Make folder private through Group Policy

GoldmemberGoldmember Member Posts: 277
We have a user profile with the My Documents folder with the contents being stored on a networked drive running Server 2003.

We are trying to make everybody users "My Documents" folder private where not even the administrators on the server where the data is stored can view the documents.

Is this possible through AD group policy?

How about if I mark the folder as private on the client side, will this translate over to the MS Server if an administrator logs onto the server and tries to view the files??



Please help


Thanks
CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    If you configure folder redirection in a GPO and have it automatically create the folders, you will have what (I believe) you're looking for. If you manually created the folders in advance, you're going to have to set the permissions manually.
    Technet wrote:
    Folder Redirection permissions
    This is an advanced topic. If you let Folder Redirection create folders for you, which is the recommended procedure, correct permissions are set automatically. Usually, knowledge of these permissions is not necessary.

    http://technet2.microsoft.com/windowsserver/en/library/a1b7ce04-708b-4145-830a-cadfc003acd31033.mspx?mfr=true
  • SWMSWM Member Posts: 287
    What prevents an Administrator from then "taking ownership" of the folder at a later date ??
    Isn't Bill such a Great Guy!!!!
  • famosbrownfamosbrown Member Posts: 637
    SWM wrote:
    What prevents an Administrator from then "taking ownership" of the folder at a later date ??

    And they should be able to just in case the employee leaves or the company needs something that the employee has without their permission...if it's sitting on company equipment, it's company property.
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • GoldmemberGoldmember Member Posts: 277
    That link talks about the Local System account.

    Anybody familiar or have information about the Local System account.

    I found some information by googling, but nothing which made life simpler.

    Thanks
    CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
  • famosbrownfamosbrown Member Posts: 637
    Goldmember wrote:
    That link talks about the Local System account.

    Anybody familiar or have information about the Local System account.

    I found some information by googling, but nothing which made life simpler.

    Thanks


    Didn't look at the link, but what do you need to know about it.

    I look at the account like this...it's a user/service account used by the Operating System to get certain stuff done. Check out your services and look at all of the services being ran with this account. Have you ever installed an enterprise application that needed a domain user account or an account with certian privileges for the application to work? Kind of the same principal as the Local System Account.
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • Gav0Gav0 Member Posts: 27 ■□□□□□□□□□
    We are trying to make everybody users "My Documents" folder private where not even the administrators on the server where the data is stored can view the documents.


    Have you considered using EFS? you could create a DRA key and limit emergency access to 'an administrator' as opposed to 'all administrators'
    Gav0
  • wedge1988wedge1988 Member Posts: 434 ■■■□□□□□□□
    Consider using CALCS commandline utility to mass change the permissions. Test it first obviously!

    http://www.ss64.com/nt/cacls.html
    http://www.ss64.com/nt/xcalcs.html
    ~ wedge1988 ~ IdioT Certified~
    MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
Sign In or Register to comment.