Make folder private through Group Policy
Goldmember
Member Posts: 277
We have a user profile with the My Documents folder with the contents being stored on a networked drive running Server 2003.
We are trying to make everybody users "My Documents" folder private where not even the administrators on the server where the data is stored can view the documents.
Is this possible through AD group policy?
How about if I mark the folder as private on the client side, will this translate over to the MS Server if an administrator logs onto the server and tries to view the files??
Please help
Thanks
We are trying to make everybody users "My Documents" folder private where not even the administrators on the server where the data is stored can view the documents.
Is this possible through AD group policy?
How about if I mark the folder as private on the client side, will this translate over to the MS Server if an administrator logs onto the server and tries to view the files??
Please help
Thanks
CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□If you configure folder redirection in a GPO and have it automatically create the folders, you will have what (I believe) you're looking for. If you manually created the folders in advance, you're going to have to set the permissions manually.Technet wrote:Folder Redirection permissions
This is an advanced topic. If you let Folder Redirection create folders for you, which is the recommended procedure, correct permissions are set automatically. Usually, knowledge of these permissions is not necessary.
http://technet2.microsoft.com/windowsserver/en/library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true -
SWM Member Posts: 287What prevents an Administrator from then "taking ownership" of the folder at a later date ??Isn't Bill such a Great Guy!!!!
-
famosbrown Member Posts: 637SWM wrote:What prevents an Administrator from then "taking ownership" of the folder at a later date ??
And they should be able to just in case the employee leaves or the company needs something that the employee has without their permission...if it's sitting on company equipment, it's company property.B.S.B.A. (Management Information Systems)
M.B.A. (Technology Management) -
Goldmember Member Posts: 277That link talks about the Local System account.
Anybody familiar or have information about the Local System account.
I found some information by googling, but nothing which made life simpler.
ThanksCCNA, A+. MCP(70-270. 70-290), Dell SoftSkills -
famosbrown Member Posts: 637Goldmember wrote:That link talks about the Local System account.
Anybody familiar or have information about the Local System account.
I found some information by googling, but nothing which made life simpler.
Thanks
Didn't look at the link, but what do you need to know about it.
I look at the account like this...it's a user/service account used by the Operating System to get certain stuff done. Check out your services and look at all of the services being ran with this account. Have you ever installed an enterprise application that needed a domain user account or an account with certian privileges for the application to work? Kind of the same principal as the Local System Account.B.S.B.A. (Management Information Systems)
M.B.A. (Technology Management) -
Gav0 Member Posts: 27 ■□□□□□□□□□We are trying to make everybody users "My Documents" folder private where not even the administrators on the server where the data is stored can view the documents.
Have you considered using EFS? you could create a DRA key and limit emergency access to 'an administrator' as opposed to 'all administrators'Gav0 -
wedge1988 Member Posts: 434 ■■■□□□□□□□Consider using CALCS commandline utility to mass change the permissions. Test it first obviously!
http://www.ss64.com/nt/cacls.html
http://www.ss64.com/nt/xcalcs.html~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese