====== Folder Redirection ======
See also: **[[networking:windows:active_directory:home_directories|Windows Home Directories]]**
See also: **[[networking:windows:active_directory:group_policy|Windows Group Policy]]**
See also: **[[networking:windows:active_directory:roaming_profiles|Windows Roaming Profiles]]**
See also **[[computing:disk_space_low|Dealing with Low Disk Space]]**
**Disable Offline Files on Individual Redirected Folders**: http://technet.microsoft.com/en-us/library/jj154097.aspx
:!: For Ethernet-connected desktop PCs, I generally just disable the Offline Files feature.
**Detailed Terminal Server Example**: http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/configure-folder-redirection.html
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
http://blogs.technet.com/b/netro/archive/2010/09/01/which-minimum-share-amp-ntfs-permissions-do-you-need-for-the-use-of-offline-files-and-folder-redirection-in-windows-2008-2008-r2.aspx
http://technet.microsoft.com/en-us/library/cc766489%28WS.10%29.aspx
Folder Redirection is a newer feature of Windows that is complementary to Roaming Profiles. It can be used with or without Roaming Profiles.
Roaming Profiles can be very beneficial, but it can cause long logon/logoff cycles. Folder Redirection can help this situation by using redirection to access the bulkier parts of Windows Profiles instead of synchronizing/copying it on every logon/logoff.
Folder Redirection is:
* Complementary to Roaming Profiles
* Configured using Group Policy
* A user-based policy
* Redirection policies are usually applied to:
* Containers of user objects
* User Groups
===== Example Application =====
==== Folder Structure ====
This folder structure supports implementation of these four functions and permits the functions to be implemented separately at different times or together at once.
* Shares
* Home Directories
* Roaming Profiles
* Folder Redirection
E:\Shares
\Share1
\Share2
E:\Homes
\User1
\User2
E:\Profiles
E:\Redirected
\User1
\User2
\AppData
\Documents
Note that these settings allow for the automatic creation of per-user sub-folders of the top-level 'Redirected' folder and forbid users from accessing other users' files and folders.
==== Top-Level 'Redirected' Folder Properties ====
:!: Use **Advanced buttons** to edit these settings as noted in the instructions below!
^User or Group ^File/Folder Permissions (Security Tab) ^Comment ^
|Administrators |Full Control |This Folder, Subfolders and Files |
|SYSTEM |Full Control |This Folder, Subfolders and Files |
|CREATOR OWNER |Full Control |Subfolders and Files Only |
|Everyone |Full Control |This Folder Only |
^User or Group ^Share Permissions (Sharing Tab) ^
|Everyone |Full Control |
If you redirect folders for users with admin privileges, you will have problems unless you **disable UAC**. {{ :networking:windows:active_directory:redirection_admin_error.png?500 |Admins Can't Access Redirected Folders}}
Don't use 'administrator' for testing. Use a regular user account. I recommend creating a separate GPO for folder redirection and only applying it to the AD container holding your user objects. Also, don't add admin users to this container. It is undesirable to redirect folders for administrators anyway.
==== Configure Top-Level Folder and Sharing ====
- Create a folder "Redirected"
- Disable permissions inheritance removing all inherited permissions
- Set folder permissions per the table above
- Use the Advanced option to edit permissions
- Share the folder "Redirected"
- Set the share name as "**Redirected$**"
- The dollar symbol hides the share
- Leave off the ''$'' if you prefer
- Use **Properties -> Sharing -> Advanced** to create hidden shares
- Set the share permissions per the table
==== Configure Group Policy ====
See also **[[networking:windows:active_directory:group_policy|Group Policy]]**
:!: I generally redirect all the folders available for redirection.
:!: I recommend you do not add administrator objects in the AD container that folder redirection is applied to.
^Folders You May Want to Redirect ^Comment ^
|Application Data |Can get large |
|Desktop |Can get large and nice to have accessible from another PC |
|Documents |Can get large and nice to have accessible from another PC |
|Pictures |Follows Documents |
|Music |Follows Documents |
|Videos |Follows Documents |
|Favorites |Nice to have accessible from another PC |
|Contacts |Nice to have accessible from another PC |
|Downloads |Can get large |
- Modify Group Policy
- **Start -> Run -> ''gpmc.msc''**
- Right-click the container holding your **user** objects and select **Create a new GPO and link it here**
- Name it something useful like **Folder Redirection**
- Right-click the new policy -> **Edit**
- **User Configuration -> Policies -> Windows Settings -> Folder Redirection**
- **Right-click each folder you want to redirect -> Properties**
- Target Tab
- Setting
- **Basic - Redirect everyone's folder to the same location**
- Target Folder Location
- **Create a folder for each user under root path**
- Root path: **\\servername\Redirected$**
- Settings Tab
- __Deselect__ **Grant user exclusive rights**
* If you don't do this, administrators can't access redirected folders
- Select **Also apply to Windows 2000, XP, etc.**
- Select **Redirect the folder back to the local userprofile location when policy is removed**
{{:networking:windows:active_directory:redirected_gpo_target.png?direct&450|Using Group Policy Editor - Target Tab}} {{:networking:windows:active_directory:redirected_gpo_settings.png?direct&450|Using Group Policy Editor - Settings Tab}}
===== Terminal Services (Remote Desktop Services) =====
http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/configure-folder-redirection.html
===== Troubleshooting =====
* Don't use 'administrator' for testing - use a regular user account?
* Don't redirect folders for administrator accounts.
* Logging in through Terminal Services (as an admin) may affect folder creation?
==== Block Inheritance ====
You might try blocking Group Policy inheritance to see if upstream policies are affecting your issue.
**Start -> Run -> gpmc.msc**
**Right-click the container/group -> Block Inheritance**
==== Delete Existing Profile and Redirected Folders ====
You might try deleting a problem user's profile and redirected folders so that they will be recreated cleanly according to your Group Policies on the next user login.
**Right-click My Computer -> Properties -> Advanced -> User Profiles**
==== View All Shares ====
View all shares including hidden shares (share name ending with $ symbol):
net share
==== Corrupt ntuser.dat file with Redirected Folders ====
User logs in and does not get custom Desktop, Documents etc. Event log MAY show corrupt ntuser.dat file had been recovered.
- Delete the users profile from the workstation using the Advanced System Settings -> Advanced Tab
- Take ownership of the users profile on the server and rename.
- Log in as user and it will recreate the users profile on the server and workstation. Custom settings, Desktop Background, Outlook configuration, Quick Launch etc. will need to be reset.
:!: If the user has access to an RDS Server the profile must be deleted from the RDS Server also.