Creating a Folder Redirection Share

I’ve written this blog post with the intention of documenting the permissions required when creating a share that is to be used for folder redirection. I have worked on a number of sites where there has been permission issues when attempting to redirect folders (however they are being implemented: GPO or AppSense Environment Manager).

Microsoft have written a knowledge base article about this so I’m assuming that they’ve had a number of calls about this as well. Their article can be found here.

To make my life easier when I attend site (and to ensure that my implementations stay as consistent as possible), I have written a quick batch file that can be executed on the server that will contain the share. There isn’t a huge amount of error checking in it at present, but it does adhere to the settings in the Microsoft article.

There is a reliance on the icacls utility which is included in Windows Server 2008 and above. The utility is also available on Server 2003 SP2 as described here. I haven’t checked, but the syntax may well be different.

Contents of the batch file:

@echo off
title Creating Folder Redirection Share

set /p FOLDER_PATH=Enter the path for the folder:  
set /p SHARE_NAME=Enter the sharename for the folder:  

if exist %FOLDER_PATH% (goto DIR_ALREADY) ELSE (goto CREATE_DIR)

:CREATE_DIR
echo Creating %FOLDER_PATH%
mkdir %FOLDER_PATH%
goto SET_PERM 

:DIR_ALREADY
choice /m "%FOLDER_PATH% already exists. Would you like to continue "
if ERRORLEVEL 2 GOTO END

:SET_PERM
echo Setting permissions on %FOLDER_PATH%
icacls %FOLDER_PATH% /inheritance:r /grant "CREATOR OWNER":(OI)(CI)(IO)F "SYSTEM":(OI)(CI)F "Domain Admins":(OI)(CI)F "Everyone":(S,RD,AD,X,RA) > NUL

:DIR_CONFIRM
echo Permissions on %FOLDER_PATH% are now set to: -
icacls %FOLDER_PATH%

:DIR_SHARE
echo Sharing %FOLDER_PATH% as %SHARE_NAME%
net share %SHARE_NAME%=%FOLDER_PATH% /GRANT:Everyone,FULL

:END
echo.
pause

It can be downloaded from here