cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Move OneDrive folder to D:\ for all users - NTFS permission question.

Adrian Kielbowicz
Copper Contributor

‎Apr 11 2018 03:39 AM

‎Apr 11 2018 03:39 AM

Move OneDrive folder to D:\ for all users - NTFS permission question.

Assume the following scenario:

 

1) Users are not local admins and access to C drive is very restricted,

2) OneDrive folder has been moved to D:\ drive and placed inside OneDrives subfolder.

3) OneDrive itself is configured to store data in "D:\OneDrives\%Username%\OneDrive - ORG NAME GOES HERE" so everyone's data is separated and doesn't go into one big bucket.

 

I am pre-creating D:\OneDrives\%Username% using the GPO but permissions are all wrong (as they are inherited from root of D) meaning anyone can get to their own OneDrive folder as well as the others i.e.

 

D:\OneDrives\JoePublic

D:\OneDrives\JoePublic2

D:\OneDrives\JoePublic3

 

and so on. If I don't pre-create the D:\OneDrives\%Username% folder autoconfiguration of OneDrive doesn't work and automatic signing in is not working so the folder has to exist before OneDrive can do its business.

 

All files under D:\OneDrives are visible and accessible to anyone - question is, how do I restrict this so only the logged on user can see their own data and nothing else underneath D:\OneDrives?

 

If OneDrive is left in the users profile the permissions are set correctly plus you can't jump to someone else's profile anyway but my requirement is to have the data store away from users profiles and on the D drive.

 

Any help or ideas are much appreciated :)

 

Many thanks,

Adrian

Labels:
2,943 Views
0 Likes
3 Replies
Reply
3 Replies
Jos Lieben

‎Apr 12 2018 05:34 AM - edited ‎Apr 12 2018 05:35 AM

‎Apr 12 2018 05:34 AM - edited ‎Apr 12 2018 05:35 AM

Re: Move OneDrive folder to D:\ for all users - NTFS permission question.

How do you precreate those folders? You should disable inheritance on each user folder, then set explicit permissions for each user on their respective folders, that should work fine :)

Manually doing that would be a chore, but you can automate it with Powershell or a tool like XCACLS.

0 Likes
Reply
Paul Klerkx

‎Nov 12 2018 03:43 PM

‎Nov 12 2018 03:43 PM

Re: Move OneDrive folder to D:\ for all users - NTFS permission question.

We use GP folder redirection to redirect folders to D and use the information from the first link below to set permissions.  These permissions are set via GPO and this is explained in the second link. 

 

https://support.microsoft.com/en-us/help/274443/how-to-dynamically-create-security-enhanced-redirect...

 

https://www.linkedin.com/pulse/assign-file-folder-permissions-via-group-policy-farid-soltani/ 

 

with the second component, don't forget to remove permissions for "Everyone"

 

Hope this helps.  

0 Likes
Reply
Paul Klerkx

‎Nov 12 2018 03:45 PM - edited ‎Nov 12 2018 03:47 PM

‎Nov 12 2018 03:45 PM - edited ‎Nov 12 2018 03:47 PM

Re: Move OneDrive folder to D:\ for all users - NTFS permission question.

forgot to mention.  we created a D:\Users directory and our profiles are directed to here.  permissions set on D:\Users for us, but can't see why the same process wouldn't work on the Root as well.  

 

so for onedrive for example, you would end up with D:\Users\USERNAME\Onedrive

0 Likes
Reply