Solved

Conflict between Windows Server 2003 SBS Folder Redirection, and roaming profiles

Posted on 2008-10-27
3
687 Views
Last Modified: 2010-04-21
I have Server-A (Windows 2003 SBS, file and print server and Domain Controller for the network

With 28 workstations, A-1 to A-28. Each A-user has its own workstation, with local profile, with My Documents and Desktop redirected to the user share on the server through a GPO redirection. These users (Group-A) are set up as domain power users.

I then add 6 workstations, B-1 to B-6.

Similar setup, but for 10 B-Users, who have ROAMING profiles. Otherwise, same setup, My Documents and Desktop redirected to the user share on the server through a GPO redirection.

A-users don't have any problems, all is good.

B-users shows some unusual behavior: if User-B1 deletes a file from his account, the file disappears as it should. Then User-B1 logs off, logs back on, and the deleted file is back in his account! This happens to all deleted files.


     It turns out, when B-user James logs in, his profile (including documents and desktop) are copied locally.
     Then when James deletes my_doc_1.doc from what he sees as "My documents", he actually deletes
 \\ServerA\UserFiles\James\My Documents\my_doc_1.doc
     And then when James logs off, his local copy of the profile is copied back to the server, INCLUDING my_doc_1.doc. Thus, when he logs back on, he sees the file back in place - he is never able to delete files!
     Very frustrating!


     I was told to to move folder redirections to a location outside of the roaming profile. So I took the folder redirection GPO (which points to "\\ServerA\UserFiles\%username%\"), and I changed the scope from "Domain users" to "A-group".
     Then I created another redirection GPO, applied it to "B-group" only, and set the redirection to "\\ServerA\UserFiles-B\%username%\".


     Did gpupdate /force, restarts, multiple logon / logoff, cycles. To no avail. Every time I login as James, I still get sent to  \\ServerA\UserFiles\James\My Documents\ (the old redirection folder).
     
     When I tried rsop.msc, it even told me that the redirection policy is
my documents > \\ServerA\UserFiles\James\My Documents.
     But it didn't  tell me which GPO was causing that (GPO = '           ')

     How can I change this mapping?

0
Comment
Question by:Ronino
  • 2
3 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22822186
Sounds like the issue that when using folder redirection to move data and original folder contains files, folder redirection policy will fail/rollback if target folder/share doesn't have correct permissions.
User shall have full control on both share and NTFS.

http://technet.microsoft.com/en-us/library/cc775853.aspx
0
 

Author Comment

by:Ronino
ID: 22863268
This question was posted in conjunction with

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23807085.html

Thank you for your help, henjoh09, it was a permissions problem indeed.

It also turns out the redirection GPO takes quite a while (hours) to propagate, despite several system reboots and gpudate / force
0
 

Author Closing Comment

by:Ronino
ID: 31510267
Thank you - that was it.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question