Why do you have a long list of people with that level of access in the first place? Last small and for that matter current large IT place I worked GPO's were controlled by no more than 2 or 3 people (large) and 1 person (small). For that matter those were the number of people that could log into ANY server let alone a DC. I am not counting users getting to their data as logging in although technically they are logging in.
Dump that long list and get it to a much more controlled number. Jon From: [email protected] [mailto:[email protected]] On Behalf Of Poppy Lochridge Sent: Tuesday, August 23, 2016 :44 PM To: [email protected] Subject: RE: [NTSysADM] Folder Redirection Group Policy Resetting itself? Oh, nice thought, thank you. I don't have copies of the policy files before I edited them yesterday anywhere but in bare metal backup, but I do see a similar folder with an edit date of 8/17. Our security log doesn't go back that far, sadly, but that gives me at least a possible date to work from. There's an embarrassingly long list of people who have access. I've talked to the most likely to have been working on the server for any reason, and not gotten any confirmation that they were even on the server recently. (Obviously SOMEONE was - or we had two policy file versions sitting around or something equally weird happened) --Poppy From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Tuesday, August 23, 2016 1:11 PM To: [email protected]; '[email protected]' <[email protected]> Subject: Re: [NTSysADM] Folder Redirection Group Policy Resetting itself? Sounds like someone messed with the settings... who has access? When were the actual policy files in sysvol last modified? Sent from my slightly schizophrenic, but rather cool, BlackBerry Android From:[email protected] Sent:23 August 2016 9:09 p.m. To:[email protected] Reply to:[email protected] Subject:[NTSysADM] Folder Redirection Group Policy Resetting itself? Something very weird has happened with one of my clients' servers. In June, I configured group policy for redirected folders to store Desktop, Documents, and Downloads in \\SERVERNAME\folderredirections$\users$\USERNAME <file:///\\SERVERNAME\folderredirections$\users$\USERNAME> for about 50 users on the network. It's not a big network, but they are cautious with resources, so rather than fix the FOLDER of user data that the previous IT person named "users$" - he was trying to make a hidden share and didn't know how - I left it as it was. The Folder Redirections folder is in C:\Users on the server, so I closed down the share on Users and fixed permissions so each user controlled their own folder, but no-one else could access their files. Things were quiet-ish for the end of June and through July, redirected folders were working, no files disappearing, no odd permissions problems. Until yesterday. Yesterday, we were notified that users were getting permissions problems trying to delete files from their desktop. Some people reported that they'd restarted and logging back in took, in some cases, hours. On a hunch, I looked at Group Policy. Redirected folders policy had been changed - to something that looked like a vanilla, out-of-the-box setting produced by a wizard. Desktop and Documents were now pointing at \\SERVERNAME\Users\Folder <file:///\\SERVERNAME\Users\Folder> Redirections\USERNAME. Downloads had no policy configuration set. We're running Server 2012 R2 on this system. They've asked me to do what I can to prevent this from happening again - it's been rather disruptive - but this is a strange situation, and I'm at a loss to understand HOW this happened. Hit me with suggestions - have you encountered a situation where group policy changed unexpectedly? What's your best guess for how something like this happens? --Poppy Poppy Lochridge Technology Consultant NetCorps 1385-B Oak Street Eugene, OR 97401 541-465-1127 x4 <mailto:[email protected]> [email protected] <http://www.netcorps.org/> http://www.netcorps.org
