyone -> Full Control and then just use the NTFS permissions to limit access. The most restrictive will take precedence so yes, NTFS permissions will ensure the security that you set there.

            Now confidentiality and integrity are completely different than security. NTFS and share permissions do not handel that.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Folder Redirection and Offline Files.

              Alright I finally got my head down and did a step by step diagnosis (not technical diagnosis like looking up the error code in Event Log).

              I've concluded that if i do not select
              Enable access-based enumeration and Encrypt data access checkboxes - optional as per Microsoft's document too.
              during the share creation wizard, I'm able to implement Folder Redirection with the said NTFS ACL's doing their job of controlling unauthorized access by users to other's profiles.

              Any idea how - Enable access-based enumeration and Encrypt data access - could hamper the system and not secure it?

              Comment

              Working...
              X