Folder Permissions on Library’s
August 7th, 2013
To get around this I have setup a PowerShell login script that will make a folder on a shared drive for the user, set permissions and then map it to the computer.
Now I want to force people to use this share instead of using there local documents and encourage people to copy there local documents over to the share at a ‘convenient’ time for them.
To do this I wanted to change the permissions on the following folders, Documents, Music, Pictures, Videos to read only.
icacls %userprofile%\documents /inheritance:r /t /c /q
icacls %userprofile%\documents /grant %username%:(RX) /t /c /q
It appears to work on Documents but I get access denied on the rest, I cant see why I am getting access denied and have tried this while logged in as an administrator.
Any ideas how I can make there folders read only?
Az
Are you running icacls on the server with the shared folders or on the clients?
As an aside, in my experience I’ve found it much more convenient to use my documents redirection. Do it for a limited number of users at a time, possibly a site at a time until caught up. Otherwise you’re going to have users that never move all of their documents and are going to be upset when their hdd dies and you can’t restore their every important files.
Also, if using Win7 and Server 2008 for all of the workstations, branch cache may come in handy. Not sure if this would help for your given situation, but I know on DSL connections, the local cache is extremely helpful.
To be honest if the network speeds aren’t that great this is by far from the best solution you could have. I suggest running a backup script on the server that incrementally syncs the documents folders on the workstations once a day preferably at a time when they don’t use their stations. You should really get a better network though. Stuff like Ubiquiti Nanobridges are cheap.
You could do something like this as a login script via group policy to replace the windows 7 library locations with your shared folders instead of the defaults
copy "\\WarezServer\Windows\ShLib.exe" "%windir%\System32\ShLib.exe"
ShLib add "%AppData%\Microsoft\Windows\Libraries\Videos.library-ms" "\\WarezServer\Movies"
ShLib add "%AppData%\Microsoft\Windows\Libraries\Music.library-ms" "\\WarezServer\Music"
ShLib.exe is from the 7 development kit
Thanks for the replies.
I have pushed to use re-directed folders for a while now, but due to legacy set up before my time it has made it a near impossible task.
We have a good VPN network with a solid leased line at the head office but the other offices around the country vary on the connection speeds and its these select few that made it hard work, No one took any consideration or thought when setting up AD and it is not separated out so we cant do it one site at a time.
I felt the way I wanted to do it was the best of a bad situation, after x months we will get rid of the documents, pictures etc and just have this shared drive, I dont really care if people do not copy there stuff off and moan about it if the order comes from high above it does not fall on us to make sure they do it, we just need to give them a new place to save stuff which we are doing.
This Library thing is causing me problems wish it was all as simple as XP!
Az