How navigate to redirected folders via SBS 2008 VPN
If a user wants to access their desktop, is there any way to access it through the VPN?
(Assuming their computer is off, and they can't use remote web workplace)
There doesn't seem to be any way to navigate to the individual redirected folder even if you are logged in as the correct user.
(Assuming their computer is off, and they can't use remote web workplace)
There doesn't seem to be any way to navigate to the individual redirected folder even if you are logged in as the correct user.
Rob Williams
If the remote PC is a member of the domain, then at logon there is an option "connect using dial-up connection". Choosing this allows you to select the VPN and authenticate to the domain before the logon completes. This then allows group policy and logon scripts to be applied such that redirected folders such as the desktop will sync with the remote client. Keep in mind due to the slow link this can take a while.
ASKER
dialup is not an option but thanks
It is not a dial-up connection, that is just an old name. When you select that the VPN is then presented as a connection option, assuming you have created a Windows VPN connection previously.
ASKER
and how would they navigate to their redirected folder?
Just click on the folder the same as if in the office, it should automatically redirect via the VPN.
If it has many files this can be slow.
If it has many files this can be slow.
ASKER
have you actually done it? there is no file path to the redirected folders via the server
>>"there is no file path to the redirected folders via the server"
Not sure I follow. I assume this works now when in the office and on the same LAN.
Redirected folders are controlled by group policy. The only way to have group policy applied when off-site is using a VPN, and the VPN connection must be applied before logon completes. To do so you need to use the "dial-up connection" option mentioned earlier, which as stated is not really using a dial-up connection. It is just that VPN's are often classed in a similar way to dial-up because of the way they are handled by Routing and Remote Access.
This allows both redirected folders to be accessed as well as using offline files and have them sync over the VPN. Depending on the size of the folder (I don't recommend offline files if it is a large folders) and the speed of the link there can be "complications" but it defiantly works and is the Microsoft approved way.
On occasion you have to "tweak" the connection by also using the following group policies:
Computer Configuration | Administrative Templates | System | Logon | Always wait for the network at computer startup and login
Computer Configuration | Administrative Templates | System | Group Policy | Group Policy slow link detection
Computer Configuration | Administrative Templates | System | Scripts | Run logon scripts synchronously
Not sure I follow. I assume this works now when in the office and on the same LAN.
Redirected folders are controlled by group policy. The only way to have group policy applied when off-site is using a VPN, and the VPN connection must be applied before logon completes. To do so you need to use the "dial-up connection" option mentioned earlier, which as stated is not really using a dial-up connection. It is just that VPN's are often classed in a similar way to dial-up because of the way they are handled by Routing and Remote Access.
This allows both redirected folders to be accessed as well as using offline files and have them sync over the VPN. Depending on the size of the folder (I don't recommend offline files if it is a large folders) and the speed of the link there can be "complications" but it defiantly works and is the Microsoft approved way.
On occasion you have to "tweak" the connection by also using the following group policies:
Computer Configuration | Administrative Templates | System | Logon | Always wait for the network at computer startup and login
Computer Configuration | Administrative Templates | System | Group Policy | Group Policy slow link detection
Computer Configuration | Administrative Templates | System | Scripts | Run logon scripts synchronously
ASKER
we're having some other trouble with the VPN so it will be a week or two before I can test the suggestion.
However, I still need a filepath. The redirected folders of individual machines are not listed in the folder hierarchy of the server.
However, I still need a filepath. The redirected folders of individual machines are not listed in the folder hierarchy of the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PS- \\SBS2008Name\RedirectedFo
<drive letter>:\Users\FolderRedir
<drive letter>:\Users\FolderRedir
ASKER
OK, I resolved our other VPN issues so I was finally able to test this. Thanks for the filepath via the server.
Dialup is not always an option when signing in (I haven't figuring out why).
my roaming profile is unable to access its own redirected folder via the VPN due to permissions although the roaming admin profile I created is able to. They have exactly the same permissions.
Regardless of what one thinks of the restrictions, I don't understand why you often are denied permission to access the current profile's redirected folders. any ideas?
Dialup is not always an option when signing in (I haven't figuring out why).
my roaming profile is unable to access its own redirected folder via the VPN due to permissions although the roaming admin profile I created is able to. They have exactly the same permissions.
Regardless of what one thinks of the restrictions, I don't understand why you often are denied permission to access the current profile's redirected folders. any ideas?
>>"Dialup is not always an option when signing in (I haven't figuring out why)."
It is only present on domain joined machines.
>>"I don't understand why you often are denied permission to access the current profile's redirected folders."
Usually it is because you are logged in locally with cached credentials, not actually logged on to the server. If the server is not available at logon, either via the LAN or an already established VPN, you are using cached credentials.
It is only present on domain joined machines.
>>"I don't understand why you often are denied permission to access the current profile's redirected folders."
Usually it is because you are logged in locally with cached credentials, not actually logged on to the server. If the server is not available at logon, either via the LAN or an already established VPN, you are using cached credentials.
ASKER
actually all of our machines are on the domain but not have the dialup option
don't you mean "if the server IS available at logon?" I've only signed on with either of two profiles on a variety of machines, and still had neither redirected folder available.
don't you mean "if the server IS available at logon?" I've only signed on with either of two profiles on a variety of machines, and still had neither redirected folder available.
>>"actually all of our machines are on the domain but not have the dialup option"
Interesting. At logon when you press ctrl+alt+del is there not a "use a dial-up connection" check box?
What operating systems are the desktop machines?
>"don't you mean "if the server IS available at logon?" "
No.
Interesting. At logon when you press ctrl+alt+del is there not a "use a dial-up connection" check box?
What operating systems are the desktop machines?
>"don't you mean "if the server IS available at logon?" "
No.
ASKER
all our laptops (& desktops) are on XP but not all have the dial option
you lost me on the cached credentials. it would make sense to me that it's using cached credentials if it already was connected to the server at bootup. When it's not, and i logon for access, doesn't that supplant any pervious cached credentials. Since I've just freshly logged in but can't access the redirected folder & you're saying it's still using cached credentials, how do I override that?
you lost me on the cached credentials. it would make sense to me that it's using cached credentials if it already was connected to the server at bootup. When it's not, and i logon for access, doesn't that supplant any pervious cached credentials. Since I've just freshly logged in but can't access the redirected folder & you're saying it's still using cached credentials, how do I override that?
In order for cached credentials to work the machine has to have been logged in to at least once while connected to the domain. After that you can log on to the PC/laptop, using the domain account, without having any sort of network connection, wired wireless, or VPN.
If you have a connection to the domain you will not used cached credentials but actually authenticate to the domain.
Often when connecting remotely, if you log onto the PC/Laptop first (using cached credentials), then connect to the domain using a VPN, and then try to access a resource on the domain that requires credentials, you can be refused as it sees it as trying to access the domain using the same credentials twice, or using two different sets of credentials, neither of which the server likes. Connecting in this way can sometimes be flaky. This is why connecting the VPN before logon is much more beneficial, when possible.
I'll see if I can figure out why the "dial-up" option is not always available.
If you have a connection to the domain you will not used cached credentials but actually authenticate to the domain.
Often when connecting remotely, if you log onto the PC/Laptop first (using cached credentials), then connect to the domain using a VPN, and then try to access a resource on the domain that requires credentials, you can be refused as it sees it as trying to access the domain using the same credentials twice, or using two different sets of credentials, neither of which the server likes. Connecting in this way can sometimes be flaky. This is why connecting the VPN before logon is much more beneficial, when possible.
I'll see if I can figure out why the "dial-up" option is not always available.
Only two reasons I can see that the dial-up option would not be available are:
-computer is not a member of the domain
-following registry key is set to 1 (1 = disable, 0 = enable)
HKLM\Software\Microsoft\Wi
-computer is not a member of the domain
-following registry key is set to 1 (1 = disable, 0 = enable)
HKLM\Software\Microsoft\Wi
A third:
-When the VPN is created you are asked if only for use by current user or for use by all users. You must select all users.
-When the VPN is created you are asked if only for use by current user or for use by all users. You must select all users.