changing the My Folders Redirect GPO location

Guys and girls,

Odd one here. I've had a GPO on the entire domain that redirects users in MyFoldersRedirectGroup to \\server1\MyDocuments\%username%

I now have a new server in place and changed the GPO to \\Server2\....

However, the changes are not propigating. I've tried everything, yet the old settings remain (can see by viewing Properties on My Documents on the client) ... and I'm baffled as to where the settings are coming from - i've tried removing the entire 'rule' and putting in new ones, i've tried basing it on Everyone (rather than the Advanced) and rebooting and even deleted the local profile from my machine and relogged on to get a new profile etc .... yet, everytime the old setting stays.

We have a very simple set up here - a couple of DC's in one domain ... no other GPO in effect - just the Default Domain Policy.

Is there anything you can suggest - ways of testing where it's getting the information from etc.

Thanks

S.S.
SpencerSteelAsked:
Who is Participating?
 
Debsyl99Connect With a Mentor Commented:
Oh and just in case you have an XP-Pro PC (or a 2003 DC), this is a massively useful tool for administering group policy and evaluating the effects of it's application,
Group Policy Management Console with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

You'll need a pc with XP Pro SP1, .NET Framework and it should prompt you for anything else it needs,

Deb :))
0
 
CDCOPCommented:
gpupdate /force
try this on client computer in command prompt and restart.
0
 
Debsyl99Commented:
Hi
Have a look at this PAQ on a similar issue,
Windows 2000 AD Group Policy - problem with folder redirection
http:Q_21075259.html

Deb :))

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
SpencerSteelAuthor Commented:
Thanks Debs but this really is utter, utter s*^t on behalf of M$ ... I now somehow have to move 50+ user accounts to the new locations manually and reset each PROFILE registry setting !!

God, this is so bad ... why doesn't the GPO work ? Is this common ? Is it just the My Documents that totally ignored by GPO !?

I'm angry.

Sorry.

*cries*

S.S.
0
 
Debsyl99Commented:
Hi

There's got to be an easier way round this - do you still have the old server in place?
0
 
SpencerSteelAuthor Commented:
oh yes .. that's still running .. i was wisely just testing it with my profile first.

the good thing about the redirection (when it works) is that it will move the docs to the new location (without the big permissions headache), lock down the permissions and sort everything out.

Manually this is a big job.

How do I discover things in this OS which you would of assumed would of been found 2 months after the release and fixed in the service patch ?

I hate computers.

S.S.x
0
 
Debsyl99Commented:
Hi

Ok that's good news and you're not in the same situation as the PAQ I posted. From a client login (your test one) try running this at a command prompt - gpresult /v - this will give you all the group policy applied to both that logon and the client pc,

Post it here if you like,

Deb :))
0
 
SpencerSteelAuthor Commented:
OK Debs ... never seen that before - thanks for the command ...

Here's the important stuff

At the moment there should be 2 security groups which are used for Folder Redirection .... the old one has everyone in it except me and the new one has just me. I should be going to SNOOPY, the rest stay on BIGBROTHER

I think, however, looking at this, it's confused about these security groups as there are no mention or N/A ... I could be reading this wrong ...

Do you need any more info.

S.S.x

-------------------------------


        Folder Redirection
        ------------------
            GPO: Default Domain Policy
                Setting:  InstallationType:  maximum
                    Grant Type:        Exclusive Rights
                    Move Type:         Contents of Local Directory moved
                    Policy Removal:    Leave folder in existing location
                    Redirecting Group: N/A
                    Redirected Path:   \\bigbrother\mydocuments\spencer_s
tures
                                   \\snoopy\usermydocuments\spencer_s\My
s

            GPO: Default Domain Policy
                Setting:  InstallationType:  maximum
                    Grant Type:        Exclusive Rights
                    Move Type:         Contents of Local Directory moved
                    Policy Removal:    Leave folder in existing location
                    Redirecting Group: N/A
                    Redirected Path:   \\bigbrother\mydocuments\spencer_s
                                   \\snoopy\usermydocuments\spencer_s
0
 
Debsyl99Commented:
Hi

So you're applying group policy using security filtering with read and apply permissions set on security groups?
Am a little confused about what you have set up. Normally I don't set anything at the default domain controller policy other than account policies etc, and instead use OU's for folder redirection and other policies based on the location of the users.
Simplified version of our setup
So OU1 - Has our Head Office staff in it - folders redirected to //headofficeserver/profileshare/
OU2 - Has branch office 1 staff in it - folders redirected to //branchofficeserver/profileshare/
etc
Where do you have both redirection policies applied? OU? Default domain?
Have you got more than one gpo attached?
If you could explain how you've got this setup it may help. Looks like your getting both policies,


Deb :))
0
 
SpencerSteelAuthor Commented:
OK Debs here goes ...

I've never been very good with all this stuff really, so the set up is a little crude. But we have a single office with a single domain and no real OU's apart from the defaults AD set up.

I use the very top level GPO (informatiq.co.uk) and set the MyDocument folder redirect from there.

I've selected "Advanced - specify locations for various users and groups"

The Security Group 'MyDocumentsRedirectGroup' contains most of the users (and is working)

I just created new Sec Group called 'MyDocumentRedirectToSnoopy' (snoopy being my new server!) ... and i've just put me into this SecGroup ...

Now, your first question is going to be 'have you removed yourself from the first group' and yes, I've checked that about 20 times :)

Perhaps it's time for me to create some better OU's !

Over to you Debs ...

S.S.x
0
 
SpencerSteelAuthor Commented:
Wow ... you are the best Debs - that tool is wicked.

Sadly, it proves that I'm probably more screwed than I first though ... I ran the wizard from my user on my machine ....

=========

Folder Redirection Failed 21/09/04 16:37:41
Folder Redirection failed due to the error listed below.

Access is denied.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 21/09/04 16:37:41 and 21/09/04 16:37:41.

==========


However, more worrying is this at the top Component Status

===========

Component Name Status Last Process Time
Group Policy Infrastructure Failed 21/09/04 16:35:18
Group Policy Infrastructure failed due to the error listed below.

The specified domain either does not exist or could not be contacted.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 21/09/04 16:35:18 and 21/09/04 16:35:18.

===========

... but this looks like a totally different kettle of fish !

I wonder why Access is Denied ... will check logs and report back.

I really, really hate computers

S.S.x
 

 
0
 
SpencerSteelAuthor Commented:
oh, for the love of God ... must remember share permissions versus NTFS permissions

*holds head in hands*

S.S.

(i'll sort you the points in a moment once this is all going)
0
 
Debsyl99Commented:
Ok - That message probably means that DNS isn't setup correctly, and should be resolvable.
On your new server, do you have dns setup on it? O
Of course you'll have dns setup on server 1.
Could you run this on each server and post the results, and from your client pc?

From a command prompt type ipconfig /all and post the results.

As for access denied - check that you have the following permissions on the folder that you are redirecting to:

Use the following settings for NTFS Permissions:
CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
System - Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
Everyone - List Folder/Read Data (Apply onto: This Folder Only)
Everyone - Read Attributes (Apply onto: This Folder Only)
Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)

From this useful article here:
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000
http://support.microsoft.com/default.aspx?kbid=274443

Deb :))
0
 
Debsyl99Commented:
Ah right.............. :)) - Don't worry I hate computers too sometimes ;-)

Deb :))
0
 
SpencerSteelAuthor Commented:
It worked.

After all that is was a sharing permissions problem - i am so ashamed.

However - you've taught me tons today - including that great utility.

I do have some sort of DNS issue I think, as one of them needs a restart now and again ... but that's another story I guess.

Thanks Debs ...

Have 500 very well earned points.

You should become a trainer.

S.S.
0
 
Debsyl99Commented:
Thanks! Glad I helped, just troubleshooting these things is hard from a remote location with no visuals! lol - I AM a trainer too!

If you like, and you feel I was helpful - feedback would be nice in my profile - oh and I always reciprocate - cheeky I know - I guess I use Ebay too much ;-)

Best wishes

Deb :))
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.