Folder redirection problem – only users in the "Head Office" group should get folder redirection (Desktop, Docs, Pictures, Favs) but everyone is getting there folders redirected.
In order to try to fix the situation I have been checking the settings are as per : https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-folder-redirection
The difference that I have not been able to over come is the folder permissions are different. I also note in the current setup the Home Path is being set in Active Directory Users > Profile for each user – this is in addition to the GPO. I assume that they are both doing the same thing and that I really shouldn't been to do it through each user in Active Directory Users > Profile.
When I go to add special permissions to the Home Drives folder (adding List folder / read data, Create folders / append data, Read attributes Read extended attributes, Read permissions)
I get the error :
Error Applying Security – An error occured while applying the security
information to D:\Home Drives\Some User\Desktop. Failed to enumerate
objects in the container. Access is denied.
Note that the existing users have data in there, and so not wanting to create a worse mess I have not tried to push this any further. The current owner of the home drives folder is the Administrators group.
The current users with full control are:
- Administrator
- Administrators
- SYSTEM
- Authenticated Users (Read & Execute)
- Head Office Users (Special)
Is anyone able to advise what should be done now?
I see under Home Drives\User.Name\ there is folders like: Desktop, Documents, Favourites, Pictures but there is also Home Drives\User.NameV6\ with 3D Objects, Contacts, Downloads, Links etc.
The ownership of these folders is different too:
- Home Drives – Owner Administrators
- Homes Drives\User.Name – Owner Administrators
- Home Drives\User.NameV6 – Unable to Display
- Home Drives\User.Name\Documents – Unable to Display
Update: I found the folder redirection had been applied to the whole domain. I have deleted this and created a new folder redirection policy targeting Head Office security group.
I have taken ownership of users folders, taken a copy, and then copied the data back. Messy but its worked.
Last remaining issue is that the built in Administrator is still getting its folders redirected. Even after I added Admins group and gave denied them under Delegation > Advanced.
Best Answer
You've got several questions/problems here and I can generally answer them all, but you haven't provided specific details about your GPO settings or where they are applied in active directory.
The first suggestion I would give you is that the link you used to setup folder redirection is one of the most ridiculously overcomplicated, yet completely lacking of any necessary detail, articles I've seen in a while.
Try reading through this series of articles for a real explanation of how to setup folder redirection and what the settings and permissions you are choosing actually do: https://4sysops.com/archives/folder-redirection-part-1-introduction/
Now, on to you multiple issues: