Solved

SBS 2003 Offline sync of My Docs located on server

Posted on 2007-04-05
12
945 Views
Last Modified: 2008-01-09
Hi - I'm afraid I have another urgent question. I am setting up a clean SBS2003 build for a client over the Easter weekend. The server is built and CIECW, user accounts, printers and SP1 is scheduled for tomorrow. The client has requested that the following must be available in the "new" environment

All users 'My Documents' folder shoukld points to their home directory on the server and that data sychronises when the users connect to the network. So for exapmple 5Mb worth of data has been added to 'My Docs' and 3Mb worth of data has been deleted over the weekend, on Monday morning this change sync's with the server.

My assumptions
a) I will be of course adding the laptops to the domain the SBS way. (http://<server>/connectcomputer)
Should I ensure that all computers are located under My Business / Computers / SBS Computers and all users under My Business / Users / SBS Users?
b) Then in GPMC create a new GPO in My Business / Users / SBS Users called My Docs and when I edit the GPO go to User Configuration - Folder Redirection, right click on My Docs and properties. Select Advanced and ADD - redirect to the user profile location? (I will have already setup user directories in the user account properties and also use login scripts)

If someone can confirm I am on the right path then great but then how do I do the 2nd part of the request. Syncing. As mentioned, if the user makes wholesale changes to his My docs folder on his laptop over a period of 10 - 15 days, when he comes into the office and logs into the network, his My Docs is uploaded to the server for backing up purposes. (These are SAP consultants and so data changes is vast and frequent)

Many thanks for reading this over Easter - holiday for some so 500 points all the way.
Regards
Robin
0
Comment
Question by:RobKanj
  • 8
  • 4
12 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 18862966
Redirecting to the user profile location is probably going to cause you problems when people are logging onto the network locally, because it means all their My Docs data has to be copied across the network with their user profile. Instead, I would create a share called UserDocuments or something similar, then select "Create a folder for each user under the root location" in My Docs redirection settings. Set the root location to \\<servername>\<sharename> (where <servername> is the name of your server and <sharename> is the name of the shared folder just created. You may have to configure security permissions for each user's folder to allow that particular user full control. This redirection means user profiles are smaller, and a user could log on to more than 1 local client computer, change my documents and it changes instantly on the first computer they logged on to.

Next, for the laptop users, you can create a 2nd GPO called Laptops (which only needs to apply to laptops - by security filtering/OU placement of the policy - local clients don't usually need to sync their data because they're always connected to the network) then set the offline files confugurations in that GPO as follows:
-Computer Configuration>Administrative Templates>Network>Offline Files>Allow or disallow use of the offline files feature>Enabled
-User Configuration>Administrative Templates>Network>Offline Files>Do not automatically make redirected folders available offline>Disabled
You'll need to set the caching options on the UserDocuments share you created above to "Only the files and programs users specify will be available offline". To do this, go to the share properties, click caching, then press the radio button next to that option.

That last Offline Files GPO will set the redirected My Documents folders to automatically be cached onto the user's laptops. This means they can access the My Documents folder as normal and make changes locally, which will sync as soon as they reconnect to the network.

N.B.: The above setup is basically how I setup every SBS server with laptop clients and it hasn't caused any problems in the past 2 - 3 years!

If you need any more info, just ask.

Good luck!
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 18862977
Oh, another point I forgot to add: the laptops all have to be started up and logged on to the network properly connected FIRST, before they are taken away from the server and work from cached offline files. I usually start them up with a cat5 cable plugged in, get the user to logon, then logoff (it should sync the my docs at logoff) and disconnect the cable, see if it will logon and whether files are there or not. It often takes 2 or 3 logins and logoffs to actually get it syncing properly.

The default settings (when connected to the network) are to sync at logoff and I think mine also syncs at logon if file changes are detected.

I also employ a PPTP VPN with Routing and Remote Access (built-in to SBS 2003) to allow my users to connect locally to the network from home/on the road and sync their changes without coming to the office. Useful for people who don't go to the office very often but need to backup their data to the server, and for accessing data on the server which isn't synched to their laptops!
0
 

Author Comment

by:RobKanj
ID: 18863048
Tigermatt - had a good read of your process and going to site now. I hope to be at offline sync stage by tomorrow (Saturday) so i'll put it into action then. Your thinking is definelty more logical than mine!! I may well have to take you up on asking for some more info if I run into difficulties. Many Many thanks.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 18863090
I look forward to hearing how it went. Good luck!
0
 

Author Comment

by:RobKanj
ID: 18868274
Hi Tigermatt - well now that the server is built and I have been working on the client machines I could do with a few pointers. I hope you do not feel that you are doing my work but I don't want to mess things up to the point where I can't undo them. Especially with GPO

Scenario so far. G drive on the server has two folders
Company data
User shared folders
When I created accounts, sbs has automatically created a home folder within User shared folders.
Client needs various mapped drives to sections of company data (many sub folders about 200Gb deep)

So my the default sbs login script has been amended to
\\<servername>\Clients\Setup\setup.exe /s <servername>
REM Default SBS Login Script for Users
\\<servername>\netlogon\%username%.bat
and I have created individual login scripts for each user and placed them in \\<servername>/netlogon
example
REM Batch file for John Smith
NET USE X: \\<servername>\Company /Y
NET USE L: \\<servername>\Europe /Y
etc etc etc...this works great. Now onto the syncronising -
 
a) will the above login script have any detrimental effect on offline synchronisation?

b) All the users are laptop users - there is only 1 desktop that remains in the office. All 10 users have dropped of the laptops over the easter weekend so I can do the wok connected locally over direct ethernet.

c) Can I share each user folder in the default sbs folder 'Users shared folder' and set the GPO to "Create a folder for each user under the root location"

d) Each folder created for each user account has been automatically created. I want to hide the share, E.G. jsmith$. Is that OK? I will of course set permissions

e) Your whole explanation on the '2nd GPO - Laptops' makes sense and I will put that into action. Shoud I move all the "My Documents" data from their Workgroup Laptop to their respective shares, run the http://<servername>connectcomputer. Will their 'My documents' folder on their domain profile, automtaically point to their home drive on the server. Do I need to execute gpedit  /force?

f) You said: The default settings (when connected to the network) are to sync at logoff and I think mine also syncs at logon if file changes are detected. - I'm not sure where to configure this, but it's definelty wanted!!

I am having trouble with VPN as they have a hosting comapny who holds various A records etc and I can't get the cisco 837 to work on their network so I will leave syncing over PPTP until a little later. Hope I am not taking advantage of your offer to help
Regards
Robin
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 18869348
Hi Robin

a) will the above login script have any detrimental effect on offline synchronisation?
You might get problems when the client is disconnected if it can't find the server to run the logon script or any of the files it references. Unless you enable offline synchronization on the shares the logon script creates mapped drives to, none of the data will be available until the client connects to the network. You can manually enable it in the Offline Files GPO (Computer Configuration>Administrative Templates>Network>Offline Files>Administratively Assigned Offline Files), although you say there's over 200GB of data which is going to take a long time to sync everytime the laptop comes back to the office, plus there may not even be enough HDD space on individual laptops. Also, if you enable it this way and if more than 1 client updates a file when disconnected from the network, you'll end up with issues whereby one file could overwrite a newer one, each client won't have the latest copy etc.

It might be worth setting the "Administratively assigned offline files" setting to automatically sync the \\<servername>\netlogon and \\<servername>\Clients shares, to ensure that the scripts still appear to be available when the client disconnects from the network.

b) All the users are laptop users - there is only 1 desktop that remains in the office. All 10 users have dropped of the laptops over the easter weekend so I can do the wok connected locally over direct ethernet.

That should make it easier for you - it saves having different GPOs and security groups for the laptops and desktop computers, like I have on many of my setups!

c) Can I share each user folder in the default sbs folder 'Users shared folder' and set the GPO to "Create a folder for each user under the root location"

Are you employing roaming profiles? If so, I'm guessing the share they are stored on is "Users shared folder". If that's the case, you'll need a separate shared folder, perhaps "User Redirected Folders" or "User My Documents", with folders again for each user in that share and appropriate security settings. (If you aren't using roaming profiles, then the first "Users shared folder" will be fine. I'll reference the folder we're using to redirect My Docs to as <redirectshare> below, so its the new folder if you have roaming profiles, "Users shared folder" if you don't have roaming profiles. I hope that mkaes sense!) The problem with putting the redirected my docs folder in with the roaming profiles is it defeats the object of folder redirection - the roaming profile will still be copied down to the client with the my docs folder, which could be hundreds of megabytes and take a while!

So, set the My Docs redirection to "Create a folder for each user under the root path" and the path to \\<servername>\<redirectshare>. You won't need to share each individual user's folder, because it can be accessed through \\<servername>\<redirectshare>\<username>\My Documents,  and that's how your client machines will attempt to access it.

Once you've set folder redirection, you can restart a laptop and logon as a user, go to My Documents, right click a blank space and click Properties. If you see \\<servername>\<redirectshare>\<username>... as the path then its working. If not, you may need to logon and off a few times to get it working! Alternatively, see if it's applied the redirection policy by going to Start>Run and typing "rsop.msc".

e) Your whole explanation on the '2nd GPO - Laptops' makes sense and I will put that into action. Shoud I move all the "My Documents" data from their Workgroup Laptop to their respective shares, run the http://<servername>connectcomputer. Will their 'My documents' folder on their domain profile, automtaically point to their home drive on the server. Do I need to execute gpedit  /force?

Providing the folder redirection is setup correctly, it should move it automatically. The only thing you may notice is a very long "applying your personal settings" message the first time the folder redirection is being set - that will be the data being moved across.

You could execute gpupdate /force, but I find it works much better if you restart the machine and let it find the security policy settings itself, provided it's connected to the network when it starts up.

f) You said: The default settings (when connected to the network) are to sync at logoff and I think mine also syncs at logon if file changes are detected. - I'm not sure where to configure this, but it's definelty wanted!!

It should do it by itself. If not, there's a setting somewhere if you go to My Computer>Tools menu>Folder Options>Offline Files. I think it says "Sync all offline files at logoff" or something similar, although it can probably all be configured through the Offline files group policy settings.

I hope all that makes sense. It was a long time since I last set this up, so I've had a look at the settings and basically explained them to you. Hopefully you can understand it all, if anything doesn't work, just let me know and I'll be happy to help.

One last thing - don't forget, once you get everything working, make sure you document everything you've done so it can help you next time you set something like this up and also when you come back in a years time and are puzzled about how something works! It can be a tedious job but very useful in the long run.

Good luck

Regards

tigermatt

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 58

Expert Comment

by:tigermatt
ID: 18869350
P.s. Just to add to the my documents folder redirection, I recently had problems configuring it on an SBS server, the problem being that it likes to have security settings configured perfectly, so make sure all the users have folders under the root path (you'll need to create them manually) and the user whose folder it is has full control over it. You can also change the owner of the folder to that user if you like...
0
 

Author Comment

by:RobKanj
ID: 18871040
Hi Tiger Matt
Okay I have run into trouble maybe because I haven't done exactly as you have said. Its 3am here in the UK so here's a brief synopsis and I'll see if you would be kind enough to reply.

Login script went in
No roaming profiles so on the root of the G partition there is a Folder called Users shared folders. I did go ahead (maybe mistake) and shared them as the username$ so its a hidden share. The share has full permissions to that user and domain admin account. In security of the folder the same.
In dsa.msc against each user profile I have assigned Z to \\<servername>\jsmith$
As I am writing this agin this might be a mistake as you said that folder redirection should take care of that so i am doing it twice??

In Group Policy Objects tree I created a GP called Offline Sync and......OH NO I think I know what the issue is, DAMN. Originally the GPO was not linked so I went to servername.local and went for the option 'Link an existing GPO' and now the administrator account has been affected by that GP. What I should have done is created the GP under the tree My Business - SBS - Users as all the relevant users are there and not the domain admin account right?
Anyways to the GP settings: pretty much exactly what you asked and it works sort off. (I reckon it will work better under My Business - SBS - Users)

Computer Config - Admin Templates - Network - Offline Files - ENABLE offline feature
Windows Settings - Folder Redirection - My Documents - Setting: Basic (Redirect everyone's folder to the same location) - Path: \\isbuksbssrv\users\%USERNAME%\My Documents
(maybe you will suggest remove the users bit from the UNC)
Options
Grant user exclusive rights to My Documents - Disabled
Move the contents of My Documents to the new location - Disabled
Policy Removal Behavior Leave contents

Administrative Templates - Network/Offline Files - Policy Setting
Synchronize all offline files before logging off Enabled
Synchronize all offline files when logging on Enabled
Synchronize offline files before suspend Enabled
Type of synchronization to perform when suspending: Action: Quick

Couple more things

I created two more GP's in GPO and again linked them to server.local. One was 'Add Logoff to start menu" and the other was GP refresh with a setting of 10mins.
When I do a Group Policy Modelling to see the effects both of them are set to Denied as they are 'Empty' but I created them the same way as the offlne sync GP. Offline sync GP is in Applied. Any thoughts?

Sorry for any typo's it's late.
Many thanks
Rob
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 18873304
Hi Rob,

Sorry for my late reply, I would have sent this earlier but just didn't get the chance!

Q: In dsa.msc against each user profile I have assigned Z to \\<servername>\jsmith$
As I am writing this agin this might be a mistake as you said that folder redirection should take care of that so i am doing it twice??
A: That shouldn't be a problem, because all it does is, I believe, is create a mapped network drive (Z:) to a user's share when that user logs on to a client. In fact, it can be quite useful in the long run because it means My Documents can be accessed through the Z: drive as well as the My Documents folder.

Q:The Offline Sync GPO
A:If you delete the link in the domain root and instead create it in MyBusiness (not MyBusiness - Users), the computer settings will be inherited by the Computers OU and the User settings will be inherited by objects in the Users OU - that way it saves you making 2 links in the GPO interface!

Q:Path: \\isbuksbssrv\users\%USERNAME%\My Documents
A:If you've shared each user folder as \\isbuksbssrv\jsmith$ (where the user's username which they logon to the network is jsmith) then the path for the folder redirection would be \\isbuksbssrv\%USERNAME%$
Basically, the %USERNAME%, as you probably already know, gets replaced with the username of any user which logs in, so it just replaces the jsmith in the path I mentioned above.

Q: Administrative Templates - Network/Offline Files - Policy Setting
A: That all looks fine!

Q: When I do a Group Policy Modelling to see the effects both of them are set to Denied as they are 'Empty' but I created them the same way as the offlne sync GP. Offline sync GP is in Applied. Any thoughts?
A: That could be quite a few things: First of all, go back to the individual GPO objects and make sure the settings are actually set, if not set the values again.
Try right-click your GPO modelling, pick Re-run query, then view the results. See if that helped - it could be the modelling was run before the settings you set had chance to be picked up, so the GPO appeared as "empty".

Have you noticed that on the summary tab of the Group Policy Modelling it has two sections, a Computer Configuration Summary and a User Configuration Summary, check that the objects show as "empty" in both sections. It could be that, for example, you're looking at the computer summary when all the settings are set in user configuration. It's quite misleading, because "empty" sounds like there's nothing set at all in the object, but instead it means there's nothing set in the computer/user configuration, whichever summary you're looking in.

If that still doesn't work, do a gpupdate /force on a client or on the server if necessary, then run rsop.msc, find the appropriate settings in the rsop.msc console, and see if they are set exactly as you set them in the group policy object editor. If they are, ignore the empty warnings.

Let me know if I've confused you with the computer and user summaries.


I hope that sorts everything out. Please feel free to ask any more questions, I'd rather you asked and get your problem sorted.

BTW, I'm in the UK too, so luckily we're in the same time zones!

I look forward to your reply
Matthew
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 18873324
Oh, and by the way, something I meant to say earlier on: I'm guessing all the laptops are running at least XP Professional or Vista Business - Offline files isn't included in XP Home Edition and I'm guessing it might not be included in anything less than the business edition of Vista either.

Cheers
Matthew
0
 

Author Comment

by:RobKanj
ID: 18875388
Matt

Top tigermatt!!! All good. Synching back and forth and even though I set the group policy to refresh every 10mins it stoll took a day for AD to chat to the workstations.
I set the offline synch to synch at logon and log off at both user and computer level. Synching is greyed out so its dictated by the server and the directors visited site today and are content. Not ecstatic but content!!!
Much appreciation of course the points to you but if I can ever be of any assitance email me on r.kanjilal@btinternet.com
Kind Regads
Rob
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 18876273
Hi Rob,

Brilliant to hear that it's working, finally! - if you need any help from me, email tigermatt (at) btinternet (dot) com

Thanks for the points!

Matthew
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now