[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 7 Folder Redirection/Offline Files Problem in Windows 2003 R2 Domain

Posted on 2009-12-31
9
Medium Priority
?
6,311 Views
Last Modified: 2012-05-08
We just rolled out Windows 7 to a few of our users in a Windows 2003 R2 Domain. With Group Policy we have rolled out Folder Redirection and offline files. This has worked fine in Windows XP. However our users in Windows 7 are able to view the directory contents, create new files, delete existing files BUT NOT able to read, change or write to any files. Upon checking the logs of the sync center it says unable to sync access is denied.

The network share is as follows:
\\myserver\users\

The redirection is for documents so john doe would be
\\myserver\users\jdoe\My Documents\

John has Full control on his My Documents folder and everything underneath. He is also a regular user on the Windows 7 box. If he logs in to an XP box he can do anything he wants to his My Documents. If he logs into Windows 7 all he can do is delete, or right click and say new-> Document and change its name. Any thoughts?
0
Comment
Question by:CAGdorf
  • 4
  • 3
  • 2
9 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 26158032
If you do not have GPMC, get it from http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887.

Using GPMC run a GPMC results wizard for the workstation/user (the same as running Resultant Set of Policy (RSoP) on the workstation but with much more detail such that which policies have these settings and which is the winning policy.  This type of information eliminates the step by step modification where multiple policies have the same setting and all those policies are applied to the OU of the computer or the user.
Make sure there is no issues in having the GPO applied and that the right GPO applies.  In recent weeks someone else posted a similar issue they were having with windows 7  and folder redirection.  It turned out to be an issue of the wrong policy being the winning policy but could not be applied for one reason or another.
In your case, it seems that Folder redirection policy applies, but the issue might be with the security or UAC interferring in some way.

Do you create the \\myserver\users\%username% folder or was/is it created when you add/created the user.  What are the security and share permissions on the users share?  Are the security settings on the %username% folder under advanced have a check in inherit from parent? And if it is, do you have a special setting on the users security folder with a deny read right to domain users\everyone?

I have a win2k3 AD with XP and windows 7 clients and the addition of the windows 7 workstation did not pose or require any alterations to the folder redirection mechanism. (Oh, I use domain based shares rather than server based shares as you have setup.)
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 26180275
Out of interest then, between the 2 of you - @arnold: When you created your redirected folder policy that worked fine without any alterations, did you use a Windows 7 client to configure the policy remotely, or did you do it directly from an XP/2003 server?

I'm just wondering if there is some difference between the folder redirection templates, so that if a Win7 (or obviously Win2k8) box is used to configure the policy in the first place, the 'updated' templates allow for everything to go smoothly, whereas if the older XP/2003 templates are used instead, there may possibly be problems?

I don't have any Win7/2k8 machines to play with yet, so I'm only speculating...

Pete
0
 
LVL 81

Expert Comment

by:arnold
ID: 26180944
I created the GPO a long time ago on a win2k3 system before windows 7/windows 2008 using the GPMC on the server. The folder redirection GPO applies at the top of the domain tree and applies to users of a particular AD group (to avoid the redirection of an admin account folders)  I am redirecting all four folders:
desktop, application data, start menu, and my documents.

I think I applied the group policy preferences to the system but have not configured them.

I however, use a domain based share \\ADdomain\sharename.

Using GPMC it is simpler to diagnose issues with GPO instead of running RSoP or gpresult on an individual computer for a user.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 19

Expert Comment

by:PeteJThomas
ID: 26181392
Ah ok, just wondering in case it made a difference to the scenario in question... I guess not though!

Sounds like you've used DFS for yours, though I'm not sure what difference that would really make in the context of the problem at hand... It almost just sounds like the users have permissions to "This folder only" as opposed to "This folder, subfolders and files", but that doesn't make sense either if it works fine from an XP machine...

Very strange...
0
 
LVL 81

Expert Comment

by:arnold
ID: 26181472
Unfortunately, there is no responses from the asker so it is hard to say what the issue really is.
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 26181555
Agreed! CAGdorf?? You there?? Throw us a bone!
0
 
LVL 5

Author Comment

by:CAGdorf
ID: 26182618
Sorry all! I have been on vacation and away from e-mail.
So here are the answers to the questions:
I used a Windows 2008 server with GPMC to manage the GPO. The folder redirection policy was created a long time ago back when Windows 2003 was the latest and greatest.
The user in question's folder was manually created, however I created a new test user and have the same result. The user that does work is in the same exact container as the user that doesn't. I even had them switch PCs, and no success so it is not the PC.
Permissions on the shared folder where the user's docs are according to the Msoft document:
http://support.microsoft.com/default.aspx/kb/274443
 
 
0
 
LVL 81

Expert Comment

by:arnold
ID: 26183280
Run the result wizard within GPMC on the windows 7 workstation and the test user to see what applies to the computer/user.   You may have Group policy preference settings that apply and might conflict with the old GPO for folder redirection.
The Group Policy Preferences do not apply to the XP workstation unless the option Group Policy Preference update was installed on the windows XP and still not all preferences apply to XP workstations.
0
 
LVL 5

Accepted Solution

by:
CAGdorf earned 0 total points
ID: 26186275
I found out the problem. It was not in the folder redirection but the offline files. I used a computer with offline files disabled and it worked just fine, so after playing around I found out it was the "Encrypt Offline Files" setting. I turned this to off and it works great.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question