Forum Discussion

Adrian Kielbowicz's avatar
Adrian Kielbowicz
Copper Contributor
Apr 11, 2018

Move OneDrive folder to D:\ for all users - NTFS permission question.

Assume the following scenario:

 

1) Users are not local admins and access to C drive is very restricted,

2) OneDrive folder has been moved to D:\ drive and placed inside OneDrives subfolder.

3) OneDrive itself is configured to store data in "D:\OneDrives\%Username%\OneDrive - ORG NAME GOES HERE" so everyone's data is separated and doesn't go into one big bucket.

 

I am pre-creating D:\OneDrives\%Username% using the GPO but permissions are all wrong (as they are inherited from root of D) meaning anyone can get to their own OneDrive folder as well as the others i.e.

 

D:\OneDrives\JoePublic

D:\OneDrives\JoePublic2

D:\OneDrives\JoePublic3

 

and so on. If I don't pre-create the D:\OneDrives\%Username% folder autoconfiguration of OneDrive doesn't work and automatic signing in is not working so the folder has to exist before OneDrive can do its business.

 

All files under D:\OneDrives are visible and accessible to anyone - question is, how do I restrict this so only the logged on user can see their own data and nothing else underneath D:\OneDrives?

 

If OneDrive is left in the users profile the permissions are set correctly plus you can't jump to someone else's profile anyway but my requirement is to have the data store away from users profiles and on the D drive.

 

Any help or ideas are much appreciated :)

 

Many thanks,

Adrian

Resources