Folder Redirection and Rights Bug Server 2008 R2
-
Friday, May 06, 2011 3:06 PM
Struggling a little bit. Have folder redirection working but when we put something into the users documents folders they do not get permission to access it only on documents they create
on the share where the redirects go to there is
System full control
creator owner full control subfolders and files only
Admin full controlI can see when the users documents folder is created their username appears with full control on it but this then will not propogate to files we put in the folder.
Any ideas what we are doing wrong?
Robbie
- Edited by RobbieWallis Sunday, July 03, 2011 8:40 AM
All Replies
-
Monday, May 09, 2011 8:08 AMStill not working any ideas?
-
Monday, May 09, 2011 8:24 AM
I've noticed that the user folder and the documents folder below that are showing the username and full access to this folder only and not this folder, sub folders and files. Is that right? It looks to me that is the problem but cant see why it hasnt got the creator owner permissions
-
Monday, May 09, 2011 8:59 AMModerator
Hi,
Would you please clarify that if the copied file or the redirected folder cannot be accessed from client? In addition, how did you copy the file?
If you mean the copied file cannot be accessed, it can be caused due to the copied file cannot inherit permissions from parent folder.
You may modify the inheritable permissions settings to check the result.
For more information, please refer to the following Microsoft KB article:
How permissions are handled when you copy and move files and folders
http://support.microsoft.com/kb/310316
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Monday, May 09, 2011 9:03 AM
We want to copy files into peoples user spaces using windows explorer
Even if you inherit permissions from the parent it doesnt copy the "user" onto the file/folders due to the NTFS permissions on the parent folders i.e. "this folder only"
-
Friday, May 13, 2011 7:34 AMModerator
Hi,
Please refer to the following Microsoft KB article to check if it is useful for you.
Enabling the administrator to have access to redirected folders
http://support.microsoft.com/kb/288991
In addition, please describe the issue in detail. If you can tell me a detailed sample, it would be good for me to understand the issue accurately.
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Friday, May 13, 2011 8:14 AM
I'm starting to think it's a bug
When you create a share for your redirected folders you add to NTFS (h:\studentdata$ in photo above)
administrators FULL - This folder, Sub folders and files
Domain Admin FULL - This folder, Sub folders and files
System FULL - This folder, Sub folders and files
Creator Owner Special permissions FULL - Subfolders and Files
aGroup - Special Permissions - Read, traverse, create folder - This folder only
When the redirection occurs and the "user" folder(h:\studentdata$\clait004 in photo above) is created the NTFS permissions end up like this
administrators FULL - This folder, Sub folders and files
Domain Admin FULL - This folder, Sub folders and files
System FULL - This folder, Sub folders and files
TheUsername FULL special permissions - This folder only
Creator Owner Special permissions FULL - Subfolders and Files
This is wrong!! Look at the user added in this example "theUsername" they have only be granted full control to "this folder only" and not "this folder, sub folder and files". So if at anytime something is copied into their "user area" they cannot see it as the permissions will not propogate down to it.
You can see this in production from the photo above. The user clait004 is the creator/owner of the folder and you can see the permissions have been applied incorrectly from the creator/owner special permissions. It did NOT copy the "subfolders and files" permissions.
Surely someone else is having this issue
Robbie
-
Thursday, May 19, 2011 9:32 PM
Can anyone else replicate this issue?
-
Friday, July 01, 2011 9:08 PM
Hello
Yes I am experiencing exactly the same!
I'm moving my users to new file server (2008 R2 Ent. SP1 on VMWare ESX i3 3.5) and have struggled the last few days with the 5 test users I have moved so far. The creator owner does not behave as on my old (2003 Ent. native iron) server and I've tried everything. Apparently, both for newly created folders and when I try to let the folder inheriting properties from the "root" (share) folder. I have checked my file system and there are no errors. My workaround so far is to manually assign full rights to the user when the folder is created which happens, but I do not want to have to do when all 200 users are to be migrated. It looks like a bug in NTFS or else so we just need an indication of this functionality has been changing in 2008 R2.
Sincerely, and all the best from sunny Copenhagen
Lars
-
Saturday, July 02, 2011 8:39 AMIs anyone able to raise this as a defect? It specifically effects 2008 R2
-
Tuesday, July 05, 2011 1:16 PM
I am seeing the same issue.
ThanksDave
-
Sunday, July 10, 2011 3:13 PM
I checked another server we have and it isnt doing it for roaming profiles only seems like it is for redirected folders but I stand to be corrected.
Could someone from Microsoft comment on this as it is a major problem?
Robbie
-
Tuesday, July 26, 2011 7:38 PMThe same issue. I have just spent a day and a half having to log in under the users' accounts and copy data from a backup to the redirected folders (moving from 2k3 to 2k8r2) so that they obtain proper permissions.
-
Wednesday, November 02, 2011 10:07 AMI too have just asked this same question on a different thread, and its being a massive nightmare for us as we are in an education environment and must have delegated admins be able to copy/remove files from pupil user accounts. Is there anyone out there at MS that can resolve this issue.
-
Friday, January 06, 2012 4:20 PMdid MS ever decide to fix this?
-
Thursday, November 15, 2012 4:47 PM
Nope - I'm still having the same problem at http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/fd0aaa8e-e3e4-4ddd-908e-44559fb561af
Annoyingly I posted this issue 2 years ago and am still having the issue on a new client that I'm trying to setup today.
The interesting thing is that the folders are actually created but with Creator Owner permissions set to Subfolders and files only.
If you select the *users* folder then go into the permissions and remove the inheritance, add the permissions, creator owner is set to subfolders and files.
If you then change the permission from subfolders and files to this folder, subfolders and files, the permissions actually change into two seperate entries - the user is specified as folder only and creator owner specified back to subfolders and files only.
If you select the redirect share and change permissions for creator owner from subfolders and files to "this folder subfolders and files" this is accepted until you hit apply. At that point the permissions are reset back to subfolders and files.
http://absoblogginlutely.net
-
Thursday, December 06, 2012 3:01 PM
FYI my Microsoft rep "fixed" the issue by setting the "grant exclusive rights" only option. Although this did fix the issue, it's not really a complete solution as it makes it incredibly hard to support users and troubleshoot files when you can't see if the files have actually been migrated to the correct location when logging on as the administrator to check the situation (as we don't have the users passwords right?"
My only other follow up issue is getting the machines to actually move some of the data - some machines are stubbornly clinging to the offline files version of the files.
http://absoblogginlutely.net
.png)
