Folder Redirection causing client icon to change

epichero22 used Ask the Experts™

I'm trying to redirect my users' Downloads folder to a share on my server.  It works, but it changes the user's "Downloads" folder name and icon to the name of the share on the network.  I would like for it to keep the default naming convention to provide transparency to the user.

I want to redirect the folder to a common shared resource that all users will be able to see and collaborate with on the server.  So here's how I did it:

Sharing Information:
Administrators: Full Control
Authenticated Users: Change Permissions

Security Info:
SYSTEM & Administrators: Full Control
Authenticated Users: Everything except Full Control, Change Permissions, and Take Ownership; Apply to this folder, subfolders and files.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
What you want cannot be done. Folder redirection policies work by updating the folder location in the OS. This is by design and there isn't a built in way to link a local directory (c:users\username\downloads) to a UNC path without the OS knowing and exposing that link.

additionally, folder redirection was designed to redirect individual folder, but maintains ysers' individual containersvand permissions. Attempting to redirect multiple users to a shared resource will resultin failed permissions checks and ultimately folder redirection will fail.

In short, this is a user training issue. Just as a user must kearn how to cut and paste within MS Word and work within the limitations of that program, so must they learn how to save downloads that they want to share to a shared location (file share, sharepoint, evernote, etc) that has been set up specifically for collaboration.



I figured that and thanks for confirming.  Would it be possible to share access to the folder redirection root?  So users can have their own subdirectories (user aliases with documents, desktop, and download subfolders), but if someone wants to see another's desktop files, they'd be able to.
Distinguished Expert 2018

You can point to a common shared root, but each user's subfolder will be created automatically by the policy and is created with exclusive access. If you attempt to manually create the subfolders ahead of time, you still create a scenario where the policy engine will detect the permissions mismatch from what it expects and will therefore not apply redirection for security.

User's private data is private by design and is a core security model in Windows. there is no way to force the policy to ignore one of its core security principles.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial