Folder redirection issue – Windows server 2003

pts.
Tags:
DataCenter
Desktop management applications
Desktops
Management
Microsoft Windows
Networking
OS
Security
Servers
SQL Server
Tech support
I configured roaming profiles and folder redirection using Active Directory on a Windows Server 2003 machine. I mapped all profiles to server_nameprofile%username% I redirected the desktop, application data, ect. to server_nameusers. The folder redirection works perfectly; however, when a user logs into the domain a list of ALL the other users is at the top of there start menu. All users can access any other users redirected files. Is this supposed to act like this? I do not want the other users to appear on the start menu - only the user that is logged in. Any ideas? Thanks, J

Answer Wiki

Thanks. We'll let you know when a new response is added.

maybe I missed it but did you share the folders with the “username$” without the quotes which would hide them from others, also make sure that only the individual user and the administrator have rights to the “username” folder

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Petroleumman
    Hello, What you set up is correct for standard folder redirection, however redirection of home folders requires a different set up. Here are are some instructions that should help you clear up your problem. Redirecting to Home Directory (My Documents) A new feature provided with Windows Server 2003, the redirect option allows you to redirect a user's My Documents folder to the user's home directory. This option is intended only for organizations that have an existing deployment of home directories and that want to maintain compatibility with their existing home directory environment. Use this option only if you have already deployed home directories in your organization. To redirect My Documents to the home directory, follow these steps: Open a Group Policy Object that is linked to the site, domain, or organizational unit that contains the users whose My Documents folders you want to redirect. In the console tree, double-click Folder Redirection to display My Documents. Right-click My Documents and then click Properties. On the Target tab, in Setting, click Basic - Redirect Everyone's Folder to the Same Location. Under Target Folder Location, click Redirect to the User's Home Directory and then click OK. NOTE Users must have the home directory property set correctly on their user object in Active Directory. The client computer finds the path for the user's home directory from the user object in Active Directory at logon time. Users who are affected by Folder Redirection policy must have this path set correctly; otherwise, folder redirection will fail. Good luck!
    0 pointsBadges:
    report
  • Dwiebesick
    Petroleumman is correct on what he quoted. However, I am not sure that you are using home folders. `Home folders? is an option under the user profile. On you user?s profile, did you put a check under Home folder - Connect and select a drive letter with a URL path? Or, by your statement, are you indicating that you only used group policies? This is a BIG subject area with lots of information printed in various locations. I suspect your problems are multifaceted. Start by setting your share and NTFS permissions as directed by Microsoft in KB27443. If you have access to Mark Minasi?s Mastering Windows 2003, you will find this subject covered. (best prices I found were at www.bookpool.com) As for all users being listed on the start menu, this, I think, is because you have all users going to the same location and not an individual folder for desktop, application data etc. Do you have a really good business reason to use roaming profiles? Have you considered the network load that roaming profiles generate? If you have, then you will need to redo what you have done so far, correcting the share and NTFS permissions and correct the error in generating the folder that will hold each individuals profile data. Good luck, dmw
    2,235 pointsBadges:
    report
  • Skepticals
    I think I need to clarify a few things. These folders are not being redirected to the same folder. This is the file structure: Profiles: The normal profiles are at c:profiles%username% Each user has their own folder. There are no drive letters mapped or use of old Home directories. Folder redirection: I am using basic folder redirection and Windows automatically creates a folder for each user and sets the share and NTFS permissions. These are stored in c:users%username% For example, Bob Barker would have a profile stored in c:profilesbbarker and have his Application Data, Desktop, and My Documents redirected to c:usersbbarker. The users folder will contain a folder for each user and inside each folder will be the Application Data, Desktop, and My Documents folders. I need to use roaming profiles because my staff uses computers at a front desk and in their office. They would like to have their profile roam. I am also using folder redirection to have a set of 10 lab computer share a common desktop (that they can't change). I was told that redirecting a user's My Documents takes away from the network load because it does not have to 'roam' this portion of the profile - it will stay constant on the server. All the folders seem to be shared correctly. I tried changing the NTFS permissions on the c:user%username% folder; this blocks other users from seeing the contents of the folder but STILL lists it on the start menu. Users have a list of 20 users on their start menu. Anything I am doing wrong? Thanks again. J
    0 pointsBadges:
    report
  • Kzander
    Make your share name a hidden share that way the user only sees theirs.
    0 pointsBadges:
    report
  • Petroleumman
    Hello, I'd have to agree with Dwiebesick....your problems are multi-faceted! You may want to start by examining your configuration for 1. your roaming profiles. Make sure you have this set up properly. You should have a directory on a server which contains either an individual profile for each user or a single profile assigned to multiple users. Next make sure the Profile Path in the user's AD profile is set correctly. At logon you want to make sure that the profile in use is that which is on the server and not one on the local machine. If a roaming profile cannot be accessed in a timely manor XP will default to any locally stored profile for a user without notice. If you have a slow network, set the Always wait for the network at start-up and logon setting in GP. 2. Double check your redirection settings. I would suggest using home folders for your users if you aren't already. This makes it easy to control unauthorized access to user data by other users. Again, make sure your user configurations in AD are correct so that your users are being directed properly to their folders. I've never heard of user profiles or shares being listed on the Start menu before, but don't doubt this is the case. Weirder things can happen! Just take your time and back track your steps one step at a time, one task at a time and I'm sure you'll find the error. Good luck!
    0 pointsBadges:
    report
  • Skepticals
    I can't use a $ to hide the shares because the problem is with the Folder Redirection - not the profiles. The profiles have their own folders and everything is fine with that. The problem is with the folder redirection - this is what is showing on the start menus; only thr redirected folders are listed. I believe the path is correct in Active Directory. I used servernameprofiles%username% The folder redirection has ONE shared folder called users, inside it contains a folder for each username. Would it help if I sent someone some screenshots? Maybe I am not explaining it well enough. I have followed the necessary steps as far as I can tell. One thing that may be affecting things: I switched from local profiles to roaming profiles. I manually copied the users local profile to the server. Maybe I copied too much? Not enough? I didn't think this would cause a problem, but maybe it does. Thanks for all your help. Jeff
    0 pointsBadges:
    report
  • Mortree
    Correct, you did not need to manually copy profiles. Can't tell what you mean by manually copied -- but hope you mean used Copy TO button under User Profiles part of System Properties. That requires admins to have access to users profiles folders which the automatic method does not. If you reached into Documents and Folders to file copy profiles yourself...I suggest you kill a couple online profiles and see what happens when Logon moves the profiles itself. Something went wrong with the automatically created redirect folders. Or did you create the folders manually? Normally Windows Server would automatically kill inheritance and change the rights to user only. Check effective rights. If you change the NTFS properties of all redirected folders at the individual user-root level to only include the user and kill inheritance, no other user will be able to see the folders. Make sure you indicate to propagate these new rights to all subfolders and files.
    0 pointsBadges:
    report
  • Skepticals
    I just wanted to give everyone an update (incase someone cares). It turns out that I did everything correctly except I unchecked the "give user exclusive rights" check box because I wanted to give the administrator access automatically. I cheked this box and the problem seems to be resolved.
    0 pointsBadges:
    report
  • Mortree
    Pretty much what I thought. You can always add the Adminstrator to the folder later. But it is pain to manually put all the inheirtence blocks on the individual user profile folders manually. That is what the exclusive access box does -- block inheritance from the parent folder and then explicitly grant the user right to thier new profile folder. So of course unchecking the exclusive box and doing nothing else made everyones fodler visible. The parent profiles folder has to give the whole user group at least modify rights so the account can create the individual profile folders in the first place. Thus the parent NTFS right were inherited.
    0 pointsBadges:
    report
  • Mortree
    Pretty much what I thought. You can always add the Adminstrator to the folder later. But it is pain to manually put all the inheirtence blocks on the individual user profile folders manually. That is what the exclusive access box does -- block inheritance from the parent folder and then explicitly grant the user right to thier new profile folder. So of course unchecking the exclusive box and doing nothing else made everyones fodler visible. The parent profiles folder has to give the whole user group at least modify rights so the account can create the individual profile folders in the first place. Thus the parent NTFS right were inherited.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following