Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Folder Redirection|
Failed to perform redirection of folder My Documents. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to <\\hawaii\home\%username%>. Files were being moved from <C:\Documents and Settings\jdoe\My Documents> to <\\hawaii\home\jdoe>. The following error occurred while copying <C:\Documents and Settings\cfrancis\My Documents \Catalog.rtf> to <\\hawaii\home\jdoe\Catalog.rtf>: This security ID may not be assigned as the owner of this object.
|English: Request a translation of the event description in plain English.|
My situation may or may not be related to each circumstance - but here is what I did to fix my problem.
I had Windows Server 2003 R2 servers and added Windows Server 2008 R2 servers. Updated Forest/Domain/GP with new schema before DCPROMO on Windows Server 2008 R2 servers.
Clients had Desktop and MyDocs redirected through GP before on Windows Server 2003 R2 servers. One of those Windows Server 2003 R2 DCs was dying, thus my need for new servers.
Clients were sometimes receiving the policy for the new redir within GP for MyDocs and Desktop, some were not. Slow logons on many WinXP clients, some Win7 clients.
Turns out that even though I had no replication errors, some clients were not getting the new GP for the Folder Redirection.
Per Microsoft, I had to go into each PC (or create registry exports and lay down the smack with an ADM file pushed through GP - see a little program called RegtoADM) and manually change in the registry:
Any of the RegKeys (strings) that would normally have been changed by the GP for Folder Redirection manually....
From: Personal "\\Svr-One\%USERPROFILE%\Documents"
To: Personal "\\Svr-Two\%USERPROFILE%\Documents"
BE CAREFUL when changing the GP for Folder Redirection to also check out T782799.
And especially the setting
"Redirect the folder back to the local user profile location when policy is removed. If enabled, specifies that the folder be copied back to the local profile location if the Group Policy object no longer applies."
So you don't accidentally delete the user's redirected folder upon moving or disjoining from domain.
A client of mine had this issue recently. Two GPOs were being applied, one at the domain level and the second at the OU level. Both handled folder redirection. The Group Policy Results Wizard showed that neither of the GPOs were actually being applied. If the user having trouble logged on to another computer, the GPOs and folder redirection worked properly. If any other user logged on to the problematic computer, folder redirection worked properly. The solution was to rename the local copy of the user's profile and have the system recreate it by using a "fresh" copy of the user's roaming profile.
ME274443 provides information no how to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003.
After you click to select the "Grant the user exclusive rights to <name of the folder> that you redirect" check box in a folder redirection policy, the user to whom you granted exclusive access might not have exclusive access to the redirected folder. See ME814611 for a workaround on this issue.
In my case, by manually removing the Microsoft Clip Organizer folder from the local profile, the Folder Redirection processing performed as expected.
This error happened to me when I was using basic folder redirection directing “C:\documents and settings\(name)\my documents” to “\\share\(name)\my documents”. The problem was the user’s permissions on their user-name folder (\\share\name), where not giving access to the user. Correcting permissions fixed this error.
While using Windows 2000 GPO to redirect to "\\servername\sharename\foldername", I have found the user must have “Full Control” permissions on the share (i.e. just add the Domain Users group with FC). You can lock down the NTFS permissions on the shared folder to “Read Only” for the same group you add to the Share permissions.
I experienced this problem with Windows 2003 Server Enterprise edition in combination with Windows XP Professional. First, I made a hidden share to redirect 'my documents' of users to (\\ce-w2003-svr-01\Docs$) and set the appropriate share and NTFS permissions. Second, I created a particular GPO for the actual folder redirection to \\ce-w2003-svr-01\Docs$\%username% (FYI: immediately noticed that there are four options for folder redirection in Windows 2003 server which work a little different then in windows 2000 server). Logging in with the first user, the folder redirection works. When logging in with another user on the same computer the 112 event occurs.
Solution (worked for me):
The solution is based on "The Folder Redirection Feature Does Not Function - ME274789" and "How to Restart the Offline Files Cache/Database - ME230738".
After performing the tasks mentioned in ME230738, before rebooting the client there is also a GPO setting that should be enabled and applied, especially when using Windows 2003 server.
User Configuration -> Network -> Offline Files -> Do not automatically make redirected folders available offline
Apparently Windows 2003 server Folder redirection, automatically makes the redirected folders available offline. The first successful redirection moved all the files in "my documents" to the new location and also made them available offline to User1. When User2 logged in on the same computer the redirection failed. Windows tried to synchronize and also move the files that were already automatically made available offline during the log on of User1 and thus belonged to User1. That explains the: "This security ID may not be assigned as the owner of this object." message.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated