A handy wizard in Small Business Server 2008 allows you to redirect the users’ desktop folders the the server to they’re automatically backed up and you get features similar to roaming desktop where the user can login to any machine (that they have permission to login to) and see all their documents and settings.

By default the permissions to these folders are  Grant the user exclusive rights to My Documents because of the check box being selected automatically. If you don’t un-check this box, you, as administrator won’t have access to everyone’s folder. Which you will probably want to be able to access files when people are away, etc. So even if  you clear this box later, the same permissions will remain.

How do you change this? One way is to go to each folder and take ownership of them and then manually edit the permissions to give administrator full control. You might find that if you do it this way, there will be problems the next time someone logs off their computer and they don’t have access to these folders to update the files they’ve been working on all day.

There is another way using a tool from sysinternals that is part of the PSTools.zip batch of tools which can be downloaded from here and using powershell that is built into SBS 2008 to use a script to change all the permissions for you.

You will need to create this powershell script and edit it to reflect your environment and save it as ChangePermissions.ps1. If you followed best practices, you have moved the data files and folder redirections to a secondary drive and not kept them on the c: drive. So the $StartingDir is where the folders are for the users.

# CACLS rights are usually
# F = FullControl
# C = Change
# R = Readonly
# W = Write

$StartingDir= "E:Users"



$Verify=Read-Host `n "You are about to change permissions on all" `
"files starting at"$StartingDir.ToUpper() `n "for security"`
"principal"$Principal.ToUpper() `
"with new right of"$Permission.ToUpper()"."`n `
"Do you want to continue? [Y,N]"

if ($Verify -eq "Y") {

foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
#display filename and old permissions
write-Host -foregroundcolor Yellow $file.FullName
#uncomment if you want to see old permissions
#CACLS $file.FullName

#ADD new permission with CACLS
CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL

#display new permissions
Write-Host -foregroundcolor Green "New Permissions"
CACLS $file.FullName

The next step is to save this file somewhere and then call it from an elevated command prompt. This is what mine looked like, you will have to change to match  your environment:

psexec -s -i powershell -noexit “& ‘e:softwaretoolsChangePermissions.ps1′”

Then sit back and watch as all the permissions are changed. You will then have access to the redirected folders on the server.


Thanks to http://mypkb.wordpress.com/ for the information!