The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Granting domain administrators access to redirected folders for View Persona Management (2058932)
With View Persona Management, you can use group policy settings to redirect user profile folders to a network share. When a folder is redirected, all data is stored directly on the network share during the user session.
Windows folder redirection has a check box called Grant user exclusive rights to folder-name, which gives the specified user exclusive rights to the redirected folder. As a security measure, this check box is selected by default. When this check box is selected, administrators do not have access to the redirected folder. If an administrator attempts to force change the access rights for a user's redirected folder, View Persona Management no longer works for that user.
The solution depends on whether you want to grant domain administrators access to a newly redirected folder or to an existing redirected folder.
Solution for Newly Redirected Folders
In VMware Horizon View 5.3 and later, the ViewPM.adm file contains a new group policy setting called Add the Administrators group to redirected folders. This group policy setting enables an administrator to grant the domain administrators group a full control over each redirected folder.
- Upgrade to VMware Horizon View 5.3.
- Copy the install-directory\VMware\VMware View\Server\extras\GroupPolicyFiles\ViewPM.adm file on the View Connection Server host to your Active Directory server.
- Apply the policy settings in the ViewPM.adm file to the GPO for your View desktops.
- Enable the Add the Administrators group to redirected folders group policy setting.
For complete information about configuring group policy settings, see the VMware Horizon View Administration Guide.
Solution for Existing Redirected Folders, Icacls or Takeown utility can be used to set ownership.
Set ownership for the administrator on the files and folders.
icacls "persona-share /setowner "domain\admin" /T /C /L /Q
For example: icacls " \\vmware-jjgp4e1c\folders\* " /setowner "view-cpd\vcadmin" /T /C /L /Q
Modify the ACLs for the files and folders.
icacls " \\file-server\persona- share\*" /grant "admin-group":F /T /C /L /Q
For example: icacls " \\vmware-jjgp4e1c\folders\* " /grant "Domain Admins":F /T /C /L /Q
For each user folder, revert ownership from the administrator to the corresponding user.
icacls " \\file-server\persona- share\user-folder" /setowner "domain\folder-owner" /T /C /L /Q
For example: icacls " \\vmware-jjgp4e1c\folders\u8.VIEW-CPD " /setowner "view-cpd\u8" /T /C /L /Q
Note: If non-exclusive access is required, the user must be the owner of the folder and the creator/owner permission must have full control. The Access Control List (ACL) should contain:
CREATOR/OWNER – Full Control
Alternatively, %Username% – Full Control (Must still own the folder)
Each group that requires non-exclusive access
Each user that requires non-exclusive access
Local System (on Windows shares) – Full Control
- For information on Takeown utility, see Microsoft Takeown.exe
This Article Replaces
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.