[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Can't get folder redirection working

Posted on 2008-02-09
13
Medium Priority
?
554 Views
Last Modified: 2012-06-27
Hey guys I am having trouble with folder redirection

Server is called test-server. Domain is called test.local.   In Active Directory Users I have a OU called Folder Redirected Users.  In that OU I have users test1, test2, test3.  In that OU I created a security group called "folder redirection"

I go into Group Policy Management and right click on the test.local and selected Create and Link GPO, calling it Test.  I did the group policy setting for My Documents redirection and selected \\test-server\Storage

For that folder i added the group "folder redirection" and gave full control to that.

In the group policy mangement when i click on the OU Folder Redirected Users, under Group Policy Inheritance, the Test GPO is listed as the last GP in the list.  

However I cannot get it working, tried restarting and doing gpupdate /force on clients and gpupdate on server.

No folder are created.

I then also tried to right click on the OU in Group Policy Management and did Link Existing GPO and I selected the Test GP and still no work.

What did I do wrong?

0
Comment
Question by:Fluid_Imagery
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 11

Accepted Solution

by:
PlaceboC6 earned 800 total points
ID: 20859892
#1 Make sure all client machines are pointed to a DC/DNS server for DNS only.  No ISP or third party DNS even as an alternate.

#2 You will have to do a log off/log on to test in addition to the gpupdate /force

#3 Make sure the group that you put test users in have full control on the share and then at least "LIST" permissions on the folder permissions.  Without a minimum of list,  it will not auto-create the sub folders.
0
 

Author Comment

by:Fluid_Imagery
ID: 20860099
#1 did it =)  thought I had the DNS configured but the VMware machine is handing out IPs and isn't configured to give out the ip of the server.  all good now =)

Thats.

Just curious whats a better way to do it:
Create a group, add users to group, and apply GPO to group
or
Create a OU, add users to OU, apply GPO to OU.  

0
 
LVL 70

Expert Comment

by:KCTS
ID: 20860587
GPOs are NOT applied to security groups. If you create users and put the users in a group and then put the group in the OU the settings WILL NOT be applied - the user accounts themselves must be in the OU.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 1200 total points
ID: 20860756
You would be much better setting the GPO to apply over the OU with security filetring for Authenticated Users.

As for configuring the Folder Redirection, you need to make sure you are redirecting the folders to a share which doesn't host any roaming profiles. The NTFS permissions on the shared folder should be as shown in the attached screenshots (this is what I use anyway and it always works).

Take care over getting the Scope of the permissions correct - as you can see in the first image some settings are applied over everything (This folder, subfolders and files) while others are just over Subfolders and Files. Also, the Domain Users group only has 3 permissions over This folder only - those permissions allow them to create their own folders where you specify %username% in the redirection path in the GPO settings.

I would strongly recommend against creating the folders beforehand - set up Redirection in GPO and then refresh group policy before logging on and off once or twice - the folders will be created automatically with the permissions shown below.

You may also want to remove the "Grant user exclusive rights over..." on the Settings tab of the redirection - this means it still inherits permissions from the parent so Domain Admins etc. can still access the users' redirected folders. I find this useful sometimes when a user calls having a problem with a document they've stored.
folder-redirect-NTFS-permissions.jpg
folder-redirect-domain-user-perm.jpg
folder-redirect-share-permission.jpg
0
 
LVL 11

Expert Comment

by:PlaceboC6
ID: 20861057
Fluid,  glad I was able to help. :)
0
 

Author Comment

by:Fluid_Imagery
ID: 20861313
Thanks everyone for more posts.  Just another quick question so I know I am implementing correct

OU has 3 users(test1,test2,test3) and security group Folder Redirector Group with these 3 users as a member of.  

I right clicked on the domain.local and created a new GP, under Scope I removed Authenticated Users and added the security group Folder Redirector Group.  Is that correct?

So then If i click on the OU in GPMC, I see Default Group Policy listed first, then the new GP listed.  Under the OU I don't have a GP Object linked to it, only in the group policy inheritance tab.  Is this correct?

0
 

Author Comment

by:Fluid_Imagery
ID: 20861345
Now it's not working again.  

When I was looking I noticed that the new GP was listed like so: NewGP, Default GP, NewGP under Inheritance.  

So I removed the one that was as #1 and it removed the GP that was listed below the OU in Group Policy Management, then it stopped working.

however when I log off the test machines, it does a syncronization window =/

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20861355
I wouldn't be using that security group at all, and I recommend you delete that and restore the Authenticated Users group in the GPO before you continue. Then, right-click the GPO link in domain.local and press Delete. Then, go into your OU for Folder Redirected Users, right-click on it, Link an existing GPO, find your GPO in the list and press OK.

This is the recommended method for linking GPOs to objects in AD when the GPO settings should be shared by all objects in a particular OU. The only time you should use security filtering and link it to the root of the domain is if you have objects which are spread across multiple OUs and should have the same settings applied - i.e. Domain Admins.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20861358
however when I log off the test machines, it does a syncronization window =/

This is performed by default, because all redirected folders are automatically synchronized from the server. In the case of fixed workstations whose users wouldn't need to access their files when disconnected from the network, then you can safely disable this by enabling the GPO to prevent use of the Offline Files feature.

I'm pretty sure its in User Config, Administrative Templates, Network, Offline Files, but I can't check at the minute.
0
 

Author Comment

by:Fluid_Imagery
ID: 20861359
Should I right click on the domain.local and create a new GPO in that list?

Or do I just right click on the OU and select "create and link a new GPO here"?

Because I did the first one and automatically the OU has default group policy listed first, then thew new group policy listed.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20861365
Is this GPO one which will be disabling offline files? If so you could put the setting in with the existing GPO which is distributing the settings for Folder Redirection, no need for another object.
0
 

Author Comment

by:Fluid_Imagery
ID: 20861388
Okay so I deleted everything I did:
Deleted the Security Group
Deleted the linked GPO
Right clicked on the OU, and selected Create and Link GPO here, edit the GPO for My Desktop and My Documents folder redirected
Shared out folder (gotta work on permisions still).

Working fine now.  So thats the correct way?

One other question is the "administrator" account doesn't have access to the users folder, I tried adding administrator with full access and still doesn't work.  Any tip for that?
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 1200 total points
ID: 20861421
Do you mean the Administrator doesn't have access to the subfolders for each user? In my above post I already covered this - "You may also want to remove the "Grant user exclusive rights over..." on the Settings tab of the redirection - this means it still inherits permissions from the parent so Domain Admins etc. can still access the users' redirected folders. I find this useful sometimes when a user calls having a problem with a document they've stored."

http:#a20860756
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question