Sync Center: Permission denied

For the records, today: Always grant SYSTEM user full permissions.

Scenario

AD, client PC, documents folder redirected to a file server and there to a share’s subfolder (e. g. //fileserver/usershares/%username%), CSC enabled by default (standard as of Windows Server 2K8 FWIK), multiple domain users logging in to that client.

Symptoms

While logged in as User1, the Sync Center reports errors as Error while syncing //fileserver/usershares/User2: Permission denied.

Background

Sync is performed by the SYSTEM account. Which of course makes sense, especially when looking closer at CSC internals like storage concept (which I won’t right here, actually).

Solution

I could have just known from the start, as that is even part of my Samba AD instruction page. However, we tend to forget. So: Update the entire share root and add the “system” account with “full access” permissions recursively (in Linux terms, update any ACL for both existing files and defaults). You will need an elevated account with sufficient permissions, of course. Best bet is to update the permissions directly on the fileserver.

Comments

Instead of the SYSTEM account, adding a share root permission for the “Domain computers” does just the same good job.