Hi all,
My DC is windows server 2003, and I have created folder redirection in a GPO,in the folder redirection setting I select 'Basic - Redirect everyone's folder to the same location' and 'Create a folder for each user under the root path' .I link the GPO to a group of domain users, including the user ID 'Donald' and 'Jim'. To make it simple, the redirected user folder including 'desktop' only.
For example, when Donald log in a domain computer, the desktop is redirected to \\server1\motherfolder\Donald\desktop, everything works fine. The permission I assign to 'motherfolder' is recommended by microsoft
(http://support.microsoft.com/kb/274443):
- Set Share Permissions for the Everyone group to Full Control.
- Use the following settings for NTFS Permissions:
- CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
- System - Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
- Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
- Everyone - List Folder/Read Data (Apply onto: This Folder Only)
- Everyone - Read Attributes (Apply onto: This Folder Only)
- Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
I find that if Donald keys in \\server1\motherfolder, he has full access to the subfolder 'donald' , which is good; and he is denied access to \\server1\motherfolder\Jim\desktop, which is also good. However, Donald can create folder and files under \\server1\motherfolder and \\server1\motherfolder\jim.
What I can do so that any folder redirection user like Donald is unable to create folder and files under \\server1\motherfolder and \\server1\motherfolder\Jim ??
I have tried many ways, but still unable to achieve it.
Thanks in advance!