I have a 2012R2 File Server (server-docs
) and a 2012R2 Citrix XenApp/RDS Server (server-rds
). Users must be members of UsersRDS
to log on server-rds
.
Here are my GPO settings for Documents redirection :
- Basic : Redirect everyone's folder to the same location
- Create a folder for each user under the root path
- Root folder :
\\server-docs\UserDocs
- Exclusive rights unchecked
I followed this article from MS for setting permissions on root folder : https://technet.microsoft.com/en-us/library/cc737633%28v=WS.10%29.aspx
- Owner : Full Control, Subfolders And Files Only
UsersRDS
: List Folder/Read Data, Create Folders/Append Data – This Folder Only- Administrators : Full Control
- System : Full Control, This Folder, Subfolders And Files
When I log on server-rds
with TestUser
, the folder redirection occurs and I get a folder \\server-docs\UserDocs\TestUser\Documents
.
TestUser
and it's subfolder Documents
have both the same permissions :
- Owner : Full Control, Subfolders And Files Only
UsersRDS
: List Folder/Read Data, Create Folders/Append Data – This Folder Only- Administrators : Full Control
- System : Full Control, This Folder, Subfolders And Files
TestUser
: Full Control, This Folder Only
I have another 2003 File server and a 2003 RDS server, with the same root folder permissions I have only this on user Documents folder :
- Administrators : Full Control
TestUser
: Full Control
If I check Grant the user exclusive Rights on Document folder
in GPO, run gpupdate /force
on server-rds
, server-rds
cannot do the folder redirection at logon and I get the event id 1085 : Windows failed to apply folder redirection settings.
How can I disable inheritance for user documents to get the same permissions (like my 2003 servers) ?
Best Answer
As the strange ACL seems to be by design, I had to check and change them if needed during user logon with a Powershell script :
Example :