Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1159
  • Last Modified:

How can I block domain level folder redirection Group Policy

HI Experts.

I have a a domain level Folder redirection policy that applies Folder Redirection.

The Folder Redirection GP setting is in User Configuration/windows settings/folder redirection and just redirects the "My Documents" folder.

I can block users but how can I block a site or GP group holding serveral PCs inside the Domain from from this group policy?  i.e. I want to stop a range of computers urnning the policy

I've got 10 other Group policies at domain level so just blocking Inheritance isn't going to work..

Thanks

0
jmsjms
Asked:
jmsjms
  • 7
  • 4
  • 3
1 Solution
 
MarkieSCommented:
You can use Security Group filtering to only apply the policy if the <Computer> or <User>  IS or ISNOT a member of that Group.

Or you can do similar with WMI filters
0
 
jmsjmsAuthor Commented:
Thanks for your comment.

Can I add a group of computers or can it only be one by one?

I have a look at WMI and it just seems to filter by OS.

0
 
MarkieSCommented:
I just spotted the flaw in this plan...

Folder redirection is done under the "User Settings" part of the policy.

But you are trying to apply the policy to computers in which case only the "Computer Settings" will be applied.

To acheive this you will need "Loopback Policy Processing" turned on.  This is handled better in Win2k8 and Win7 - not so good on Win2k3 and XP.

Unfortunately I have to head off so I wont be able to advise further until tomorrow but please feel free to post to other "Experts" about Loopback Policy processing.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jmsjmsAuthor Commented:
Ah I see. And googling shows up "Loopback Policy Processing" as a little unpredictable.

Any one else got any ideas or am I asking for something that isn't feasible or should be handled differently?

Thanks
0
 
NavdeepCommented:
I see that you are using User Setting, This policy will only be applicable to users not computers. More over you can disable the computer policy of GPO using GPMC tool so that only User part setting will be applied.
0
 
jmsjmsAuthor Commented:
I can block users but how can I block a site or GP group holding serveral PCs inside the Domain from from this group policy?  i.e. I want to stop a range of computers running the policy.  Thanks
0
 
NavdeepCommented:
Hi,

As I mentioned earlier computer configuration changes will be applicable to computer and users configuration to user.

See the attached screenshot how to disable computer configuration part of the GPO


disableComputerSettings.jpg
0
 
jmsjmsAuthor Commented:
Thanks for your comment V-2nas, but I dont understand why disabling the computer configuration would help here?  THis is (as you mention yourself) a User setting but I'm trying to see if there's a way of blocking it on a range of PCs.
0
 
jmsjmsAuthor Commented:
I'm beginning to think that I'm fighting against the wind on this one and should accept it's a policy that is User specific, not PC specific.  

Sort of makes a kind of sense in that if it was PC based and the affect users went on a PC that want affected they would have redirection working again.  which would proably make the users confused.

Therefore, unless anyone has any good ideas I'll note this as not having a solution.

0
 
MarkieSCommented:
In an XP/2003 environment the only way I got this sort of thing (Apply computer settings to users and user settings to computers)  to work reliably was to Kix script the login script and test for
- OU membership of the user - then apply registry HKLM settings
- OU membership of the computer - then apply registry HKCU settings

As I said in my first post - Win7 and Win2k8 handle this alot better...

cheers
0
 
jmsjmsAuthor Commented:
OK.  Thanks MarkieS.  

Your post above suggests a way forward but I hanv't got the time/expertise to muck around with Kix so I'm just going to follow MS's thinking for now, and block it by User rather than by PC.  

As your post could be used as a starting point for someone with a similar problem I'll mark it as the answer.  Many thanks for your comments.

V2-nas, i can't see the relevance of your comments, so I'll give Markies the points.  Apologies if I'm missing a point.

0
 
jmsjmsAuthor Commented:
Marked as B as it's not a complete answer, more of a starting point.  (but a useful one at that!).  Cheers John
0
 
NavdeepCommented:
Its ok :)
0
 
MarkieSCommented:
Thanks jmsjms.

If you decide to go Kix script route drop another line.

all the best...

Markie S
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now