Solved

Folder redirection enforced or disabled based on IP address (subnet)

Posted on 2014-01-18
6
863 Views
Last Modified: 2014-02-03
Hello All,

I have recently made the jump from using ScriptLogic Desktop Authority for our computer policies.  I thought moving to GPO's would be better experience that will more directly apply if I ever decide to get a new job.

That having been said, I have successfully configured GPO's that for the most part do what I want.  I am working on getting the MS Surface Pro 2 to work for our domain, and applying the created GPOs.  Inside our network the GPO works fine, including folder redirection, specifically desktop folder redirection.  

The problem comes when I connect the Surface to our network over a VPN connection.  Mapped drives, shortcuts, printer setting specified in the GPOs seem to work fine over the VPN.  The desktop folder redirection is my problem and seems to crash the Surface.  I would like to disable folder redirection if the IP address is coming from a VPN subnet, and enable redirection if the surface has an inside IP address.  For example our internal IP address is 10.100.100.x, the VPN subnet is 10.100.102.x.  

Can I disable folder redirection when connection is 10.100.102.x and enable when it is 10.100.100.x? I was thinking of creating a site, putting 10.100.102.x in that site and a no folder redirection GPO linked to that site, but it looks like the order GPO's are applied in the domain folder redirection GPO will take precedence.  Can I use a WMI filter, since folder redirection doesn't allow item level targeting?  Maybe, slow link detection can be used to determine if it should apply folder redirection?

Anyone had any experience configuring Surface Pro 2 with domain and GPO enforcement?

TIA
0
Comment
Question by:Zorniac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39790858
You really wouldn't want to do this. One of the things that the folder redirection engine does when it detects a change in policy is it tries to move the data from the old location to the new location. So of the policy changes regularly, you'll actually increase network traffic (bad for a VPN) and risk data corruption.

Note that this is not a group policy issue, but is inherent in how folder redirection works.
0
 
LVL 1

Author Comment

by:Zorniac
ID: 39790896
What about the setting in the GPO to leave the contents in the location?  I thought this would just be a policy change that would only incur basically a registry change?

Any suggestion on how I should proceed?  Just disable folder redirection entirely for the surface?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39790940
Folder redirection is a user setting, not a device setting. If you want to use it for a set of users, you need to troubleshoot and solve your surface problem, not ignore it or try to work around it. Or you can choose not to use folder redirection for those users.

As a last resort, you could get what you want with loopback processing, but it'd be messy and will probably not work the way you want or expect. I'd be very careful before going down that road.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:Zorniac
ID: 39790972
Yes I have been hesitant to use the loop back processing for this issue.  The surface has no problems when connected to the LAN 'inside'.  The only time I have an issue is when connected over the VPN, yet our laptops have no problem with this policy over the vpn.  And honestly the surface has newer and better hardware than our laptops.
I have considered disabling it for our Surface users but holding that as a last resort for now.
0
 
LVL 1

Accepted Solution

by:
Zorniac earned 0 total points
ID: 39819267
The solution to this problem is to enable slow link detection in GPO, with an acceptable slow link detection threshold.  The default for this setting is 500 kbps, and today even 4G cards can connect faster, so it needs to be set appropriately.  

Then to enable offline folders, and sync the redirected folders.  

This then tells the OS to use offline cache (CSC-cache) when the slow link is detected.  So far this works.
0
 
LVL 1

Author Closing Comment

by:Zorniac
ID: 39829086
Wasn't given solution by any other members.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question