How to Fix Admin Access Issues to User Redirected Folders on Windows Server
If you’ve ever tried to access a user’s redirected folder on a Windows Server only to be met with an access denied message, you’re not alone. This is a common issue for sysadmins managing folder redirection via Group Policy. Luckily, there’s a straightforward fix — once you understand what’s going on under the hood.
Why Admins Get Blocked
Folder redirection is often used in Windows environments to redirect folders like Documents or Desktop to a network location. It’s great for backup and roaming profiles. But sometimes, admins get locked out of these folders due to NTFS permissions that are automatically applied when the folder is created.
By default, Windows applies exclusive rights to the user who owns the redirected folder — even administrators don’t get access unless explicitly granted. It’s a security measure, but it can cause headaches when troubleshooting or backing up files.
Real-World Example
One of our clients, a small accounting firm in Brisbane, ran into this problem when their backup software flagged errors. They couldn’t access redirected folders for several users. Turns out, their GPO folder redirection settings were applying exclusive permissions. It took a bit of digging, but we got them sorted without needing to reset ownerships manually.
Step-by-Step Fix
Here’s a simple way to regain admin access:
1. Turn Off Exclusive Rights in Group Policy
- Open Group Policy Management.
- Navigate to:
User Configuration → Policies → Windows Settings → Folder Redirection. - Right-click the folder (e.g., Documents), then select Properties.
- Click Settings.
- Uncheck Grant the user exclusive rights to Documents.
- Apply and close.
This change means newly created redirected folders won’t block admin access. It doesn’t fix existing folders though — we’ll cover that next.
2. Take Ownership and Reassign Permissions
For existing folders, you’ll need to take ownership:
- Right-click the folder → Properties → Security tab → Advanced.
- Click Change next to Owner → enter your admin account and apply.
- Once you’re the owner, go back to the Security tab and add the necessary permissions for your admin group.
Be cautious here. Don’t strip away the user’s own permissions unless there’s a specific reason.
3. Use PowerShell for Bulk Changes
For environments with lots of users, manually fixing folder permissions is a pain. PowerShell to the rescue:
Get-ChildItem "\\Server\RedirectedFolders" -Recurse | \
ForEach-Object {
$acl = Get-Acl $_.FullName
$admin = "DOMAIN\\Domain Admins"
$permission = "$admin","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl $_.FullName $acl
}Make sure to test this before running it across production folders.
Preventing Future Issues
Once you’ve fixed the current permissions, prevent it from happening again:
- Set Group Policy to not grant exclusive rights, as covered above.
- Use security groups in your permissions structure, not individual user accounts.
- Document your folder redirection and access policies clearly.
Need a Hand?
If you’re not keen on diving into folder permissions or scripting PowerShell fixes, that’s where we come in. At Gray Area Consulting, we help Brisbane businesses streamline IT management and avoid snags like these before they become bigger problems.
For more on Windows tools that improve productivity, check out our post on Microsoft Edge features. Or, if you’re looking to tighten up your network security, have a look at our guide to securing VoIP.
Tech hiccups happen — but they don’t have to slow you down. With the right tools and a bit of know-how, you’ll be back on track in no time.
