[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 03/12/2019 22:21, mr meowski wrote:
No. "Authenticated Users". "Domain Users" too though. Both with the same rights. It's been suggested online to include both in the permissions for the share.On 03/12/2019 21:51, Martin Gautier wrote:Most suggest adding "Authenticated Users" to the share permissions - which I've done."Domain Users" you mean? Do they have permissions to create the shared folders themselves, which they'll need? Are you trying to create roaming directories or just map an arbitrary network share to each AD client? Off all things to debug this is probably one of the least easy because there are a million things to check and by it's very nature a lot of it isn't suitable to post publicly. Try with a Domain Admin account rather than a User. Also how are you doing the AD admin side of things? RSAT on a Win10 client? _So many_ things to check...
Yes, I'm using RSAT on a domain member client.I'm mapping O: to a public share and M: to a users (private) share \\SERVER\users\username
Folder redirection is set in the GPO to \\SERVER\users\username as a base with the client creating the necessary directories on login - using the GPO editor's dropdown options. (that's a good point. I'll try changing that to specific defined folders in the GPO and creating the necessary folders for the user on the server today - setting the user's permissions using "smbcacls -C")
\\SERVER\users\username\Appdata is the key folder I want to redirect so users can jump on any machine and get the same settings (Firefox & Thunderbird profiles)
The administrator account on my testbed has a working profile. But that's been arrived at after multiple reboots and logins and permissions fiddling. But it proves the GPO is set correctly and the problem is related to normal user permissions.
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq