SBS 2003 Group Policy Issue

Posted on 2011-03-07
Medium Priority
Last Modified: 2012-06-27
I am working with a fresh install of SBS 2003 R2 Premium. I modified Group Policy to redirect Application Data, Desktop & Documents folders to a network share. Worked great.

Problem is I need to install a vendor software package that saves a file to the local Applicaiton Data folder, so I disabled the policies, rebooted, ran GPupdate /force, dcgpofix and scratched my head bloody, but the thing is still redirecting Applicaiton Data and Desktop. How in the world do i get it to stop redirecting these folders?

The server is still in lab, with all Service Pack & updates installed. Once the vendor software is installed, I copy the file created to the network redirect and the software runs fine. I simply forgot to install it before doing the policy. Any suggestions?
Question by:michaelm352
  • 3
LVL 78

Expert Comment

by:Rob Williams
ID: 35065455
In the policy itself did you check "Redirect the folder back to the local user profile when the policy is removed"?
If not try that, followed by GPupdate /force.
Seems to me folder redirection requires 2 logons before applied, after GPupdate

Author Comment

ID: 35065720
I re-enabled the policy, ensured the "Redirect the folder back, etc" was checked, followed by two gpupdate /force, then a reboot. Desktop and app data once again are redirected.

After the reboot, i disabled the policy, followed by three gpupdate /force, and another reboot, but the folders are still redirecting. .... ... .. . At a loss here...
LVL 61

Expert Comment

by:Cliff Galiher
ID: 35075135
Common mistake, and common misperception.

What happens here is that when the group policy is *first* applied, if the checkbox to "redirect to original location" is checked then the original location is stored in the registry so that files can get moved back when the GP falls outside of scope. If you initially created the policy WITHOUT checking that box then that setting never got saved to the registry, files got moved, and the "original" location is lost forever. No amount of checking, gpupdate, etc after the fact can recover that info because the data was already moved and the path destroyed.  This is why even reapplying the policy and checking the box doesn't fix the issue. At this point the "original" loYou *cation *is* the server.

All is not lost, however. What you can do is enable folder redirection, and in the location path of the group policy, choose "redirect to the local userprofile location" (I also recommend *UNCHECKING* the move to original location checkbox!)

This will cause folder redirection to move files back to the default location for user profiles on that machine...which in 99% of all cases is what you want.


If you are interested in exactly what the difference is, a simple illustration:

1) You start out with a local profile.

2) Your music is in c:\users\cgaliher\music (win7 assumed here)

3) You right-click on the music folder in your local profile and change the location to a folder on your D: drive because it has more space.

4) Later, folder redirection is enabled and the original location checkbox is checked.

5) Even later, the group policy is disabled.
... because that checkbox was checked, files in the music folder will get moved from the shared path back to D:, *NOT* back to C:. The custom path for the music was preserved.

Conversely, if the checkbox was *NOT* checked and the "redirect to local userprofile location" option is used, the music files will be moved back to c:\users\cgaliher\music (the default location for music in a new profile) as an assumed default must be used now. The custom path was not preserved.


As you can see, in most cases, where custom paths were not defined on local resources before the policy was in place, the end result will actually be the same. But I wanted to illustrate the difference as, in rare cases, odd side-effects can occur, particularly with profiles that may have large amounts of redirected data that reside on local volumes too small to accomodate the new redirection back to default local paths.

As always, have a backup.


Accepted Solution

michaelm352 earned 0 total points
ID: 35076035
Thanks for the thorough explanation Cliff, I solved the issue in a simple way. As the only user on this server was Administrator, I did a search of the Registry for "Administrator" and sure enough, was able to locate and correct the errant path entries. Rebooted, and everything is back to normal.

I have since installed the vendor package, captured the propriatary file from local settings and recreated the policies with the "redirect to original location" box CHECKED!

Appreciate the responses, THANKS!

Author Closing Comment

ID: 35120726
The first response did not correct the issue. After researching and testing, the solution I did was completed before the second response was posted.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question