Grant user exclusive rights to My Documents - Enabled

  • Thread starter Thread starter Kelvin Beaton
  • Start date Start date
K

Kelvin Beaton

I'm trying to understand how "User Configuration\Windows Settings\Folder
Redirection\My Documents" works.

I guess my question boils down to this.

If I set "Grant user exclusive rights to their My Documents" folder it
appears they are the only one how has rights, I guess that should be
obvious, but I'm not sure I like that the Administrator doesn't have access
either.

Does the backup process have access to these files? I would assume so.

If I don't give the user "Exclusive" access to their files, I'd assume the
share and security rights apply, is that correct.

Thanks

Kelvin
 
The administrator can always gain access if need by taking ownership and
granting permissions. Any administrator or user that has the backup files
and directories user right can backup files that they do not have normal
access to. --- Steve
 
An admin does not necessarily need to have access to everything,
and in some environment explicitly should not have access to some
things, such as where a user should reasonable expect privacy.
Correctly configured accounts can access the files for backup when
using an application written to use the backup interfaces. This will
allow the admin to move the content when needed, as well as to
provision for recovery.
 
According to Microsoft online documentation for Windows XP Professional:
If you redirect My Documents to the home directory, domain administrators
have full control over the user's My Documents folder. This is the case even
if you select the Grant the user exclusive rights to My Documents check box
 
Hi all,
I have experienced that if you redirect the users application data to their
home directory that the administatror does NOT have access. The only way to
access is to take ownership. In my case, I have big turnover in users and
therefore, I don't grant exclusive rights to app data or my documents because
it is a pain to delete the home folder when a user leaves (you must
takeownership).
 
Exclusive Rights to My Documents

The problem with taking ownership of My Documents rights in order for a domain admin to see a users folders and files in my documents for whatever the reason may be is if that user was to recreate their profile, or move to another computer, their My Documents would not redirect properly due to the rights being touched. In a sense, if user joeblow had their my documents redirected on a computer and at one point joeblow asked you to get into their My documents for whatever reason, but you needed rights so you became a owner of that folder, next time joeblow logs on to a new computer their my documents would now be local and not pointed to a server share. Clear GRANT USER EXCLUSIVE RIGHTS TO MY DOCUMENTS in GP. Make it a all or none type ordeal, or have fun creating and separating different GP's for the users you can or you can not touch.

Steveo
 
Back
Top