Fixing Permissions on Home Drive Folders

Last week I found that a lot of our users offline files were not syncing to their laptops. After testing multiple laptops, with multiple users, I was getting mixed results of “Access Denied” and “Unable to sync at this time.” Bringing Powershell to the rescue by fixing user permission on home drive.

All laptops are running Windows 8.1, and are fully patched and up to date.

“Access Denied” obviously points to a permission issue but as far as i could see the security groups had full access to the root level, and all sub folders. When looking at some of the “sub folders” I noticed that permissions were being inherited, but those inheritances were not present at the level above. So I decided that i need to wipe out all of the user permission from a root level, and start from scratch.

On the server, (I use DFS so that when files move servers over the years through upgrades etc, the paths do not change.) all permissions were removed from the “users$” folder, and replaced all child objects to inherit permissions from this folder.

Advanced Security settings

My folder structure looks like this:

Folder Structure

The user folder is shared as “user$” so it is a hidden share, then admin staff have their folders under admin, staff under staff and pupils under their intake year.

Once the permissions had propagated to the sub folders I searched the internet and found the script below. (A link to the original script on the spiceworks community page is also below) This script helped me reset the file permissions on the users folders as each of the user folders had the same name as the username.

The script requires that you update two fields: “$homeDriveDir” & “$domainName” and that user running the script has full control over the files/folders that are having the permissions altered. (i.e. is a member of the administrators group”) I ran the script from my own computer rather than the server, and edited it for each of the folders, (Admin, Staff, and then each of the pupil intake folders.) File paths were changed to “\\dfspath\users$\curric\staff” “\\dfspath\users$\curric\pupils\2010” “\\dfspath\users$\admin”

Then let the script work its magic.

Minimum offline file share permissions can be found in the Microsoft article here.

In the example they used has all user folders under the top share and this wasn’t deep enough for me. I applied the same security permissions i.e. “admin users” and “staff users” to the folders “admin”, “curric/staff” as well as both to the users folder (referred to as “Security group of users that need permissions” on the Microsoft article).

After a couple of days of testing offline files for all my staff now seems to be working OK and other than the occasional “a file was changed while you were offline” conflict everything seems to be working OK.

I do not claim the script below as my own work. I simply added the “-path” and “-aclobject” arguments to fix an error that kept occouring. The original Script can be found here

 

Leave a Reply

Your email address will not be published. Required fields are marked *