Issue
Applying folder redirection to Documents and other folders fails when Group Policy is trying to automatically create required folders. Following error is logged in Application Logs on client PCs:
Event ID: 502
Level: Error
Description: Failed to apply policy and redirect folder “Documents” to “\\Server-Name\Redirected\user.name\Documents”. Redirection options=0x1021.
The following error occurred: “Can not create folder “\\Server-Name\Redirected\user.name\Documents””.
Error details: “Access is denied.”.
As the error explains, this is permission issue. If user’s folder on the server is created manually by an administrator everything works fine.
Redirected folder share and NTFS permissions were setup as per following Microsoft article:
https://blogs.technet.microsoft.com/askds/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders/
Resolution
The issue was caused by missing Create Folder/Append Data NTFS permission for Everyone Group that is not mentioned in the above article.
Here is the full list of permissions that had to be setup for automatic redirected folder creation to work correctly (permissions needs to be applied to redirected folder root, i.e. \\Server-Name\Redirected):
- Share
- Everyone
- Full Control
- Everyone
- NTFS
- Administrators (This folder, subfolders and files)
- Full Control
- SYSTEM (This folder, subfolders and files)
- Full Control
- CREATOR OWNER (Subfolders and files only)
- Full Control
- Everyone (This folder only)
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Read Extended Attributes
- Create Folder/Append Data
- Read Permissions
- Administrators (This folder, subfolders and files)
Windows Server 2008
Windows 7 Pro
Leave a Reply