what permissions are needed for a gpo to apply to a user?

Binder Redirection permissions and GPO

Folder Redirection allows you to shop your users' documents on a file server rather than on their workstations. This results in users beingness able to easily admission their files on any machine.

This guide will show you lot how to securely configure folder redirection. This configuration will ensure that users only have access to their own folders.

Create Share

Create a share with the post-obit settings:

• Folder Name:RedirectedFolders
• Sharing permissions
  • Everyone - Full Control
  • Authenticated Users - Full Command

    

• NTFS Folder Security permissions
  • This script volition set the permissions for you
  • CREATOR OWNER - Full Control(Utilize onto: Subfolders and Files But)
  • System - Full Command (Apply onto: This Binder, Subfolders and Files)
  • Domain Admins - Full Control(Apply onto: This Folder, Subfolders and Files)
  • ACL_ RedirectedFolders_FullControl  - Full Control (Utilize onto: This Folder, Subfolders and Files)
  • (Optional) creating this group will allow y'all(or your helpdesk) to access all of the users' documentswithout getting the UAC prompt which adds an explicit permission on folders.

    

  • Domain Users (Utilise onto: This Binder Only)
    • Create Folder/Suspend Data
    • List Folder/Read Information
    • Read Attributes
    • Traverse Folder/Execute File
    • Read permissions

      

      

Create GPO

1. Create a GPO called Folder Redirection
1. Figurer Configuration/Organisation/Group Policy/Configure folder redirection policy processing
1. Enabled
2. Process even if the Grouping Policy objects have not changed
3. This will ensure that the redirection is ever going to the correct location. Information technology also very useful when you are changing the path from one server to another.
2. User Configuration/Windows Settings/Binder Redirection
   1. Redirect the following folders:
      1. Desktop
      2. Documents
      3. Pictures
      4. Favorites
      5. Downloads
         1. Bones - Redirect everyone's folder to the same location
         2. Create a folder for each user nether the root path

            

         3. Disable "Grant the user exclusive rights to X"
         4. Enable "Movement contents of Desktop to the new location "

            

2. Apply GPOs to OUs

References

Pop posts from this blog

All-time Practices for Deploying User Contour Disks

Last Updated 2020-01-03 After months of testing I recommend deploying FSLogix Profile Containers instead of User Profile Disks. You can find my guide hither . Some of the items beneath employ to FSL Contour Containers.  User Profile Disks (UPDs) are great for load balanced RDS farms since it allows users to seamlessly roam from server to server. The goal of this article will be to configure the RDS and file servers in a way that maximizes functioning and reduces the likelihood of UPD disconnects. I'll keep this updated any time I find new improvements. Utilize FSLogix Before you even consider deploying UPDs you lot need to be aware of  this limitation . On Server 2012 and 2016 (Server 2019 does non have this consequence,  merely information technology doesn't support Part ) the Windows Search index is machine wide. This means that when a UPD is disconnected the user'due south index data is deleted. The effect is that the next fourth dimension the user logs into the RDS and opens Outlook their search index volition demand to rebui

FSLogix Troubleshooting guide

This article will comprehend some common bug I have ran into, and steps on how to resolve them. The guide should be followed  in order  since most of the advanced items are normally not the cause of a problem. If you just set up FSLogix, make certain that you followed every step under  Deploying FSLogix Function 365 Containers  and  Deploying FSLogix Profile Containers Terminology ODFC = Function Information File Containers This is there Office (Outlook, Teams, Licensing) data is stored This tin be used in conjunction with UPDs FSL Profiles Replacement for UPDs User profiles are stored here (Office data is stored in the ODFC) Cannot  be used in conjunction with UPDs Non-Bug The items below should be ignored when troubleshooting Local_ files under C:\Users If FSLogix profiles are enabled, these folders can exist ignored. They will be deleted the next fourth dimension the user signs in. Basic Checks Before troubleshooting whatsoever specific items you need to verify that all of th

Deploying FSLogix Office 365 Containers

Updated 2020-04-27 This search portion of this guide does not apply to Server 2019 since it  should roam the Windows search out of the box . However, y'all can still configure FSLogix to store Function 365 data.  In my experience it is best to avoid mixing FSLogix and UPDs. My recommendation is to get with FSLogix Profiles and FSLogix ODFC. If you take dealt with User Profile Disks and Office 365 so y'all might know about the bug with search indexing. Every time a user signs out of the RDS their alphabetize is cleared and information technology has to exist rebuilt the next time they sign in. The index volition never fully rebuild once you lot accept v+ users on the server since it throttles itself. Recently I discovered FSLogix which resolves this issue with minimal configuration. FSLogix creates its ain UPD that it uses to store Outlook, OneDrive, and search index data. It then tricks Windows into thinking that it is stored on the local automobile rather than on a UPD. The result is the index working immediately for al

roarkburperear.blogspot.com

Source: https://www.amorales.org/2019/03/folder-redirection-permissions-and-gpo.html

Share this post