For folder redirection to work properly, the destination shared folder NTFS and Share Permissions must be properly configured. If redirecting a folder to a location that the end user should not change, i.e. the Start Menu or Locked Down Desktop the following permissions should be applied:
- Share Permissions:
- Everyone – Full Control
- Administrators – Full Control
- System – Full Control
- NTFS Permissions:
- Everyone – Read and Execute
- Administrators – Full Control
- System – Full Control
If Group Policy is configured to redirect to a location where the GPO will automatically create the destination folder, i.e. user’s individual Application Data, Desktop or My Documents folders the following permissions should be applied to the parent folder:
- Share Permissions:
- Everyone – Full Control
- Administrators – Full Control
- System – Full Control
- NTFS Permissions:
- Everyone – Create Folder/Append Data (This Folder Only)
- Everyone – List Folder/Read Data (This Folder Only)
- Everyone – Read Attributes (This Folder Only)
- Everyone – Traverse Folder/Execute File (This Folder Only)
- CREATOR OWNER – Full Control (Subfolders and Files Only)
- System – Full Control (This Folder, Subfolders and Files)
- Domain Admins – Full Control (This Folder, Subfolders and Files)
It’s important to note that when redirecting folders such as My Documents to a location that already exists, i.e. the User’s Home Folder there is another setting to consider, ownership. If the user is not the owner of the destination directory, folder redirection will fail with the default Folder Redirection settings. When this is the case, one must deselect “Grant the user exclusive rights to My Documents”