Vista/Office 2k3 "Access Denied" in Documents Folder 1

[cglass1015]

I am in the process of testing Vista in our environment here at work. We have a Server 2003 domain with XP workstations except for the Vista test box. I am currently redirecting the my documents folder to a network share via GPO. This works perfectly on all XP machines. However, on the vista box when I try to open the documents folder from within an Office application (word, excel, etc) I get an "access denied" message. This is true even if I use the UNC path to get to the redirected documents. If I follow the documents link from the Start Menu or from the shortcut on the desktop I am taken to the share without issue and everything behaves as it should.

In short the redirected documents work perfectly in Vista except when I try to navigate to them in an Office application.

 

[Idiran]

I have had a very similar issue (although not from within Office):

Vista Business edition mapped to a network share on a 2003 AD. I can copy files/folders into it, delete files/folders, but I can't rename anything.

I have been looking at this all day and now believe it is something to do with the way that Vista performs "Bypass traverse checking" (traversing a tree of directories on which you don't have permissions, to get into a directory to which you do have permissions), it just doesn't seem to work correctly.

The only way I have been able to get this working was to ensure that the account/group (or even the everyone group) being used by the Vista user had read permissions at each stage of the tree.

For example in the case of cglass1015's \\fileserver\users\%username%\my documents\ issue it would require that:

* The share \\fileserver\users (I presume) is set to "Authenticated users" or "Everyone" having read permissions in both the share and NTFS.

* \users would again need it's permissions set for "Authenticated users" or "Everyone" having read.

* \%username% should be set to "Modify" for the user (that's if it's used as a "home drive" and not just for "My Documents").

* \My Documents should be set to "Modify" for the user.

The only issue I can see with doing this in cglass1015's case is that you need to be careful if the directories in the \users path are set to inherit permissions in any way, you could end up with all users having read access to everyone else's home drives.

Hope it helps.

 

[cglass1015]

I have fixed the problem, thanks to Idiran for pointing me in the right direction.

To the "\\fileserver\users" folder I added the following NTFS permission:

Authenicated Users - Read Permissions

"Read Permissions" is only available if you use the Advanced button within the Security tab on the folder properties.

Using this allows authenticated users to read the permissions of the files/folders contained within without having any access rights to the files/folders.

To be clear, this problem only occured in Office 2003 products running in Vista. The problem did not occur at all in XP, nor would it happen outside of Office applications in Vista.

 

[cdogg]

cglass,
In your third post, you mentioned you already had the share set to "full control" for Authenticated Users. So you're saying you added this NTFS read permission in the same location and it made a difference? I'm just curious so I know how to avoid the issue...thanks

~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.

 

[cglass1015]

That is exactly right. The share permissions were already set for Authenticated Users - "Full Control" (that's how I do all of my shares). I added the following NTFS permission to \\fileserver\users - Authenticated Users - "Read Permissions"