Windows 7 Folder Redirection/Offline Files Problem in Windows 2003 R2 Domain

We just rolled out Windows 7 to a few of our users in a Windows 2003 R2 Domain. With Group Policy we have rolled out Folder Redirection and offline files. This has worked fine in Windows XP. However our users in Windows 7 are able to view the directory contents, create new files, delete existing files BUT NOT able to read, change or write to any files. Upon checking the logs of the sync center it says unable to sync access is denied.

The network share is as follows:

The redirection is for documents so john doe would be
\\myserver\users\jdoe\My Documents\

John has Full control on his My Documents folder and everything underneath. He is also a regular user on the Windows 7 box. If he logs in to an XP box he can do anything he wants to his My Documents. If he logs into Windows 7 all he can do is delete, or right click and say new-> Document and change its name. Any thoughts?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you do not have GPMC, get it from

Using GPMC run a GPMC results wizard for the workstation/user (the same as running Resultant Set of Policy (RSoP) on the workstation but with much more detail such that which policies have these settings and which is the winning policy.  This type of information eliminates the step by step modification where multiple policies have the same setting and all those policies are applied to the OU of the computer or the user.
Make sure there is no issues in having the GPO applied and that the right GPO applies.  In recent weeks someone else posted a similar issue they were having with windows 7  and folder redirection.  It turned out to be an issue of the wrong policy being the winning policy but could not be applied for one reason or another.
In your case, it seems that Folder redirection policy applies, but the issue might be with the security or UAC interferring in some way.

Do you create the \\myserver\users\%username% folder or was/is it created when you add/created the user.  What are the security and share permissions on the users share?  Are the security settings on the %username% folder under advanced have a check in inherit from parent? And if it is, do you have a special setting on the users security folder with a deny read right to domain users\everyone?

I have a win2k3 AD with XP and windows 7 clients and the addition of the windows 7 workstation did not pose or require any alterations to the folder redirection mechanism. (Oh, I use domain based shares rather than server based shares as you have setup.)
Out of interest then, between the 2 of you - @arnold: When you created your redirected folder policy that worked fine without any alterations, did you use a Windows 7 client to configure the policy remotely, or did you do it directly from an XP/2003 server?

I'm just wondering if there is some difference between the folder redirection templates, so that if a Win7 (or obviously Win2k8) box is used to configure the policy in the first place, the 'updated' templates allow for everything to go smoothly, whereas if the older XP/2003 templates are used instead, there may possibly be problems?

I don't have any Win7/2k8 machines to play with yet, so I'm only speculating...

I created the GPO a long time ago on a win2k3 system before windows 7/windows 2008 using the GPMC on the server. The folder redirection GPO applies at the top of the domain tree and applies to users of a particular AD group (to avoid the redirection of an admin account folders)  I am redirecting all four folders:
desktop, application data, start menu, and my documents.

I think I applied the group policy preferences to the system but have not configured them.

I however, use a domain based share \\ADdomain\sharename.

Using GPMC it is simpler to diagnose issues with GPO instead of running RSoP or gpresult on an individual computer for a user.

CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

Ah ok, just wondering in case it made a difference to the scenario in question... I guess not though!

Sounds like you've used DFS for yours, though I'm not sure what difference that would really make in the context of the problem at hand... It almost just sounds like the users have permissions to "This folder only" as opposed to "This folder, subfolders and files", but that doesn't make sense either if it works fine from an XP machine...

Very strange...
Unfortunately, there is no responses from the asker so it is hard to say what the issue really is.
Agreed! CAGdorf?? You there?? Throw us a bone!
CAGdorfAuthor Commented:
Sorry all! I have been on vacation and away from e-mail.
So here are the answers to the questions:
I used a Windows 2008 server with GPMC to manage the GPO. The folder redirection policy was created a long time ago back when Windows 2003 was the latest and greatest.
The user in question's folder was manually created, however I created a new test user and have the same result. The user that does work is in the same exact container as the user that doesn't. I even had them switch PCs, and no success so it is not the PC.
Permissions on the shared folder where the user's docs are according to the Msoft document:
Run the result wizard within GPMC on the windows 7 workstation and the test user to see what applies to the computer/user.   You may have Group policy preference settings that apply and might conflict with the old GPO for folder redirection.
The Group Policy Preferences do not apply to the XP workstation unless the option Group Policy Preference update was installed on the windows XP and still not all preferences apply to XP workstations.
CAGdorfAuthor Commented:
I found out the problem. It was not in the folder redirection but the offline files. I used a computer with offline files disabled and it worked just fine, so after playing around I found out it was the "Encrypt Offline Files" setting. I turned this to off and it works great.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.