Folder Redirection Fails. Event ID 502 - Access is denied

Issue

Applying folder redirection to Documents and other folders fails when Group Policy is trying to automatically create required folders. Following error is logged in Application Logs on client PCs:

Event ID: 502
Level: Error
Description: Failed to apply policy and redirect folder "Documents" to "\\Server-Name\Redirected\user.name\Documents". Redirection options=0x1021.
The following error occurred: "Can not create folder "\\Server-Name\Redirected\user.name\Documents"".
Error details: "Access is denied.".

As the error explains, this is permission issue. If user's folder on the server is created manually by an administrator everything works fine.

Redirected folder share and NTFS permissions were setup as per following Microsoft article:
https://blogs.technet.microsoft.com/askds/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders/

Resolution

The issue was caused by missing Create Folder/Append Data NTFS permission for Everyone Group that is not mentioned in the above article.

Here is the full list of permissions that had to be setup for automatic redirected folder creation to work correctly (permissions needs to be applied to redirected folder root, i.e. \\Server-Name\Redirected):

  • Share
    • Everyone
      • Full Control
  • NTFS
    • Administrators (This folder, subfolders and files)
      • Full Control
    • SYSTEM (This folder, subfolders and files)
      • Full Control
    • CREATOR OWNER (Subfolders and files only)
      • Full Control
    • Everyone (This folder only)
      • Traverse Folder/Execute File
      • List Folder/Read Data
      • Read Attributes
      • Read Extended Attributes
      • Create Folder/Append Data
      • Read Permissions

Windows Server 2008
Windows 7 Pro

 

 

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait