Hi,
I have delegated adminisitrator rights in an OU of an active directory, and I have experiencing a very rare issue.
We apply some GPO's to the OU, which has inside some servers. The users are in other OU, so in all GPO's applied to the OU where that servers are, we have activated the loopback processing in Sustitute mode, so the user part of those policies applies to every user who logs into one of those servers.
In the user part of one of those GPO's, whe define an user environment variable, Homeshare2 with the path to a server share, like this: Homeshare2 = "\\server1\share$\%username%"
In the sharefolder of server1, the share has read/write control permisions to the group Domain Users and the NTFS permisions has the full control permisions to the Domain Users too.
Finally, the GPO user part has a folder redirection policy, which has the following configuration for documents folder:
Basic: redirect everyone folder to the same location
Redirect to the following location: %HOMESHARE2%\Documents
With this config, when a user logs into one server, the documents are not redirected. An event logs in to event viewer saying 'Windows cannot apply folder redirection config. If I run localy a gprsesult comand, it says Folder redirection n/a, and if I try to execute a result group policy for the user from GPMC console, I get a 'Not valid pointer' error.
This folder redirection worked perfectly last week. We have been making some test to achieve mandatory profiles, and it has stopped working. Now, we have no mandatory profiles configured, and still doesn't work. I don't have more ideas to investigate why this is happening and how to solve it.
Need help.
Just a test that I have done a minute ago.
I go to server1\share$
I delete the folder User1 and everything inside.
I log into server with user1.
In the server1\share$, a folder named user1 is created. The local path to share$ is D:\share. The NTFS permissions of that folder are:
user1: full control, just this folder, inherited from D:\Share
Domain users: full control, this folder, subfolders and files, inherited from D:\Share
Administrators: full control, this folder, subfolders and files, inherited from D:\Share
Inside \\server1\share$\user1, no Documents folder is created, as it should be as configured in GPO. But from the server, the user1 connects to the folder and he can create folders inside.
So I guess is a permission problem, but I can't imagine which: aparently, the permissions are correctly configured.