How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
- Application Data
- My Documents
- My Documents/My Pictures
- Start Menu
When you redirect folders to a shared location on a network, users need both read and write access to this location so that the users can read the contents these folders. However, in some scenarios, you may not want to grant read access.
Create security-enhanced redirected foldersTo make sure that only the user and the domain administrators have permissions to open a particular redirected folder, do the following:
- Select a central location in your environment where you would like to store Folder Redirection, and then share this folder. In this example, FLDREDIR is used.
- Set Share Permissions for the Everyone group to Full Control.
- Use the following settings for NTFS Permissions:
- CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
- System - Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
- Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
- Everyone - List Folder/Read Data (Apply onto: This Folder Only)
- Everyone - Read Attributes (Apply onto: This Folder Only)
- Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
- Configure Folder Redirection Policy as outlined in Windows Help. Use a path similar to \\server\FLDREDIR\username to create a folder under the shared folder, FLDREDIR.
Article ID: 274443 - Last Review: 11/28/2007 19:05:46 - Revision: 6.6
- kbactivedirectoryrepl kbgpo kbhowtomaster kbprofiles KB274443