| Author |
Message |
NLI
Guest
|
 Posted:
Wed Nov 09, 2005 5:51 pm Post subject:
Folder redirection and security |
|
|
We have an interesting problem with one of our clients.
The client uses folder redirection for their "my documents" and offline
folders to keep a local copy of their files on their PC's.
The studens use a wireless network, and could get disconnected a couple of
time during the day, which will invoke the "offline file" mode.
The problem is we have given them read-only access to the "my documents"
folder and that works perfectly fine while they have a live connection, but
once they're diconnected (due to wireless issues), they would be able to
actually create files and delete file from their "my documents".
What makes this a big problem, is that when the connection is
re-established, the synchronization fails because the system will give
"access denied" to the files they already placed in that folder and
basically they won't be able to use that folder until the Admin logs an and
manually deletes the files they created. Very non-productive.
It seems to me like a design flow? Why aren't the permissions kept in place
even when they're disconnected? |
|
| Back to top |
|
 |
Steven L Umbach
Guest
|
| Posted:
Thu Nov 10, 2005 9:51 am Post subject:
Re: Folder redirection and security |
|
|
I am no expert on using offline files but usually users have full control to
their my documents folders, or at least read/list/write/modify, and the
read only restriction would be an unusual situation. In such a situation it
probably would be best to disable
offline files or at least for the my documents folder. --- Steve
"NLI" <nli@newsgroups.nospam> wrote in message
news:%23q5ZI0U5FHA.1148@TK2MSFTNGP10.phx.gbl...
| Quote: | We have an interesting problem with one of our clients.
The client uses folder redirection for their "my documents" and offline
folders to keep a local copy of their files on their PC's.
The studens use a wireless network, and could get disconnected a couple of
time during the day, which will invoke the "offline file" mode.
The problem is we have given them read-only access to the "my documents"
folder and that works perfectly fine while they have a live connection,
but once they're diconnected (due to wireless issues), they would be able
to actually create files and delete file from their "my documents".
What makes this a big problem, is that when the connection is
re-established, the synchronization fails because the system will give
"access denied" to the files they already placed in that folder and
basically they won't be able to use that folder until the Admin logs an
and manually deletes the files they created. Very non-productive.
It seems to me like a design flow? Why aren't the permissions kept in
place even when they're disconnected?
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 am Post subject:
Re: Folder redirection and security |
|
|
According to the info from Microsoft in the link below for redirected
folders to work correctly the user needs to have full control to the folder
on the server and be the owner. --- Steve
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/user01.mspx
Security Considerations when Configuring Folder Redirection
Table 14 NTFS Permissions for Each Users Redirected Folder
User Account Default Permissions Minimum permissions required
%Username%
Full Control, Owner Of Folder
Full Control, Owner Of Folder
Local System
Full Control
Full Control
Administrators
No Permissions
No Permissions
Everyone
No Permissions
No Permissions
"NLI" <nli@newsgroups.nospam> wrote in message
news:eBB702n5FHA.268@TK2MSFTNGP10.phx.gbl...
| Quote: | The "my documents" folder is a redirected folder, so it resides primarily
on the server, but has an offline copy on the user's desktop. Permissions
are applied on the server.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eoEwGLb5FHA.3292@tk2msftngp13.phx.gbl...
I am no expert on using offline files but usually users have full control
to their my documents folders, or at least read/list/write/modify, and the
read only restriction would be an unusual situation. In such a situation
it probably would be best to disable
offline files or at least for the my documents folder. --- Steve
"NLI" <nli@newsgroups.nospam> wrote in message
news:%23q5ZI0U5FHA.1148@TK2MSFTNGP10.phx.gbl...
We have an interesting problem with one of our clients.
The client uses folder redirection for their "my documents" and offline
folders to keep a local copy of their files on their PC's.
The studens use a wireless network, and could get disconnected a couple
of time during the day, which will invoke the "offline file" mode.
The problem is we have given them read-only access to the "my documents"
folder and that works perfectly fine while they have a live connection,
but once they're diconnected (due to wireless issues), they would be
able to actually create files and delete file from their "my documents".
What makes this a big problem, is that when the connection is
re-established, the synchronization fails because the system will give
"access denied" to the files they already placed in that folder and
basically they won't be able to use that folder until the Admin logs an
and manually deletes the files they created. Very non-productive.
It seems to me like a design flow? Why aren't the permissions kept in
place even when they're disconnected?
|
|
|
| Back to top |
|
|
NLI
Guest
|
| Posted:
Fri Nov 11, 2005 9:51 am Post subject:
Re: Folder redirection and security |
|
|
The "my documents" folder is a redirected folder, so it resides primarily on
the server, but has an offline copy on the user's desktop. Permissions are
applied on the server.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eoEwGLb5FHA.3292@tk2msftngp13.phx.gbl...
| Quote: | I am no expert on using offline files but usually users have full control
to their my documents folders, or at least read/list/write/modify, and the
read only restriction would be an unusual situation. In such a situation
it probably would be best to disable
offline files or at least for the my documents folder. --- Steve
"NLI" <nli@newsgroups.nospam> wrote in message
news:%23q5ZI0U5FHA.1148@TK2MSFTNGP10.phx.gbl...
We have an interesting problem with one of our clients.
The client uses folder redirection for their "my documents" and offline
folders to keep a local copy of their files on their PC's.
The studens use a wireless network, and could get disconnected a couple
of time during the day, which will invoke the "offline file" mode.
The problem is we have given them read-only access to the "my documents"
folder and that works perfectly fine while they have a live connection,
but once they're diconnected (due to wireless issues), they would be able
to actually create files and delete file from their "my documents".
What makes this a big problem, is that when the connection is
re-established, the synchronization fails because the system will give
"access denied" to the files they already placed in that folder and
basically they won't be able to use that folder until the Admin logs an
and manually deletes the files they created. Very non-productive.
It seems to me like a design flow? Why aren't the permissions kept in
place even when they're disconnected?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in