Create security enhanced redirected folders
To make sure that only the user and the domain administrators have permissions to open a particular redirected folder, do the following:
1) Select a location in your environment where you would like to store Folder Redirection, and then share the selected folder. In this example, FLDREDIR is used.
2) Set Share Permissions for the Everyone group to Full Control.
3) Use the following settings for NTFS Permissions:
4) CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
5) System – Full Control (Apply onto: This Folder, Subfolders and Files)
6) Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
7) Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
8.) Everyone – List Folder/Read Data (Apply onto: This Folder Only)
9) Everyone – Read Attributes (Apply onto: This Folder Only)
10) Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
Use a path similar to \\server\FLDREDIR\username to create a folder under the shared folder, FLDREDIR.
Because the Everyone group has the Create Folder/Append Data right, the group members have the proper permissions to create the folder; however, the members are not able to read the data afterwards. The Username group is the name of the user that was logged on when you created the folder. Because the folder is a child of the parent folder, it inherits the permissions that you assigned to FLDREDIR. Also, because the user is creating the folder, the user gains full control of the folder because of the Creator Owner Permission setting.
More at Microsoft
One thought on “Create security enhanced redirected folders”