Solved

changing the My Folders Redirect GPO location

Posted on 2004-09-21
16
447 Views
Last Modified: 2008-03-10
Guys and girls,

Odd one here. I've had a GPO on the entire domain that redirects users in MyFoldersRedirectGroup to \\server1\MyDocuments\%username%

I now have a new server in place and changed the GPO to \\Server2\....

However, the changes are not propigating. I've tried everything, yet the old settings remain (can see by viewing Properties on My Documents on the client) ... and I'm baffled as to where the settings are coming from - i've tried removing the entire 'rule' and putting in new ones, i've tried basing it on Everyone (rather than the Advanced) and rebooting and even deleted the local profile from my machine and relogged on to get a new profile etc .... yet, everytime the old setting stays.

We have a very simple set up here - a couple of DC's in one domain ... no other GPO in effect - just the Default Domain Policy.

Is there anything you can suggest - ways of testing where it's getting the information from etc.

Thanks

S.S.
0
Comment
Question by:SpencerSteel
  • 8
  • 7
16 Comments
 
LVL 9

Expert Comment

by:CDCOP
Comment Utility
gpupdate /force
try this on client computer in command prompt and restart.
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi
Have a look at this PAQ on a similar issue,
Windows 2000 AD Group Policy - problem with folder redirection
http:Q_21075259.html

Deb :))

0
 

Author Comment

by:SpencerSteel
Comment Utility
Thanks Debs but this really is utter, utter s*^t on behalf of M$ ... I now somehow have to move 50+ user accounts to the new locations manually and reset each PROFILE registry setting !!

God, this is so bad ... why doesn't the GPO work ? Is this common ? Is it just the My Documents that totally ignored by GPO !?

I'm angry.

Sorry.

*cries*

S.S.
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi

There's got to be an easier way round this - do you still have the old server in place?
0
 

Author Comment

by:SpencerSteel
Comment Utility
oh yes .. that's still running .. i was wisely just testing it with my profile first.

the good thing about the redirection (when it works) is that it will move the docs to the new location (without the big permissions headache), lock down the permissions and sort everything out.

Manually this is a big job.

How do I discover things in this OS which you would of assumed would of been found 2 months after the release and fixed in the service patch ?

I hate computers.

S.S.x
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi

Ok that's good news and you're not in the same situation as the PAQ I posted. From a client login (your test one) try running this at a command prompt - gpresult /v - this will give you all the group policy applied to both that logon and the client pc,

Post it here if you like,

Deb :))
0
 

Author Comment

by:SpencerSteel
Comment Utility
OK Debs ... never seen that before - thanks for the command ...

Here's the important stuff

At the moment there should be 2 security groups which are used for Folder Redirection .... the old one has everyone in it except me and the new one has just me. I should be going to SNOOPY, the rest stay on BIGBROTHER

I think, however, looking at this, it's confused about these security groups as there are no mention or N/A ... I could be reading this wrong ...

Do you need any more info.

S.S.x

-------------------------------


        Folder Redirection
        ------------------
            GPO: Default Domain Policy
                Setting:  InstallationType:  maximum
                    Grant Type:        Exclusive Rights
                    Move Type:         Contents of Local Directory moved
                    Policy Removal:    Leave folder in existing location
                    Redirecting Group: N/A
                    Redirected Path:   \\bigbrother\mydocuments\spencer_s
tures
                                   \\snoopy\usermydocuments\spencer_s\My
s

            GPO: Default Domain Policy
                Setting:  InstallationType:  maximum
                    Grant Type:        Exclusive Rights
                    Move Type:         Contents of Local Directory moved
                    Policy Removal:    Leave folder in existing location
                    Redirecting Group: N/A
                    Redirected Path:   \\bigbrother\mydocuments\spencer_s
                                   \\snoopy\usermydocuments\spencer_s
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi

So you're applying group policy using security filtering with read and apply permissions set on security groups?
Am a little confused about what you have set up. Normally I don't set anything at the default domain controller policy other than account policies etc, and instead use OU's for folder redirection and other policies based on the location of the users.
Simplified version of our setup
So OU1 - Has our Head Office staff in it - folders redirected to //headofficeserver/profileshare/
OU2 - Has branch office 1 staff in it - folders redirected to //branchofficeserver/profileshare/
etc
Where do you have both redirection policies applied? OU? Default domain?
Have you got more than one gpo attached?
If you could explain how you've got this setup it may help. Looks like your getting both policies,


Deb :))
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
Comment Utility
Oh and just in case you have an XP-Pro PC (or a 2003 DC), this is a massively useful tool for administering group policy and evaluating the effects of it's application,
Group Policy Management Console with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

You'll need a pc with XP Pro SP1, .NET Framework and it should prompt you for anything else it needs,

Deb :))
0
 

Author Comment

by:SpencerSteel
Comment Utility
OK Debs here goes ...

I've never been very good with all this stuff really, so the set up is a little crude. But we have a single office with a single domain and no real OU's apart from the defaults AD set up.

I use the very top level GPO (informatiq.co.uk) and set the MyDocument folder redirect from there.

I've selected "Advanced - specify locations for various users and groups"

The Security Group 'MyDocumentsRedirectGroup' contains most of the users (and is working)

I just created new Sec Group called 'MyDocumentRedirectToSnoopy' (snoopy being my new server!) ... and i've just put me into this SecGroup ...

Now, your first question is going to be 'have you removed yourself from the first group' and yes, I've checked that about 20 times :)

Perhaps it's time for me to create some better OU's !

Over to you Debs ...

S.S.x
0
 

Author Comment

by:SpencerSteel
Comment Utility
Wow ... you are the best Debs - that tool is wicked.

Sadly, it proves that I'm probably more screwed than I first though ... I ran the wizard from my user on my machine ....

=========

Folder Redirection Failed 21/09/04 16:37:41
Folder Redirection failed due to the error listed below.

Access is denied.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 21/09/04 16:37:41 and 21/09/04 16:37:41.

==========


However, more worrying is this at the top Component Status

===========

Component Name Status Last Process Time
Group Policy Infrastructure Failed 21/09/04 16:35:18
Group Policy Infrastructure failed due to the error listed below.

The specified domain either does not exist or could not be contacted.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 21/09/04 16:35:18 and 21/09/04 16:35:18.

===========

... but this looks like a totally different kettle of fish !

I wonder why Access is Denied ... will check logs and report back.

I really, really hate computers

S.S.x
 

 
0
 

Author Comment

by:SpencerSteel
Comment Utility
oh, for the love of God ... must remember share permissions versus NTFS permissions

*holds head in hands*

S.S.

(i'll sort you the points in a moment once this is all going)
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Ok - That message probably means that DNS isn't setup correctly, and should be resolvable.
On your new server, do you have dns setup on it? O
Of course you'll have dns setup on server 1.
Could you run this on each server and post the results, and from your client pc?

From a command prompt type ipconfig /all and post the results.

As for access denied - check that you have the following permissions on the folder that you are redirecting to:

Use the following settings for NTFS Permissions:
CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
System - Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
Everyone - List Folder/Read Data (Apply onto: This Folder Only)
Everyone - Read Attributes (Apply onto: This Folder Only)
Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)

From this useful article here:
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000
http://support.microsoft.com/default.aspx?kbid=274443

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Ah right.............. :)) - Don't worry I hate computers too sometimes ;-)

Deb :))
0
 

Author Comment

by:SpencerSteel
Comment Utility
It worked.

After all that is was a sharing permissions problem - i am so ashamed.

However - you've taught me tons today - including that great utility.

I do have some sort of DNS issue I think, as one of them needs a restart now and again ... but that's another story I guess.

Thanks Debs ...

Have 500 very well earned points.

You should become a trainer.

S.S.
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Thanks! Glad I helped, just troubleshooting these things is hard from a remote location with no visuals! lol - I AM a trainer too!

If you like, and you feel I was helpful - feedback would be nice in my profile - oh and I always reciprocate - cheeky I know - I guess I use Ebay too much ;-)

Best wishes

Deb :))
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now