Server 2003 Redirect folders

Post by **MikePeller** » Thu Oct 29, 2009 7:19 am

When you redirect folders by using Group Policy, it is recommended that you enable the Folder Redirection client-side feature to automatically create the user's folders to ensure that the folder is secure. By default, administrators do not have access to the redirected folders.

To make the redirected folders secure, the Folder Redirection feature performs the following actions:
Gives ownership of the folder to the user.
Sets the following ACLs on the folder:
User: Full Control
Local System: Full Control
Prevents inheritance of ACLs from the parent folder.
To access the files in a user's redirected folders, the administrator must either log on as the user whose folder is being redirected or take ownership of the folder and manually change the ACLs on the folder.

Note The act of taking ownership can cause subsequent redirections to be unsuccessful because the Folder Redirection feature ensures that the user is the owner of the folder to which they are being redirected.

To avoid the preceding issues, you can configure the Folder Redirection feature to enable administrator access but to still automatically create folders in a secure manner.

Back to the top
Windows Server 2003
To set security on the shared folders in Windows Server 2003
Log on as an administrator to the server that can host the user's redirected folders.
Locate the top-level folder that can hold the user's redirected documents (for example, D:\Redirected, which is shared as \\Server\Redirected\) by using Windows Explorer. Right-click the folder, and then click Properties.
Click the Security tab.
Click Advanced.
Click to clear the Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here. check box.
When you are prompted to copy or remove permissions, click Remove.
If the Administrators group is not present, click Add, type Administrators, and then click OK.
Select the Administrators group, and then click Edit.
Verify that the Full Control permission is set to Allow, and then click OK.
Click Add, and add System and Creator Owner to the Permissions entries.
Verify that the System and Creator Owner objects have the Full Control / Allow permission.
Click Add, add Authenticated Users, and then set the following permissions to Allow:
Create Folders / Append Data
Read Permissions
Read Attributes
Read Extended Attributes
Close all property sheets and dialog boxes.