Server 2016: Problem with permissions and folder redirection

van der Zwaan VOF 121 Reputation points
2021-03-03T14:18:05.343+00:00

Hello everyone,

On a Windows 2016 server I have the following issue:

I have a group called "TS-Users". These users login remotely on the server.
This group is also defined within the Folder Redirection GPO. This group also has complete rights over a all folders within a share, lets say data\folder1, data\folder2 and data\folder03
The group itself is defined within the security tabs of those folders.

Now the problem is as following. Some of the users within the group "TS-Users" don't need permission anymore to data\folder2 and data\folder3, but only to data\folder1.

What I did: I created a second group, lets say "TS-Users2", which contain the users that don't need permission anymore to folder2 and folder3.
I deleted the users within "TS-Users" and added them to "TS-Users2". I also addedd "TS-Users2" to the folder redirection GPO. TS-Users has been set on folder1, folder 2 and folder3, TS-Users2 has been set only on folder1. So far, so good.

But when I login with a user that isn't assigned anymore to "TS-Users" but to "Ts-Users2, the folder redirection is broken. I updated (forced) the gpo, but it stays broken. When I add the deleted users from "TS-Users" back to "TS-Users", it works again. For some reason, "TS-Users2" isn't reconized as a group that's linked to the folder redirection, but it has been set.

So in a nutshell:

  • Group TS-Users -> permissons on all folders within a share
  • Group TS-Users2 -> permission to only one folder
  • Both groups are set in the folder redirection GPO
  • All users within TS-Users, who are loggin in, the folder redirection works
  • All users within TS-Users2 (moved from TS-Users), who are loggin in, the folder redirection is broken
  • When the users are added back within TS-Users, it works again.

What am I missing here?
I apologize for my bad English and possible explenation, I hope you are all getting what I mean :))

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,920 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,331 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carl Fan 6,836 Reputation points
    2021-03-04T09:36:12.47+00:00

    Hi,
    Based on my search, some information below:
    1.) If the problem is with a user on any computer, it's probably a folder permissions or owner issue. The USER needs to be the OWNER of the redirected folder, sub folders and files.
    2.) If the problem is for a user only on a certain computer, there's a good chance the offline cache is corrupt. Easy way to test is to Disable Offline Files. If you disable offline files and redirection works fine, then clear the offline cache.
    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters
    Value name: FormatDatabase
    Value type: DWORD
    Value data: 1
    3.) If the problem is for all users, check your folder permissions and ownership and check your GPO, where it's applied.
    Also I consider that you could try to delete the misbehaving user profile from that machine and have the user log in fresh to check.
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. van der Zwaan VOF 121 Reputation points
    2021-03-04T10:36:20.58+00:00

    HI Carl,

    Thank you for your answer.
    I will check and will try this out as soon as possible. Of course I will post the outcome on here :))

    Beste regards,
    Willem

    0 comments No comments

  2. van der Zwaan VOF 121 Reputation points
    2021-03-04T13:58:04.377+00:00

    Hi Carl,

    Just to let you know, thanks to you I discovered what I was missing.
    The folder "folder redirection" didn't have the new group linked when it comes to permissions. After adding this group, it all worked perfectly.

    Thank you so much for your help!

    0 comments No comments