If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Windows Server 2008 redirection is not working.
The redirection was not working. The redirection was set up to move items on the desktop to the server. That did not seem to be working.
I found an problem in the settings for the Desktop that the Grant the user exclusive rights to the Desktop was checked and I unchecked that.
However, I ended up getting lots of complaints that the desktop icons were gone. I tried taking adminstrator control of the redirection folders then passing the control back to the user. That has restored some icons, etc but the problem is not gone. Nor do I see the files created on one computer moving to a second computer when someone logs on.
I found an problem in the settings for the Desktop that the Grant the user exclusive rights to the Desktop was checked and I unchecked that.
However, I ended up getting lots of complaints that the desktop icons were gone. I tried taking adminstrator control of the redirection folders then passing the control back to the user. That has restored some icons, etc but the problem is not gone. Nor do I see the files created on one computer moving to a second computer when someone logs on.
Asked:
-
11
6
4
2 Solutions
As far as I know, there are no roaming profiles.
The backup of desktop data to the server was a management request.
The backup of desktop data to the server was a management request.
check the event viewer of the PC around the time of logon. any failures with redirected folders will be noted there so you can be more specific on the cause of the issue.
If you expect icons on destop one to appear when the user logs on to desktop 2, you have to use roaming profiles and include desktop, favorites and whatever else you wish to move with the users.
Just to clarify in your thought process, redirected folders is not a backup. The folders simply live on the server you point them to. But if the server is backed up, the user redirected data will also be backed up to the external media.
There are some other cool servers for backing up users computers, Windows Storage Server starts with the "Essentials" version that will backup 25 computers per box (you can have more than one) and is available for as little as $600.
Sorry I did not suggest the event logs.... please look through them and let us know the event id and source of any relevant errors.
Just to clarify in your thought process, redirected folders is not a backup. The folders simply live on the server you point them to. But if the server is backed up, the user redirected data will also be backed up to the external media.
There are some other cool servers for backing up users computers, Windows Storage Server starts with the "Essentials" version that will backup 25 computers per box (you can have more than one) and is available for as little as $600.
Sorry I did not suggest the event logs.... please look through them and let us know the event id and source of any relevant errors.
I am aware that the redirected folders is not a backup. The server has a tape backup and I am expecting the server to backup the redirected folders.
I was not talking about a second computer. I am talking about that the user had icons, files and folders on their computer, redirection included the desktop, the redirection folders did not seem to be updated and my change to server setting caused the user to lose their icons, files and folders on their computer. I not sure where the roaming profiles come in.
I created a notepad file text on the desktop. Looking at the EventIDs under error, I see Event 502 Folder Redirection
System
- Provider
[ Name] Microsoft-Windows-Folder Redirection
[ Guid] {7D7B0C39-93F6-4100-BD96-4
EventID 502
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2013-01-01T23:12:46.757185
EventRecordID 22413
- Correlation
[ ActivityID] {1FA13978-21A5-4E3E-A87F-4
- Execution
[ ProcessID] 920
[ ThreadID] 4132
Channel Application
Computer LAT100AD023.carousel.local
- Security
[ UserID] S-1-5-21-1447001783-227418
- EventData
FromFolder Documents
ToFolder \\1-SRVF\Redirected_User_F
Options 0x80009211
Error Can not create folder "\\1-SRVF\Redirected_User_
ErrorDetails This security ID may not be assigned as the owner of this object.
The other error is Event 4 Quickbooks
System
- Provider
[ Name] QuickBooks
- EventID 4
[ Qualifiers] 0
Level 2
Task 2
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2013-01-01T23:12:53.000000
EventRecordID 22420
Channel Application
Computer LAT100AD023.carousel.local
Security
- EventData
QuickBooks
Returning NULL QBWinInstance Handle
I was not talking about a second computer. I am talking about that the user had icons, files and folders on their computer, redirection included the desktop, the redirection folders did not seem to be updated and my change to server setting caused the user to lose their icons, files and folders on their computer. I not sure where the roaming profiles come in.
I created a notepad file text on the desktop. Looking at the EventIDs under error, I see Event 502 Folder Redirection
System
- Provider
[ Name] Microsoft-Windows-Folder Redirection
[ Guid] {7D7B0C39-93F6-4100-BD96-4
EventID 502
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2013-01-01T23:12:46.757185
EventRecordID 22413
- Correlation
[ ActivityID] {1FA13978-21A5-4E3E-A87F-4
- Execution
[ ProcessID] 920
[ ThreadID] 4132
Channel Application
Computer LAT100AD023.carousel.local
- Security
[ UserID] S-1-5-21-1447001783-227418
- EventData
FromFolder Documents
ToFolder \\1-SRVF\Redirected_User_F
Options 0x80009211
Error Can not create folder "\\1-SRVF\Redirected_User_
ErrorDetails This security ID may not be assigned as the owner of this object.
The other error is Event 4 Quickbooks
System
- Provider
[ Name] QuickBooks
- EventID 4
[ Qualifiers] 0
Level 2
Task 2
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2013-01-01T23:12:53.000000
EventRecordID 22420
Channel Application
Computer LAT100AD023.carousel.local
Security
- EventData
QuickBooks
Returning NULL QBWinInstance Handle
- Security
[ UserID] S-1-5-21-1447001783-227418
- EventData
FromFolder Documents
ToFolder \\1-SRVF\Redirected_User_F
Options 0x80009211
Error Can not create folder "\\1-SRVF\Redirected_User_
ErrorDetails This security ID may not be assigned as the owner of this object.
This one appears to be a stray id from some prior life? Does Joe Davis have full control of the joe davis folder and all sub folders?
imo, quickbooks should live on a share and not in redirected folders, but that might just be me. You can controll access with NTFS permissions and even hide the folder if you wish.
[ UserID] S-1-5-21-1447001783-227418
- EventData
FromFolder Documents
ToFolder \\1-SRVF\Redirected_User_F
Options 0x80009211
Error Can not create folder "\\1-SRVF\Redirected_User_
ErrorDetails This security ID may not be assigned as the owner of this object.
This one appears to be a stray id from some prior life? Does Joe Davis have full control of the joe davis folder and all sub folders?
imo, quickbooks should live on a share and not in redirected folders, but that might just be me. You can controll access with NTFS permissions and even hide the folder if you wish.
yep, looks like permissions from the event log. ensure each user has FULL control and is the owner of their folder, and ensure you set it to filter down to all subfolders.
Quickbooks. I am not using redirected folder for Quickbooks but a different server share. However, seems this error should be a different case. It does not seem to be related to redirection.
The first day after New Year, I decided to clear other items. Plan today only to look at the folder permissions.
Folder Redirected
Owner Administrators
Share permissions
Everyone, Administrator, Administrators = Full control, Read, Write.
Not sure why there is both administrator and administrators.
Security
Everyone, System, System Administrator, Administrators: Full Control, Modify, Read & execute, list folder contents, Read, Write.
Creator Owner Full control Subfolders and files only
Joe.davis folder
Owner Administrators
Share Permissions
Everyone: Full Control
Security
Everyone, System, Administrator, Administrators, Authenticated Users: Full Control, Modify, Read & execute, list folder contents, Read, Write.
Creator Owner Full control subfolders and files only
The first day after New Year, I decided to clear other items. Plan today only to look at the folder permissions.
Folder Redirected
Owner Administrators
Share permissions
Everyone, Administrator, Administrators = Full control, Read, Write.
Not sure why there is both administrator and administrators.
Security
Everyone, System, System Administrator, Administrators: Full Control, Modify, Read & execute, list folder contents, Read, Write.
Creator Owner Full control Subfolders and files only
Joe.davis folder
Owner Administrators
Share Permissions
Everyone: Full Control
Security
Everyone, System, Administrator, Administrators, Authenticated Users: Full Control, Modify, Read & execute, list folder contents, Read, Write.
Creator Owner Full control subfolders and files only
users need to be specifically listed for redirected folders.... not just 'everyone'
looks like you have reset permissions at some point. try creating a new user and logging in as them to see what permissions their new folders are created with.
looks like you have reset permissions at some point. try creating a new user and logging in as them to see what permissions their new folders are created with.
There are two issues. One to fix the redirection. 2. to recover user's files and folders that are hopefully out in limbo.
I created a new user redir.test, logged in as new user, created a test notepad and do not see a new redir.test folder created under redirect folder.
I created a new user redir.test, logged in as new user, created a test notepad and do not see a new redir.test folder created under redirect folder.
I am finding the joe.davis is not typical.
typical would be where user has full control over subfolders and files. Seems that it should be full control of the folder.
typical would be where user has full control over subfolders and files. Seems that it should be full control of the folder.
Since we can't see what you are doing, or have done, here are two documents that might help:
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://technet.microsoft.com/en-us/library/cc732275.aspx
From MS, and another from general search:
http://www.itechtalk.com/thread1958.html
Where the author speaks specifically about permissions.
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://technet.microsoft.com/en-us/library/cc732275.aspx
From MS, and another from general search:
http://www.itechtalk.com/thread1958.html
Where the author speaks specifically about permissions.
Thanks for the links.
For now, seems this question is too board. I am going to submit more focus questions.
For now, seems this question is too board. I am going to submit more focus questions.
For now, seems this question is too board. I am going to submit more focus questions.
Hi techcodr,
Would you still like us to offer assistance on this question or are you sugesting you are dropping this one?
Also, I've noticed your new questions on this subject and I'm concerned that you arent giving the full picture. The advice you will get from experts is greatly affected by the information you give them when asking the question, and you are likely to get a lot of duplicated responses when asking a question without providing the details or history.
I'd recommend either referring them to this question for the history of the issue or advise them in the new question of the known problems, and permission changes you have been making as part of your ongoing diagnosis.
My reaction to Fl_Flyfishing response is that he (I assume Fl-Flyfishing is a he) gave the problem back to me with some references.
I had asked that the question be moved from the category of web browsers but that was not allowed.
As stated above, I felt the problem needed to be broken up as I am counting 6 parts now. If totallytonto wants I can keep this one going.
I do not know how redirection was originally set up.
I did want to get off the hot seat on Monday. I went after the Windows cannot access \\1-SRVF\Redirected_User_F
You do not have permission to access \\1-SRVF\Redirected_User_F
Since some computers had the message and some did not, I decided I have to get to a known states even if the state is incorrect. It doesn't help that Window Server 2008 states it can not show me who is the owner on many of these folders and blocks me from changing the owner then tell me I am leaving the permissions in some unknown state. To get rid of the message and to force to a particular state, I went through all folder and the subfolders of desktop, documents, favorites and Outlook and gave the user ownership and full control. To get around the blocking, I gave ownership to administrators then switched back to give ownership to the user.
Those changes did get rid of the above message but probably have to do with the sync errors because I can not correct some of the sync errors and get can not access.
Not everyone has a synch icon.
One computer sync shows errors that the user does not have access to my music, etc.
A common sync problem is saying can not access a particular folder when that folder no longer needs to be access from that user.
One user is complaining of missing files.
One computer has 1645 sync conflicts.
Tomorrow will give a better picture where I am.
I can referred back to this issue the other two which deal with not able to delete a redirection folder and that a new user does not generate a redirection folder.
I had asked that the question be moved from the category of web browsers but that was not allowed.
As stated above, I felt the problem needed to be broken up as I am counting 6 parts now. If totallytonto wants I can keep this one going.
I do not know how redirection was originally set up.
I did want to get off the hot seat on Monday. I went after the Windows cannot access \\1-SRVF\Redirected_User_F
You do not have permission to access \\1-SRVF\Redirected_User_F
Since some computers had the message and some did not, I decided I have to get to a known states even if the state is incorrect. It doesn't help that Window Server 2008 states it can not show me who is the owner on many of these folders and blocks me from changing the owner then tell me I am leaving the permissions in some unknown state. To get rid of the message and to force to a particular state, I went through all folder and the subfolders of desktop, documents, favorites and Outlook and gave the user ownership and full control. To get around the blocking, I gave ownership to administrators then switched back to give ownership to the user.
Those changes did get rid of the above message but probably have to do with the sync errors because I can not correct some of the sync errors and get can not access.
Not everyone has a synch icon.
One computer sync shows errors that the user does not have access to my music, etc.
A common sync problem is saying can not access a particular folder when that folder no longer needs to be access from that user.
One user is complaining of missing files.
One computer has 1645 sync conflicts.
Tomorrow will give a better picture where I am.
I can referred back to this issue the other two which deal with not able to delete a redirection folder and that a new user does not generate a redirection folder.
As stated above, I felt the problem needed to be broken up as I am counting 6 parts now. If totallytonto wants I can keep this one going
It's up to you, not me. If you'd like further help on this one please let us know.
I branched out two parts of the rediection problem. What the can not delete redirection file gave me was that built-in administrator needed to be used. Can you give me an explanation of why I am taking the folders of desktop, documents and favorites, give ownership to builtin administrator then to administrators before I can delete the files of someone who has left?
The other question gave me that redirection works usually. Can you tell me why a particular computer can not participate? with W's computer it does not matter whether I or he logs in, any file created on the desktop will not be passed onto the server. W's redirection folder does exists. I tried taking W's computer off the domain and putting it back.
The other question gave me that redirection works usually. Can you tell me why a particular computer can not participate? with W's computer it does not matter whether I or he logs in, any file created on the desktop will not be passed onto the server. W's redirection folder does exists. I tried taking W's computer off the domain and putting it back.
I branched out two parts of the rediection problem. What the can not delete redirection file gave me was that built-in administrator needed to be used. Can you give me an explanation of why I am taking the folders of desktop, documents and favorites, give ownership to builtin administrator then to administrators before I can delete the files of someone who has left?The default behaviour of redirected folders and romaing profiles is to apply very specific permissons to the folders to prevent the administrators browsing the end user's data at will.
There is a setting in group policy that can override this behaviour though.
The other question gave me that redirection works usually. Can you tell me why a particular computer can not participate? with W's computer it does not matter whether I or he logs in, any file created on the desktop will not be passed onto the server. W's redirection folder does exists. I tried taking W's computer off the domain and putting it back.If the redirection works fine for a the same user on another PC it suggests the PC is at fault and not the server/network.
This suggests one of the following:
PC has network/domain issues - check event viewer for details or consider readding the PC to the domain to see if it helps.
Local files are corrupted - if the local cache of files has a problem it could prevent the PC from enabling the redirection properly. It's worth taking a backup of the users profile and letting them log in as a fresh one to see if it works when the Local PC creates a fresh copy.
OS issues - Windows 7 & 8 handle redirections slightly differently than XP etc. It's worth considering testing on another PC with the same OS as this one to see if there is an issue there.
Existing credentials - if the PC has an old mapped drive or connection to the server under another user account you may fid the PC simply cannot connect under the logged on user due to credential conflict. Try checking 'net use' to see if any old connections exist.
Permissons/Group Policy - if the permissons or group policy has specific settings that are applied to this PC it could affect its ability to perform the redirecton. I doubt these settings would have been intentional, but I have seen permissons or GPOs set to PCs or computer OUs which can cause issues as they aply settings that may not be expected.
I will skip the redirection folder delete discussion.
Computer not participating is Windows 7 computer. At least ten other Windows 7 computers can participate.
Have tried removing computer from the domain and adding it back. Verified computer is in the same OU as other Windows 7 computers that can participate.
The related Windows log application event messages are:
Log Name: Application
Source: Microsoft-Windows-Folder Redirection
Date: 1/11/2013 4:05:13 PM
Event ID: 502
Task Category: None
Level: Error
Keywords:
User: CAROUSEL\Will
Computer: LAT200AD014.carousel.local
Description:
Failed to apply policy and redirect folder "Desktop" to "\\1-SRVF\Redirected_User_
Redirection options=0x80009001.
The following error occurred: "Can not create folder "\\1-SRVF\Redirected_User_
Error details: "Access is denied.
".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Fo
<EventID>502</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2013-01-12T00:
<EventRecordID>126221</Eve
<Correlation ActivityID="{D2E50BCB-8194
<Execution ProcessID="1132" ThreadID="3008" />
<Channel>Application</Chan
<Computer>LAT200AD014.caro
<Security UserID="S-1-5-21-144700178
</System>
<EventData Name="EVENT_FDEPLOY_Failed
<Data Name="FromFolder">Desktop<
<Data Name="ToFolder">\\1-SRVF\R
<Data Name="Options">0x80009001<
<Data Name="Error">Can not create folder "\\1-SRVF\Redirected_User_
<Data Name="ErrorDetails">Access
</Data>
</EventData>
</Event>
Now I can log on to my computer as will and redirection works fine.
Going back to the error. The error is can not create folder. Ok. Let me go onto the server and rename the desktop folder to desktopold and see what happens. Rebooted LAT200AD014.
No new Desktop folder created.
Next, turn off LAT200AD014 I rename will redirection folder to willold, turn on LAT200AD014.
Still same error.
Does this information change what you previously posted?
Computer not participating is Windows 7 computer. At least ten other Windows 7 computers can participate.
Have tried removing computer from the domain and adding it back. Verified computer is in the same OU as other Windows 7 computers that can participate.
The related Windows log application event messages are:
Log Name: Application
Source: Microsoft-Windows-Folder Redirection
Date: 1/11/2013 4:05:13 PM
Event ID: 502
Task Category: None
Level: Error
Keywords:
User: CAROUSEL\Will
Computer: LAT200AD014.carousel.local
Description:
Failed to apply policy and redirect folder "Desktop" to "\\1-SRVF\Redirected_User_
Redirection options=0x80009001.
The following error occurred: "Can not create folder "\\1-SRVF\Redirected_User_
Error details: "Access is denied.
".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Fo
<EventID>502</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2013-01-12T00:
<EventRecordID>126221</Eve
<Correlation ActivityID="{D2E50BCB-8194
<Execution ProcessID="1132" ThreadID="3008" />
<Channel>Application</Chan
<Computer>LAT200AD014.caro
<Security UserID="S-1-5-21-144700178
</System>
<EventData Name="EVENT_FDEPLOY_Failed
<Data Name="FromFolder">Desktop<
<Data Name="ToFolder">\\1-SRVF\R
<Data Name="Options">0x80009001<
<Data Name="Error">Can not create folder "\\1-SRVF\Redirected_User_
<Data Name="ErrorDetails">Access
</Data>
</EventData>
</Event>
Now I can log on to my computer as will and redirection works fine.
Going back to the error. The error is can not create folder. Ok. Let me go onto the server and rename the desktop folder to desktopold and see what happens. Rebooted LAT200AD014.
No new Desktop folder created.
Next, turn off LAT200AD014 I rename will redirection folder to willold, turn on LAT200AD014.
Still same error.
Does this information change what you previously posted?
There were a number of parts to the Windows Server 2008 redirection is not working. I am going to mark this one solved and incomplete as there are two problems.
First, the Event 502 problem was solved only as far as I needed. To be complete, someone would have to troubleshoot offline files. I turned off offline files to remove the Event 502 error.
Second, the redirection setup has many different opinions. Fl_flyfishing bought up http://technet.microsoft.com/en-us/library/cc732275.aspx and http://www.itechtalk.com/thread1958.html. Others included : http://4sysops.com/archives/folder-redirection-part-2-setting-up-your-file-server/ and http://www.omegaits.net/articles/configuring-folder-redirection-in-windows-server-2008-r2 In particular, whether or not Grant user exclusive rights to Desktop should be check has different opinions. The settings of Security permissions is different, Whether everyone or auth user should be used. How tight to pin down everyone or auth user is different.
I currently have Grant user exclusive rights to Desktop unchecked. However, that created a problem that users could not see folders or files because files or folders were not owned by user. Had to go to the subfolders such as Desktop to give the ownership back to the user.
Turned off the offline files for the computer with 1645 sync after finding could not clear any of the sync problems using the resolve. . Ignored other Sync problem as no one needs offline files and the errors do not appear to be valid.
As far as permissions, I left the Share Permissions as Everyone, Administrator, Administrators with full control.
For the Security permissions, I followed http://4sysops.com/archives/folder-redirection-part-2-setting-up-your-file-server because it was easy to follow. I did ignore the administrator with full control.
First, the Event 502 problem was solved only as far as I needed. To be complete, someone would have to troubleshoot offline files. I turned off offline files to remove the Event 502 error.
Second, the redirection setup has many different opinions. Fl_flyfishing bought up http://technet.microsoft.com/en-us/library/cc732275.aspx and http://www.itechtalk.com/thread1958.html. Others included : http://4sysops.com/archives/folder-redirection-part-2-setting-up-your-file-server/ and http://www.omegaits.net/articles/configuring-folder-redirection-in-windows-server-2008-r2 In particular, whether or not Grant user exclusive rights to Desktop should be check has different opinions. The settings of Security permissions is different, Whether everyone or auth user should be used. How tight to pin down everyone or auth user is different.
I currently have Grant user exclusive rights to Desktop unchecked. However, that created a problem that users could not see folders or files because files or folders were not owned by user. Had to go to the subfolders such as Desktop to give the ownership back to the user.
Turned off the offline files for the computer with 1645 sync after finding could not clear any of the sync problems using the resolve. . Ignored other Sync problem as no one needs offline files and the errors do not appear to be valid.
As far as permissions, I left the Share Permissions as Everyone, Administrator, Administrators with full control.
For the Security permissions, I followed http://4sysops.com/archives/folder-redirection-part-2-setting-up-your-file-server because it was easy to follow. I did ignore the administrator with full control.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Redirected folders and Roaming Profiles are not the same thing. You can have either/neither or both. If the users have large amounts of stuff stacked on their desktops and in local profiles, pulling them accross every time a user moves to a different station can be a drag on network performance.
I have never found the need for roaming profiles as users in most small businesses do not hop around much. However, redirected folders is a must, imo, if the server has the capacity.
Hard to say with the information given exactly what went wrong. Folder redirection is a gpo, as is roaming profiles and should override any local settings.