How do I disable SID security check for folder redirection with Group Policy?

How do I disable the SID security check for folder redirections with Group Policy? This isn't about weakening security, but rather about having Active Directory and Samba play nicely together.

I have a kerberized REALM-trusted Samba server. Users can read and write what they're supposed to be able to read and write to. Users can't read and write what they're not supposed to be able to read and write to. However, if I try to use it for Folder redirection I get errors like the following.

 EventData 

  FromFolder RoamingAppData 
  ToFolder \\samba.example.com\home\username\.AppData 
  Options 0x9219 
  Error Can't create folder "\\samba.example.com\home\username\.AppData" 
  ErrorDetails This security ID may not be assigned as the owner of this object.

The roaming profile does not have the same problem, but I had to enable:

Computuer Configuration \ Administrative Templates \ System \ User Profiles \ Do not check for user ownership of Roaming Profile Folders

Is there an equivelent setting for folder redirection that I have overlooked?


Solution 1:

You need to clear the "grant exclusive rights" checkbox in the folder redirection settings.

http://technet.microsoft.com/en-us/library/cc785925(v=ws.10).aspx

"If you must create folders for users, make sure that you set the correct permissions. Then, clear the Grant exclusive rights to check box on the Settings tab of the Folder Redirection Properties page. If you do not clear this check box, Folder Redirection first checks preexisting folders to determine if the user is the owner. If the administrator previously created the folder, the check fails, and redirection is cancelled. Folder Redirection logs an event in the Application event log indicating that redirection failed and that the new directories for the redirected folder cannot be created due to not being able to assign a security ID as the owner of the folder (Event ID 101)."