Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How navigate to redirected folders via SBS 2008 VPN

Posted on 2009-12-22
18
Medium Priority
?
652 Views
Last Modified: 2012-05-08
If a user wants to access their desktop, is there any way to access it through the VPN?

(Assuming their computer is off, and they can't use remote web workplace)

There doesn't seem to be any way to navigate to the individual redirected folder even if you are logged in as the correct user.
0
Comment
Question by:Martin D
  • 11
  • 7
18 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26109457
If the remote PC is a member of the domain, then at logon there is an option "connect using dial-up connection". Choosing this allows you to select the VPN and authenticate to the domain before the logon completes. This then allows group policy and logon scripts to be applied such that redirected folders such as the desktop will sync with the remote client. Keep in mind due to the slow link this can take a while.
0
 

Author Comment

by:Martin D
ID: 26211908
dialup is not an option but thanks
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26274561
It is not a dial-up connection, that is just an old name. When you select that the VPN is then presented as a connection option, assuming you have created a Windows VPN connection previously.

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:Martin D
ID: 26279157
and how would they navigate to their redirected folder?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26279176
Just click on the folder the same as if in the office, it should automatically redirect via the VPN.
If it has many files this can be slow.
0
 

Author Comment

by:Martin D
ID: 26279183
have you actually done it?  there is no file path to the redirected folders via the server
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26279240
>>"there is no file path to the redirected folders via the server"
Not sure I follow. I assume this works now when in the office and on the same LAN.

Redirected folders are controlled by group policy. The only way to have group policy applied when off-site is using a VPN, and the VPN connection must be applied before logon completes. To do so you need to use the "dial-up connection" option mentioned earlier, which as stated is not really using a dial-up connection. It is just that VPN's are often classed in a similar way to dial-up because of the way they are handled by Routing and Remote Access.

This allows both redirected folders to be accessed as well as using offline files and have them sync over the VPN. Depending on the size of the folder (I don't recommend offline files if it is a large folders) and the speed of the link there can be "complications" but it defiantly works and is the Microsoft approved way.
On occasion you have to "tweak" the connection by also using the following group policies:
Computer Configuration | Administrative Templates | System | Logon  | Always wait for the network at computer startup and login
Computer Configuration | Administrative Templates | System | Group Policy | Group Policy slow link detection
Computer Configuration | Administrative Templates | System | Scripts | Run logon scripts synchronously
0
 

Author Comment

by:Martin D
ID: 26317497
we're having some other trouble with the VPN so it will be a week or two before I can test the suggestion.  

However, I still need a filepath.  The redirected folders of individual machines are not listed in the folder hierarchy of the server.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 26317793
The above methods are allowing you to use redirected folders. They do not really involve direct access to the files on the server.
Should you need to access these you need to locate the redirected location on the server, and you will still need to use the VPN if off site, though it doesn't have to be connected before logon. The folders are organized by user, not PC, and only the user has access, not even an administrator can access unless you edit permissions.
The default location is:
\\SBS2008Name\RedirectedFolders\UserName
or you could use the IP if you have VPN name resolution issues:
\\192.168.123.123\RedirectedFolders\UserName

The location is controlled by group policy. If the defaults were changed to locate you need to review the "Small Business Server Folder Redirection Policy" in the Group Policy Management Console, under  user configuration | policies | windows settings | Folder Redirection | <desktop/documents/favorites>
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26317821
PS-  \\SBS2008Name\RedirectedFolders is a share, not a file path. The default path is:
<drive letter>:\Users\FolderRedirections\UserName
0
 

Author Comment

by:Martin D
ID: 26440736
OK, I resolved our other VPN issues so I was finally able to test this.  Thanks for the filepath via the server.

Dialup is not always an option when signing in (I haven't figuring out why).

my roaming profile is unable to access its own redirected folder via the VPN due to permissions although the roaming admin profile I created is able to.  They have exactly the same permissions.

Regardless of what one thinks of the restrictions, I don't understand why you often are denied permission to access the current profile's redirected folders.  any ideas?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26444541
>>"Dialup is not always an option when signing in (I haven't figuring out why)."
It is only present on domain joined machines.

>>"I don't understand why you often are denied permission to access the current profile's redirected folders."
Usually it is because you are logged in locally with cached credentials, not actually logged on to the server. If the server is not available at logon, either via the LAN or an already established VPN, you are using cached credentials.
0
 

Author Comment

by:Martin D
ID: 26459958
actually all of our machines are on the domain but not have the dialup option

don't you mean "if the server IS available at logon?"  I've only signed on with either of two profiles on a variety of machines, and still had neither redirected folder available.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26463746
>>"actually all of our machines are on the domain but not have the dialup option"
Interesting. At logon when you press ctrl+alt+del is there not a "use a dial-up connection" check box?
What operating systems are the desktop machines?

>"don't you mean "if the server IS available at logon?"  "
No.
0
 

Author Comment

by:Martin D
ID: 26464397
all our laptops (& desktops) are on XP but not all have the dial option

you lost me on the cached credentials.  it would make sense to me that it's using cached credentials if it already was connected to the server at bootup.  When it's not, and i logon for access, doesn't that supplant any pervious cached credentials.  Since I've just freshly logged in but can't access the redirected folder & you're saying it's still using cached credentials, how do I override that?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26464551
In order for cached credentials to work the machine has to have been logged in to at least once while connected to the domain. After that you can log on to the PC/laptop, using the domain account, without having any sort of network connection, wired wireless, or VPN.

If you have a connection to the domain you will not used cached credentials but actually authenticate to the domain.

Often when connecting remotely, if you log onto the PC/Laptop first (using cached credentials), then connect to the domain using a VPN, and then try to access a resource on the domain that requires credentials, you can be refused as it sees it as trying to access the domain using the same credentials twice, or using two different sets of credentials, neither of which the server likes. Connecting in this way can sometimes be flaky. This is why connecting the VPN before logon is much more beneficial, when possible.

I'll see if I can figure out why the "dial-up" option is not always available.

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26543678
Only two reasons I can see that the dial-up option would not be available are:
-computer is not a member of the domain
-following registry key is set to 1 (1 = disable, 0 = enable)
HKLM\Software\Microsoft\Windowsnt\CurrentVersion\Winlogon\RASDisable
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26543696
A third:
-When the VPN is created you are asked if only for use by current user or for use by all users. You must select all users.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question