Search the VMware Knowledge Base (KB)
View by Article ID

Granting domain administrators access to redirected folders for View Persona Management (2058932)

  • 4 Ratings


With View Persona Management, you can use group policy settings to redirect user profile folders to a network share. When a folder is redirected, all data is stored directly on the network share during the user session.

Windows folder redirection has a check box called Grant user exclusive rights to folder-name, which gives the specified user exclusive rights to the redirected folder. As a security measure, this check box is selected by default. When this check box is selected, administrators do not have access to the redirected folder. If an administrator attempts to force change the access rights for a user's redirected folder, View Persona Management no longer works for that user.


The solution depends on whether you want to grant domain administrators access to a newly redirected folder or to an existing redirected folder.

Solution for Newly Redirected Folders

In VMware Horizon View 5.3 and later, the ViewPM.adm file contains a new group policy setting called Add the Administrators group to redirected folders. This group policy setting enables an administrator to grant the domain administrators group a full control over each redirected folder.
  1. Upgrade to VMware Horizon View 5.3.
  2. Copy the install-directory\VMware\VMware View\Server\extras\GroupPolicyFiles\ViewPM.adm file on the View Connection Server host to your Active Directory server.
  3. Apply the policy settings in the ViewPM.adm file to the GPO for your View desktops.
  4. Enable the Add the Administrators group to redirected folders group policy setting.

For complete information about configuring group policy settings, see the VMware Horizon View Administration Guide.

Solution for Existing Redirected Folders, Icacls or Takeown utility can be used to set ownership. 

  1. Set ownership for the administrator on the files and folders.

    icacls "persona-share /setowner "domain\admin" /T /C /L /Q

    For example: icacls " \\vmware-jjgp4e1c\folders\* " /setowner "view-cpd\vcadmin" /T /C /L /Q

  2. Modify the ACLs for the files and folders.

    icacls " \\file-server\persona- share\*" /grant "admin-group":F /T /C /L /Q

    For example: icacls " \\vmware-jjgp4e1c\folders\* " /grant "Domain Admins":F /T /C /L /Q

  3. For each user folder, revert ownership from the administrator to the corresponding user.

    icacls " \\file-server\persona- share\user-folder" /setowner "domain\folder-owner" /T /C /L /Q

    For example: icacls " \\vmware-jjgp4e1c\folders\u8.VIEW-CPD " /setowner "view-cpd\u8" /T /C /L /Q

    Note: If non-exclusive access is required, the user must be the owner of the folder and the creator/owner permission must have full control. The Access Control List (ACL) should contain:

    • CREATOR/OWNER – Full Control
    • Alternatively, %Username% – Full Control (Must still own the folder)
    • Each group that requires non-exclusive access
    • Each user that requires non-exclusive access
    • Local System (on Windows shares) – Full Control
    • For information on Takeown utility, see Microsoft Takeown.exe 

This Article Replaces


Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 4 Ratings