Folder Redirection Windows Server
- Windows Server Wiki
- Folder Redirection Windows Server 2019
- Best Server Software
- Folder Redirection Policy
- Folder Redirection Windows Server Essentials
- If you specify a named home folder on a user's 'profile' tab in AD, you can redirect the documents folder to '%homeshare% documents'. This will place the auto-named 'documents'/'my documents' inside of the named user folder.
- The redirected folders should be owned by the user and created by the user the first time they login after the folder redirection GPO is applied. The roaming profiles are also owned and created by the user when roaming profiles are enabled.
Folder redirection problem – only users in the 'Head Office' group should get folder redirection (Desktop, Docs, Pictures, Favs) but everyone is getting there folders redirected.
In order to try to fix the situation I have been checking the settings are as per : https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-folder-redirection
The difference that I have not been able to over come is the folder permissions are different. I also note in the current setup the Home Path is being set in Active Directory Users > Profile for each user - this is in addition to the GPO. I assume that they are both doing the same thing and that I really shouldn't been to do it through each user in Active Directory Users > Profile.
Folder Redirection enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share. Users interact with files in the redirected folder as if it still existed on the local drive. Jul 06, 2017 What is Folder Redirection? This article shows you how simply you can redirect folder in Windows Server with group policy. The folder redirection is the way to keep a profile folders to a network location or other location in the local computer. Typically user profiles and settings are stored in.
When I go to add special permissions to the Home Drives folder (adding List folder / read data, Create folders / append data, Read attributes Read extended attributes, Read permissions)
I get the error :
Error Applying Security - An error occured while applying the security information to D:Home DrivesSome UserDesktop. Failed to enumerate objects in the container. Access is denied.
Note that the existing users have data in there, and so not wanting to create a worse mess I have not tried to push this any further. The current owner of the home drives folder is the Administrators group.
The current users with full control are:
- Administrator
- Administrators
- SYSTEM
- Authenticated Users (Read & Execute)
- Head Office Users (Special)
Is anyone able to advise what should be done now?
I see under Home DrivesUser.Name there is folders like: Desktop, Documents, Favourites, Pictures but there is also Home DrivesUser.NameV6 with 3D Objects, Contacts, Downloads, Links etc.
The ownership of these folders is different too:
Windows Server Wiki
- Home Drives - Owner Administrators
- Homes DrivesUser.Name - Owner Administrators
- Home DrivesUser.NameV6 - Unable to Display
- Home DrivesUser.NameDocuments - Unable to Display
Update: I found the folder redirection had been applied to the whole domain. I have deleted this and created a new folder redirection policy targeting Head Office security group.
I have taken ownership of users folders, taken a copy, and then copied the data back. Messy but its worked.
Last remaining issue is that the built in Administrator is still getting its folders redirected. Even after I added Admins group and gave denied them under Delegation > Advanced.
1 Answer
You've got several questions/problems here and I can generally answer them all, but you haven't provided specific details about your GPO settings or where they are applied in active directory.
The first suggestion I would give you is that the link you used to setup folder redirection is one of the most ridiculously overcomplicated, yet completely lacking of any necessary detail, articles I've seen in a while.
Try reading through this series of articles for a real explanation of how to setup folder redirection and what the settings and permissions you are choosing actually do: https://4sysops.com/archives/folder-redirection-part-1-introduction/
Now, on to you multiple issues:
- Only users in the 'head office' group should get folder redirection but everyone is getting these folders: That is because you are applying the GPO too broadly. You have two options. 1) Create a separate OU or sub-OU and move the users that need folder redirection to that OU and apply the GPO only to that OU. 2) Adjust the permissions on the existing GPO. Go in to delegated permissions (under advanced security) and remove the tick box for the 'Apply' permission on Authenticated Users (They should keep Read permissions). Next, add the security groups of users that you want the GPO to apply to and make sure it has Read, and Apply permissions.
- ..I have not been able to overcome the folder permissions are different: That is because you need to setup the home directory permissions properly to begin with, and make sure you don't grant exclusive access to the redirected folders in the GPO settings. So, first make sure you setup the following permissions on the top level home folders directory: SYSTEM and Administrators:Full Control (This folder, subfolder and files); Authenticated Users:Create Folder, Traverse Folder, List Folder, Read Permissions, Read Extended Permissions (This folder only); CREATOR OWNER:Full Control (subfolders and files). Do not tick the box to replace inherited permissions on subcontainers. Next, change your GPO folder redirection setting so that the option to 'Grant user exclusive rights..' is unchecked. This will fix all future permission issues on redirected folders, but it will not fix existing folders. Unfortunately, that would require a powershell script to fix the existing folders and that is fairly complicated and outside the scope of this question.
- I also notice home path is being set in Active Directory Users -> Profile: Using the 'Profile Path' option is turning on Roaming Profiles. That is a completely separate beast and has probably caused some significant issues with your users now overall. If you wanted to connect a network drive to the user's home folder then you would use the 'Home Folder' options. You need to get rid of that Profile Path option all together. Unfortunately, this might cause your users to get a new profile generated on each computer they log in to and lose any existing customizations or settings.
- When I go to add special permissions to the Home Drives folder - I get an error: That is because you granted exclusive rights to the user in the GPO settings. Now the only person with access to the folder is the user, not administrators or anybody else. This can't be fixed easily.
- I see Home DrivesUser.NameV6: That is because you turned on roaming profiles with the 'Profile Path' setting in the user profile. That redirected the entire user profile to another directory. Again, roaming profiles and folder redirection are two completely different beasts, although they can work together. The V6 designates that it is a Windows 10 profile version.
- The ownership of these folders is different too: Again, all because of the above information I already provided. The redirected folders should be owned by the user and created by the user the first time they login after the folder redirection GPO is applied. The roaming profiles are also owned and created by the user when roaming profiles are enabled. A different GPO setting controls if they will be granted exclusive access to this folder or not. By default, they have exclusive access.
Not the answer you're looking for? Browse other questions tagged windows-server-2016 or ask your own question.
What is Folder Redirection?
This article shows you how simply you can redirect folder in Windows Server with group policy. The folder redirection is the way to keep a profile folders to a network location or other location in the local computer. Typically user profiles and settings are stored in local profile. By redirecting folders, you can access to data regardless of which computers you are logs in.
In addition to the immediate benefit of having that data on a file server that is much easier to keep backed up, the user also gets the benefit of being able to go to multiple computers in your organization and still have access to their data. Using the default Windows settings and the default share settings on your file server, these redirection will be even made available offline automatically for your users.
The Policy-Based QoS node
This quality of service (QoS) node, known as the Policy-Based QoS node, defines policies that manage network traffic. For example, you might want to ensure that users in the Finance department have priority to run a critical network application during the end-of-year financial reporting period. You can do that by using the Policy-Based QoS node.
In the User Configuration node only, the Windows Settings folder contains the additional Folder Redirection node. With folder redirection, you can redirect user data and settings folders such as AppData, Desktop, Documents, Pictures, Music, and Favorites from their default user profile location to an alternate location on the network, where you can manage them centrally.
Infrastructure Requirement :
- 1 DC SERVER (DC-CLOUD)
- Client PC running Windows 10 (CLIENT-10)
Lets get started.
01 – Create a Shared Folder
1 – On DC-CLOUD, on the taskbar, click the File Explorericon, In the navigation pane, click This PC.
2 – In the details pane, double-click Local Disk (C:), and then on the Home tab, click New folder.
3 – In the Name text box, type Redir, and then press Enter.
4 – Right-click the Redirfolder, click Share with, and then click Specific people.
5 – In the File Sharing dialog box, click the drop-down arrow, select Everyone, and then click Add.
6 – For the Everyone group, click the Permission Leveldrop-down arrow, and then click Read/Write.
7 – Click Share, and then click Done.
Close the Local Disk (C:) window
02 – Create a GPO to redirect the Documents folder
1 – In Server Manager, click Tools and then click Group Policy Management.
2 – In the navigation pane, right-click the Windows.ae domain, and then click Create a GPO in this domain and Link it here.
3 – In the New GPO dialog box, in the Name text box, type Folder Redirection, and then click OK.
4 – In the navigation pane, right-click Folder Redirection, and then click Edit.
Active directory tutorial pdf. 5 – In the Group Policy Management Editor window, under User Configuration, expand Policies,expand Windows Settings, and then expand Folder Redirection.
6 – Right-click Documents, and then click Properties.
7 – In the Document Properties dialog box, on the Target tab, click the Setting drop-down arrow, and then select Basic-Redirect everyone’s folder to the same location.
8 – Ensure that the Target folder location box is set to Create a folder for each user under the root path.
9 – In the Root Path text box, type DC-CLOUDRedir, and then click OK.
10 – In the Warning dialog box, click Yes.
Close the Group Policy Management Editor
03 – Test Folder Redirection
1 – Sign in to CLIENT-10as WindowsAdministratorwith the password asd@123.
2 – Right-click Start, and then click Command Prompt.
Folder Redirection Windows Server 2019
3 – In the Command Prompt window, type the following command, and then press Enter:
Gpupdate /force
4 – In the command prompt window, when prompted, type the following, and then press Enter:
Y
5 – Sign in to CLIENT-10as WindowsAdministrator with the password asd@123.
6 – On the taskbar, click the File Explorer icon.
7 – In the navigation pane, in the Quick Access section, right-click Documents, and then click Properties.
Best Server Software
8 – Verify that on the General tab, the Location field has a value of DC-CLOUDredirAdministrator.
If this is not successful, repeat steps 2 through 7, and then check the redirection once again.
Folder Redirection Policy
9 – Sign out of CLIENT-10.
that’s all for now., any Doubts type a commend. 🙂