Create security-enhanced redirected folders for Server 2022/2019/2016/2012(r2)/2008(r2)/2003(r2)
To make sure that only the user and the domain administrators have permission to open a particular redirected folder, do the following:
- Select a central location in your environment where you would like to store Folder Redirection, and then share this folder. In this example, ‘Redirected Folders’ is used.
- Set Share Permissions for the Domain Users group to Full Control.
- Disable File Security Inheritance and ‘Convert’ permissions.
- Use the following settings for NTFS Permissions:
- CREATOR OWNER – Full Control (Apply onto: This Folder, Subfolders and Files
- System – Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Users – Create Folder/Append Data (Apply onto: This Folder Only)
- Domain Users – List Folder/Read Data (Apply onto: This Folder Only)
- Domain Users – Read Attributes (Apply onto: This Folder Only)
- Domain Users – Traverse Folder/Execute File (Apply onto: This Folder Only)
-
Configure Folder Redirection Policy within Group Policy as:
a) Set a Basic redirection to some things like \\server\Redirected Folders\%username% to create a folder under the shared folder, Redirected Folders.
b) Click on Settings and disable the option: “Grant the user exclusive rights to BlaBlaBla”