# server 2003 domain folder redirection problem



## proksy (Jun 8, 2010)

Let me explain me setup:

folder redirection is done through the group policy on the server. I have users setup on something like 5 security groups and have assigned their folder locations by security group. I am currently forwarding my documents and appdata folders and have the users synchronize before they log off. Some users use a computer lab and have roaming profiles and others have offices and don't often change computers and do not. Some of my users I have encrypted their my documents folder.

The problem:

I have two users that are experiencing problems. One PC hadn't been on the domain and needed backed up and re-imaged and is now fresh and and the other is using a desktop computer that I use as a backup for users when I need to work on their computer, which also maintains a clean image. Recently I had to replace a mobo and ram in a desktop and used the backup desktop, had the user log in and folder redirection worked and three days later I fixed the computer plugged it in user logs on, everything works fine. I then need to work on this other pc and used the backup computer, I've plugged it in had the user log in and folder redirection isn't working correctly. When I log on, start >> my documents, none of the files show up, c >> documents and settings >> users profiles >> my documents, nothing. I >> run >> //server/mydocumentsfilelocation/, good the files are on the server why aren't they showing up/why isn't the group policy being applied to this backup computer all of a sudden. The laptop is similar but a bit more strange, the files are missing when start >> my documents, but are in c >> documents and settings >> users profiles >> my documents but the address bar at the top in windows explorer will read //server/mydocumentsfilelocation >> users profiles >> my documents. I have rebooted/logged off and back on about 4 or 5 times each b/c I know sometimes folder redirection may take a few log in and outs but this is not working for me. Btw both these users have the exact same permissions, no roaming profile and my docs and appdata redirected. This has got me stumped and would appreciate any help, thanks


----------



## StumpedTechy (Jul 7, 2004)

What happens when you do a gpupdate /force? What doe you see in the event logs on login on the machines not applying this properly?


----------



## proksy (Jun 8, 2010)

I didn't check the logs before I left work, note to self that might be a good thing to do  I will check on that once I get back up there.


----------



## proksy (Jun 8, 2010)

OK I have checked the logs on one of the computers, the desktop computer, and I receive an error, event ID 101:

Failed to perform redirection of folder My Documents. The new directories for the redirected folder could not be created. The folder is configured to be redirected to <\\130.30.230.100\Treatment\Documents\%USERNAME%\My Documents>, the final expanded path was <\\130.30.230.100\Treatment\Documents\domestic\My Documents>. The following error occurred: 
This security ID may not be assigned as the owner of this object.

I think I have the users setup to have exclusive rights to the folder but I'm going to search this out on google and msknowledge base to try to figure this out. Thanks for the help


----------



## proksy (Jun 8, 2010)

ok I have found my problem, it turns out that giving my users exclusive rights to the folder is what caused the error to be thrown as there was already a folder and another was trying to be created when the computers were switched apparently, I'm not sure why but that is what looks to be happening. Here is a link to the solution that I found: http://www.virtualizationadmin.com/...performance/configure-folder-redirection.html

I have a second question now that I have solved the original problem. Is there any security flaw after revoking the users exclusive rights to their redirected folders? I try to follow mstechnet's best practices article which can be found at: http://technet.microsoft.com/en-us/library/cc784630(WS.10).aspx. Is there any problem with my current configuration? I really like to do things the right way or the way that is best for the situation and If anyone has any suggestions or anything to add really I would really appreciate it. Thanks for the help so far!


----------



## digitalsatori (Apr 28, 2010)

As a rule, I generally don't grant exclusive rights to any of my users. If they have exclusive rights, then I have trouble running backups and restores on their folders as well as being able to access their folder if I need to when my users accidentally move their documents to a subfolder or delete them entirely.

While MS may have their "best practices", those are not an end-all, be-all solution for everyone. You really should focus more on what works for you. If you have users who store highly confidential data in their home directories, then by all means grant exclusive rights. 

So long as you pay attention to your security settings and don't give "Everyone" full control, you should be okay.


----------



## Rockn (Jul 29, 2001)

Only give users as much access as they need to do thier job. Anything more is asking for trouble. As a best practice redirected folders should only be accessible by the system and the Creator/Owner. I do not want access to these folders and should not have access to them.


----------

