TommyLong
Fri Jun 27 02:38:02 PDT 2008
I will e-mail you in a few minutes with all the evidence and such I can think
of.
Thankyou in advance
--
-------------------------------
Please respond to my posts via the newsgroup as the e-mail provided is not
monitored.
"Guozhen Wang[MSFT]" wrote:
> Hello Tommy,
>
> Thank you for your post and thanks for Jason and Cliff's reply.
> My name is Gary Wang, and it is my pleasure to work with you on this issue!
> Please allow me to confirm that my understandings are correct. As I
> understand it, the issue is:
>
> After applied Folder Redirection GPO, you are failed to open executable
> shortcut with the following error:
>
> "C:\Program Files....iexplore.exe"
> "Windows cannot access the specified device, path, or file. You may not
> have the appropriate permissions to access the item"
>
> If I have misunderstood your concerns please feel free to let me know.
>
> Suggestion :
> ==============
> Based on my search, this issue can occurs if you install the Inetres.adm
> file that is included with Windows Internet Explorer 7. Because the "URL
> action" behavior of the Local Machine zone is changed in Internet Explorer
> 7.
>
> Note: The term "URL action" refers to security settings that control
> certain rights. These rights are granted to content that is running in the
> Local Machine zone.
>
> To work around this problem, follow these steps on the SBS server:
>
> Method 1: Add the UNC path of the network location to the Trusted sites
> zone of Windows Internet Explorer 7
>
> To add the UNC path of a network location to the Trusted sites zone, follow
> these steps:
>
> 1. Close all active Windows Internet Explorer 7 windows.
> 2. Start Windows Internet Explorer 7.
> 3. On the Tools menu, click Internet Options.
> 4. In the Internet Options dialog box, click the Security tab.
> 5. On the Security tab, under Select a zone to view or change security
> settings, click Trusted sites, and then click Sites.
> 6. In the Add this website to the zone box, type the UNC path of the
> network location, and then click Add. For example, type \\Server\Share.
>
> Note In this example, Server represents the NetBIOS name of the server.
> Share represents the shared folder where the file is located.
>
> 7. Click Close, and then click OK to close the Internet Options dialog box.
>
> Back to the top
>
> Method 2: Disable the Internet Explorer Enhanced Security Configuration
> setting
>
> To disable the Internet Explorer Enhanced Security Configuration setting,
> follow these steps:
>
> 1. Click Start, click Run, type appwiz.cpl, and then click OK.
> 2. In the Add or Remove Programs dialog box, click Add/Remove Windows
> Components, click Internet Explorer Enhanced Security Configuration, and
> then click Details.
> 3. In the Internet Explorer Enhanced Security Configuration dialog box,
> click to clear the For administrator groups check box and the For all other
> user groups options check box, and then click OK.
> 4. Click Next to disable the Internet Explorer Enhanced Security
> Configuration setting.
>
> Method 3: Edit Inetres.adm
>
> 1. Make a copy of C:\Windows\inf\Inetres.adm, named it to Inetresadm.old.
> You may need this file for restore if there are any exception happens.
> 2. Open the C:\Windows\inf\Inetres.adm file with notepad.
> 3. Delete all lines in the Inetres.adm file that contain the number 1806.
>
> For example, delete the following lines:
>
> VALUENAME "1806" VALUE NUMERIC 1
> VALUENAME "1806" VALUE DELETE
>
> Hope it helps.
>
> If we cannot resolve the issue after we perform the above steps, please
> help me collect some information for further investigation:
>
> Information Need
> ==============
> 1. Check event viewer for related information, please help save it to *.evt
> and send to me.
> 2. Please help to capture a screenshot of the exact symptom when the error
> occurs, save it to *.jpg files and send to me.
>
> My email address is v-gzwang@microsoft.com
>
> I look forward to your reply. Also, if you have any questions or concerns,
> please do not hesitate to let me know. I am happy to help. :-)
>
> Thank you for your time and cooperation!
>
> Best regards,
>
> Gary Wang(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
>
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check
http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | From: "Cliff Galiher" <cgaliher@gmail.com>
> | References: <CA04DF0C-1A4C-4749-8444-7F5C14022072@microsoft.com>
> | In-Reply-To: <CA04DF0C-1A4C-4749-8444-7F5C14022072@microsoft.com>
> | Subject: Re: GPO Folder Redirect causing Permissions Error
> | Date: Thu, 26 Jun 2008 10:34:31 -0600
> | Lines: 63
> | Message-ID: <11A15C93-EB30-4421-9EC8-CF69A38B62B4@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | format=flowed;
> | charset="utf-8";
> | reply-type=original
> | Content-Transfer-Encoding: 7bit
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
> | X-MS-CommunityGroup-PostID: {11A15C93-EB30-4421-9EC8-CF69A38B62B4}
> | X-MS-CommunityGroup-ThreadID: CA04DF0C-1A4C-4749-8444-7F5C14022072
> | X-MS-CommunityGroup-ParentID: CA04DF0C-1A4C-4749-8444-7F5C14022072
> | Newsgroups: microsoft.public.windows.server.sbs
> | Path: TK2MSFTNGHUB02.phx.gbl
> | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:113147
> | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | 1) Are you letting the client create the appdata and desktop folders? Or
> | are you creating them and setting the permissions yourself. You *should*
> be
> | doing the former.
> |
> | 2) Windows needs permissons on the root folder about the user's folders.
> | Both on the share and NTFS level
> |
>
http://technet2.microsoft.com/windowsserver/en/library/a1b7ce04-708b-4145-83
> 0a-cadfc003acd31033.mspx?mfr=true
> |
> | -Cliff
> |
> | "Tommy Long" <TommyLong@discussions.microsoft.com> wrote in message
> | news:CA04DF0C-1A4C-4749-8444-7F5C14022072@microsoft.com...
> | > Last night I applied a new policy to redirect user folders.
> | >
> | > An example from the policy report:
> | >
> | > User Configuration > Windows Settings > Folder Redirection >
> Application
> | > Data
> | > Group: DomainAdmin
> | > Path: \\FileServer\Admin\%USERNAME%\AppData
> | > Grant User exclusive rights...: Enabled
> | > Move the contents of App...: Enabled
> | > Policy Removal Behavior: Leave Contents
> | >
> | > This has been mirrored to four other groups, to four other locations,
> for
> | > App Data, Desktop, My Docs, and Start Menu.
> | >
> | > The share has the permissions:
> | > Everyone: Full Control
> | >
> | > The folders created for Appdata, Desktop, etc have the permissions:
> | > Admin: Full Control
> | > %USERNAME%: Full Control
> | >
> | > I still have the default policies enabled and have scanned through them
> | > but
> | > can't see a reason for there to be a conflict or problem.
> | >
> | > The problem is, since the change, if you try to run a iexplore shortcut
> | > (for
> | > example) from the QuickLaunch bar (effectively AppData folder), from the
> | > Desktop, or from MyDocs, you receive a permissions error:
> | >
> | > "C:\Program Files....iexplore.exe"
> | > "Windows cannot access the specified device, path, or file. You may not
> | > have the appropriate permissions to access the item"
> | >
> | > This also happen regardless of what you try to execute within the above
> | > listed folders (shortcut, exe, etc).
> | >
> | > Shortcuts will run from the start menu however, despite the start menu
> | > folder sharing mirrored policy and permissions as the other 3 folders.
> | >
> | > I'm stumped, anyone know what I've done wrong?
> | >
> | > Thanks in advance,
> | > Tommy
> | >
> | > --
> | > -------------------------------
> | > Please respond to my posts via the newsgroup as the e-mail provided is
> not
> | > monitored.
> |
> |
>
>