Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » active_directory » folder_redirection
Trace: folder_redirection
networking:windows:active_directory:folder_redirection

Table of Contents

Folder Redirection

See also: Windows Home Directories

See also: Windows Group Policy

See also: Windows Roaming Profiles

See also Dealing with Low Disk Space

Disable Offline Files on Individual Redirected Folders: http://technet.microsoft.com/en-us/library/jj154097.aspx

:!: For Ethernet-connected desktop PCs, I generally just disable the Offline Files feature.

Detailed Terminal Server Example: http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/configure-folder-redirection.html

http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

http://blogs.technet.com/b/netro/archive/2010/09/01/which-minimum-share-amp-ntfs-permissions-do-you-need-for-the-use-of-offline-files-and-folder-redirection-in-windows-2008-2008-r2.aspx

http://technet.microsoft.com/en-us/library/cc766489%28WS.10%29.aspx

Folder Redirection is a newer feature of Windows that is complementary to Roaming Profiles. It can be used with or without Roaming Profiles.

Roaming Profiles can be very beneficial, but it can cause long logon/logoff cycles. Folder Redirection can help this situation by using redirection to access the bulkier parts of Windows Profiles instead of synchronizing/copying it on every logon/logoff.

Folder Redirection is:

  • Complementary to Roaming Profiles
  • Configured using Group Policy
  • A user-based policy
  • Redirection policies are usually applied to:
    • Containers of user objects
    • User Groups

Example Application

Folder Structure

This folder structure supports implementation of these four functions and permits the functions to be implemented separately at different times or together at once.

  • Shares
  • Home Directories
  • Roaming Profiles
  • Folder Redirection
E:\Shares
        \Share1
        \Share2
          
E:\Homes
        \User1
        \User2

E:\Profiles
                      
E:\Redirected
        \User1
        \User2
             \AppData
             \Documents
Note that these settings allow for the automatic creation of per-user sub-folders of the top-level 'Redirected' folder and forbid users from accessing other users' files and folders.

Top-Level 'Redirected' Folder Properties

:!: Use Advanced buttons to edit these settings as noted in the instructions below!

User or Group File/Folder Permissions (Security Tab) Comment
Administrators Full Control This Folder, Subfolders and Files
SYSTEM Full Control This Folder, Subfolders and Files
CREATOR OWNER Full Control Subfolders and Files Only
Everyone Full Control This Folder Only
User or Group Share Permissions (Sharing Tab)
Everyone Full Control
If you redirect folders for users with admin privileges, you will have problems unless you disable UAC.

Admins Can't Access Redirected Folders

Don't use 'administrator' for testing. Use a regular user account. I recommend creating a separate GPO for folder redirection and only applying it to the AD container holding your user objects. Also, don't add admin users to this container. It is undesirable to redirect folders for administrators anyway.

Configure Top-Level Folder and Sharing

  1. Create a folder “Redirected”
    1. Disable permissions inheritance removing all inherited permissions
    2. Set folder permissions per the table above
      1. Use the Advanced option to edit permissions
  2. Share the folder “Redirected”
    1. Set the share name as “Redirected$
      1. The dollar symbol hides the share
      2. Leave off the $ if you prefer
      3. Use Properties → Sharing → Advanced to create hidden shares
    2. Set the share permissions per the table

Configure Group Policy

See also Group Policy

:!: I generally redirect all the folders available for redirection.

:!: I recommend you do not add administrator objects in the AD container that folder redirection is applied to.

Folders You May Want to Redirect Comment
Application Data Can get large
Desktop Can get large and nice to have accessible from another PC
Documents Can get large and nice to have accessible from another PC
Pictures Follows Documents
Music Follows Documents
Videos Follows Documents
Favorites Nice to have accessible from another PC
Contacts Nice to have accessible from another PC
Downloads Can get large
  1. Modify Group Policy
    1. Start → Run → gpmc.msc
    2. Right-click the container holding your user objects and select Create a new GPO and link it here
      1. Name it something useful like Folder Redirection
      2. Right-click the new policy → Edit
      3. User Configuration → Policies → Windows Settings → Folder Redirection
    3. Right-click each folder you want to redirect → Properties
      1. Target Tab
        1. Setting
          1. Basic - Redirect everyone's folder to the same location
        2. Target Folder Location
          1. Create a folder for each user under root path
          2. Root path: \\servername\Redirected$
      2. Settings Tab
        1. Deselect Grant user exclusive rights
          • If you don't do this, administrators can't access redirected folders
        2. Select Also apply to Windows 2000, XP, etc.
        3. Select Redirect the folder back to the local userprofile location when policy is removed

Using Group Policy Editor - Target Tab Using Group Policy Editor - Settings Tab

Terminal Services (Remote Desktop Services)

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/configure-folder-redirection.html

Troubleshooting

  • Don't use 'administrator' for testing - use a regular user account?
    • Don't redirect folders for administrator accounts.
  • Logging in through Terminal Services (as an admin) may affect folder creation?

Block Inheritance

You might try blocking Group Policy inheritance to see if upstream policies are affecting your issue.

Start → Run → gpmc.msc

Right-click the container/group → Block Inheritance

Delete Existing Profile and Redirected Folders

You might try deleting a problem user's profile and redirected folders so that they will be recreated cleanly according to your Group Policies on the next user login.

Right-click My Computer → Properties → Advanced → User Profiles

View All Shares

View all shares including hidden shares (share name ending with $ symbol): 

net share

Corrupt ntuser.dat file with Redirected Folders

User logs in and does not get custom Desktop, Documents etc. Event log MAY show corrupt ntuser.dat file had been recovered.

  1. Delete the users profile from the workstation using the Advanced System Settings → Advanced Tab
  2. Take ownership of the users profile on the server and rename.
  3. Log in as user and it will recreate the users profile on the server and workstation. Custom settings, Desktop Background, Outlook configuration, Quick Launch etc. will need to be reset.

:!: If the user has access to an RDS Server the profile must be deleted from the RDS Server also.

networking/windows/active_directory/folder_redirection.txt · Last modified: 2023/08/18 11:33 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki