Off Campus

Michael Greene

Blogs

NTFS permissions for Redirected Folders (or Home Directories)

  • Comments 2
  • Likes

Last week a windows admin asked if I knew what the permissions should be for the root level share of home directories or redirected folders.  It has been a few years since I looked this up and I wanted to be certain I had all necessary ACLs, so I committed to researching the question and posting what I found to my blog.

I knew this KB article existed but it is not terribly easy to find since you have to search for "folder redirection" instead of "home directory".  This includes the full description for the root ACL.

http://support.microsoft.com/kb/274443

These are the two steps I was most interested in finding:

2.  Set Share Permissions for the Everyone group to Full Control.

3.  Use the following settings for NTFS Permissions:

  • CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
  • System - Full Control (Apply onto: This Folder, Subfolders and Files)
  • Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
  • Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
  • Everyone - List Folder/Read Data (Apply onto: This Folder Only)
  • Everyone - Read Attributes (Apply onto: This Folder Only)
  • Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)

Pay attention when configuring the home directory or folder redirection policies.  If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL.

Comments
  • : Failed to apply policy and redirect folder "RoamingAppData" to "C:\Users\administrator.PQNET\AppData\Roaming".
    Redirection options=0x80001201.

  • please find the solutions for this task
    Log: Application
    Type: Error
    Event: 502
    Alert Time: 2014-09-06 00:42:18Z
    Event Time: 02:36:46 PM 5-Sep-2014 UTC
    Source: Microsoft-Windows-Folder Redirection
    Category: None
    Username: Administrator
    Computer: pq-ad02.pqnet.paraquad-nsw.asn.au
    Description: Failed to apply policy and redirect folder "RoamingAppData" to "C:\Users\administrator.PQNET\AppData\Roaming".
    Redirection options=0x80001201.
    The following error occurred: "Can't create folder "C:\Users\administrator.PQNET\AppData\Roaming"".
    Error details: "This security ID may not be assigned as the owner of this object.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment