|
Posted by NLI on November 9, 2005, 10:45 am
Please log in for more thread options
We have an interesting problem with one of our clients.
The client uses folder redirection for their "my documents" and offline
folders to keep a local copy of their files on their PC's.
The studens use a wireless network, and could get disconnected a couple of
time during the day, which will invoke the "offline file" mode.
The problem is we have given them read-only access to the "my documents"
folder and that works perfectly fine while they have a live connection, but
once they're diconnected (due to wireless issues), they would be able to
actually create files and delete file from their "my documents".
What makes this a big problem, is that when the connection is
re-established, the synchronization fails because the system will give
"access denied" to the files they already placed in that folder and
basically they won't be able to use that folder until the Admin logs an and
manually deletes the files they created. Very non-productive.
It seems to me like a design flow? Why aren't the permissions kept in place
even when they're disconnected?
|
|
Posted by Steven L Umbach on November 9, 2005, 10:54 pm
Please log in for more thread options
I am no expert on using offline files but usually users have full control to
their my documents folders, or at least read/list/write/modify, and the
read only restriction would be an unusual situation. In such a situation it
probably would be best to disable
offline files or at least for the my documents folder. --- Steve
show/hide quoted text
> We have an interesting problem with one of our clients.
> The client uses folder redirection for their "my documents" and offline
> folders to keep a local copy of their files on their PC's.
> The studens use a wireless network, and could get disconnected a couple of
> time during the day, which will invoke the "offline file" mode.
> The problem is we have given them read-only access to the "my documents"
> folder and that works perfectly fine while they have a live connection,
> but once they're diconnected (due to wireless issues), they would be able
> to actually create files and delete file from their "my documents".
> What makes this a big problem, is that when the connection is
> re-established, the synchronization fails because the system will give
> "access denied" to the files they already placed in that folder and
> basically they won't be able to use that folder until the Admin logs an
> and manually deletes the files they created. Very non-productive.
> It seems to me like a design flow? Why aren't the permissions kept in
> place even when they're disconnected?
>
|
|
Posted by NLI on November 10, 2005, 11:06 pm
Please log in for more thread options The "my documents" folder is a redirected folder, so it resides primarily on
the server, but has an offline copy on the user's desktop. Permissions are
applied on the server.
show/hide quoted text
>I am no expert on using offline files but usually users have full control
>to their my documents folders, or at least read/list/write/modify, and the
> read only restriction would be an unusual situation. In such a situation
> it probably would be best to disable
> offline files or at least for the my documents folder. --- Steve
>> We have an interesting problem with one of our clients.
>> The client uses folder redirection for their "my documents" and offline
>> folders to keep a local copy of their files on their PC's.
>> The studens use a wireless network, and could get disconnected a couple
>> of time during the day, which will invoke the "offline file" mode.
>> The problem is we have given them read-only access to the "my documents"
>> folder and that works perfectly fine while they have a live connection,
>> but once they're diconnected (due to wireless issues), they would be able
>> to actually create files and delete file from their "my documents".
>> What makes this a big problem, is that when the connection is
>> re-established, the synchronization fails because the system will give
>> "access denied" to the files they already placed in that folder and
>> basically they won't be able to use that folder until the Admin logs an
>> and manually deletes the files they created. Very non-productive.
>> It seems to me like a design flow? Why aren't the permissions kept in
>> place even when they're disconnected?
>
|
|
Posted by Steven L Umbach on November 10, 2005, 11:49 pm
Please log in for more thread options According to the info from Microsoft in the link below for redirected
folders to work correctly the user needs to have full control to the folder
on the server and be the owner. --- Steve
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/user01.mspx
Security Considerations when Configuring Folder Redirection
Table 14 NTFS Permissions for Each Users Redirected Folder
User Account Default Permissions Minimum permissions required
%Username%
Full Control, Owner Of Folder
Full Control, Owner Of Folder
Local System
Full Control
Full Control
Administrators
No Permissions
No Permissions
Everyone
No Permissions
No Permissions
show/hide quoted text
> The "my documents" folder is a redirected folder, so it resides primarily
> on the server, but has an offline copy on the user's desktop. Permissions
> are applied on the server.
>>I am no expert on using offline files but usually users have full control
>>to their my documents folders, or at least read/list/write/modify, and the
>> read only restriction would be an unusual situation. In such a situation
>> it probably would be best to disable
>> offline files or at least for the my documents folder. --- Steve
>>> We have an interesting problem with one of our clients.
>>> The client uses folder redirection for their "my documents" and offline
>>> folders to keep a local copy of their files on their PC's.
>>> The studens use a wireless network, and could get disconnected a couple
>>> of time during the day, which will invoke the "offline file" mode.
>>> The problem is we have given them read-only access to the "my documents"
>>> folder and that works perfectly fine while they have a live connection,
>>> but once they're diconnected (due to wireless issues), they would be
>>> able to actually create files and delete file from their "my documents".
>>> What makes this a big problem, is that when the connection is
>>> re-established, the synchronization fails because the system will give
>>> "access denied" to the files they already placed in that folder and
>>> basically they won't be able to use that folder until the Admin logs an
>>> and manually deletes the files they created. Very non-productive.
>>> It seems to me like a design flow? Why aren't the permissions kept in
>>> place even when they're disconnected?
>
|
| Similar Threads | Posted | | Folder redirection | September 15, 2008, 3:28 am |
| Kerberos logon to Terminal Server prevents folder redirection | May 26, 2009, 1:28 pm |
| How to set this Folder security | October 5, 2006, 8:25 pm |
| Folder Security | November 17, 2006, 6:34 am |
| Folder security question | February 10, 2006, 11:58 am |
| Folder security problem | April 6, 2006, 1:27 am |
| Security on Tasks Folder | April 24, 2006, 11:23 am |
| Folder and Files Security | October 3, 2006, 1:46 pm |
| Folder Security Issue | November 1, 2007, 10:53 am |
| File security in a folder | June 11, 2009, 2:43 pm |
|
XML Sitemap
> The client uses folder redirection for their "my documents" and offline
> folders to keep a local copy of their files on their PC's.
> The studens use a wireless network, and could get disconnected a couple of
> time during the day, which will invoke the "offline file" mode.
> The problem is we have given them read-only access to the "my documents"
> folder and that works perfectly fine while they have a live connection,
> but once they're diconnected (due to wireless issues), they would be able
> to actually create files and delete file from their "my documents".
> What makes this a big problem, is that when the connection is
> re-established, the synchronization fails because the system will give
> "access denied" to the files they already placed in that folder and
> basically they won't be able to use that folder until the Admin logs an
> and manually deletes the files they created. Very non-productive.
> It seems to me like a design flow? Why aren't the permissions kept in
> place even when they're disconnected?
>