MSFN Forum: Wrong access rights for moved user shell folders - MSFN Forum

Jump to content



Unattended CD/DVD Guide Homepage · MSFN Forum Rules
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Wrong access rights for moved user shell folders Rate Topic: -----

#1 User is offline   xpman 

  • Newbie
  • Group: Members
  • Posts: 41
  • Joined: 06-October 03

Posted 02 August 2005 - 03:01 AM

I successfully move the My Documents folder for each user to a specific directory by importing a REG_EXPAND_SZ value at T-12 as described in this post:
http://www.msfn.org/board/index.php?showto...7339&hl=cusrmgr

At the end of that post, an ACL problem is mentioned when reinstalling Windows because new user IDs are generated. Other posts I've read seem to content themselves with moving folders and do not even mention any ACL problems.



However, I do not even get that far. The folders that are created provide full access to the Everybody group and to that group alone. The corresponding user isn't even listed. This happens, although the folders
- are residing on an NTFS drive
- are being created by Windows itself during the first logon of each user (so Windows should know which user it creates the folder for and hence be able to set the access rights properly)

In addition, it would of course be nice to know how to get rid of the "ghost" user IDs during a reinstall, but for now I would be happy if anybody could help me with my current problem.

Every user being able to manupulate every other user's files is of course inacceptable. I wonder why Microsoft enables custom placements of these folders without setting the access rights accordingly. For any serious application this is unusable - but then again, you'd probably use a domain and a server hosted profile anyway for a "serious" application.

One thing I could imagine to be the reason is that access rights are inherited from the parent folder, i.e. the profiles directory. So if I move My Documents, there is no folder there to inherit the rights from. Again: Where's the sense in being able to move the folder then? I am not familiar enough with ACLs to verify this hypothesis, but I thought I'd still mention it.

#2 User is offline   Yzöwl 

  • Wise Owl
  • Group: Super Moderator
  • Posts: 4,195
  • Joined: 13-October 04
  • OS:Windows 7 x64

Posted 02 August 2005 - 04:05 AM

If you move your folders to a different drive, i.e. D:\%USERNAME%\My Documents, they inherit the settings of the drive, [D:], as their parent folder.
The only way to prevent other users from accessing others folders without changing the permissions is to make them all 'Limited Users'.

It's all a bit of a mess really!

Best solution I've found to date is to ensure that the redirected folders are on FAT32 drives/partitions and don't have multiple users…

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users



All trademarks mentioned on this page are the property of their respective owners
Copyright © 2001 - 2011 msfn.org
Privacy Policy