Windows 2012 R2 - Folder Redirection and Offline Files

Successfully migrated SBS2003 to Windows Standard 2012 R2.  Simple network setup - single domain, subnet, location, 35x Win7 Pro x64 PC’s and 5x Win7 Pro x64 Laptops.  All Dell hardware and a few managed switches.  Single business cable internet connection a single Firewall/Router.  We successfully implemented the Essentials Role to use Remote Desktop Services - works great.  Almost all users have a primary desktop.

All appears well and we have successfully retired the SBS box.  One of the few remaining tasks is to re-implement Redirected Folders (which worked great in 2003).  Prior to the migration, we removed the existing SBS GPO for Redirected Folders and moved all redirected data back to the user’s local drive (and archived a copy on the server as a backup).

Enabling the Folder Redirection GPO that comes packaged with the Essentials Role seems to work as designed when I test it out however…..  our few laptop users are used to working with their offline files until they return to the office where it sync’s and all is well.  It is my experience of this new GPO that it does not cache or use offline files.  It instead removes the local folders and their contents and places them on the server.

I’ve followed a few docs online but cannot get Offline Files to work with the redirection.  That said - I am a complete rookie when it comes to Group Policy (and related OU creation).

I also note the default permissions set with the Essentials Folder Redirection GPO less than ideal for our environment with no administrative access and no easy solution that I’ve seen online to date (Some of the staff positions are high-turnover and it’s just easier if an admin can get in there and archive content as needed).  So again, maybe the easy path (using the Essentials Role GPO) isn’t best for us.

Ultimately I’m ok if I have to (have someone guide me to) manually create GPO’s instead of using the ones packaged with Essentials.  Very easy to implement the Essentials one but without the caching/offline files option or admin oversight, it’s somewhat of a show-stopper.

Thoughts?
Gandalf GreyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
I assume you have created a seperate OU for the laptops.   If so you can follow the below step by step to create the GPO for the scenario you are requesting.

ref link:  https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-folder-redirection

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
So. I thing has really changed since 2003.

There is a checkbox I'm the redirected folders GPO you can check that will add admin access. Not checked by default and will NOT fix existing redirected folders. Will create new ones going forward with that added permission.

Offline files still works the same as well. Even in 2003, offline files weren't kept in their original location and synced. Folder redirection does move files to the server (as it should.) Then offline caches are stored in a special directory that windows manages... NOT the original location. So the behavior you are seeing is normal.
Gandalf GreyAuthor Commented:
Fox - thank you for the article.  This looks straight-forward enough.  I may need help with creating OU's in the right place - I think some clean-up required after the migration from SBS with "MyBusiness" OU's - maybe that was some of my trouble testing the offline files piece.  I'd actually be ok with doing 'file redirection with offline' for all devices (laptops & desktops) but I guess it's extra network traffic with little benefit for the desktops, right?  I'll run through that document and report back thx.

Cliff - it was my experience that the files/folders remained on the local drive and therefore were able to be accessed by our laptop users even when off-site (and not connected).  Those same folders seem to "disappear" from the local drive when I implement the GPO included with the Essentials Role.  Am I looking at this wrong?   Also - what is the checkbox in the GPO that you mention that will add admin access? Can you show me?  Thanks.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Cliff GaliherCommented:
I'm on my phone so no. But if you open the group policy itself there are a couple of check boxes and are pretty clearly labeled. It shouldn't be tough to find.

Folder redirection does exactly that. It REDIRECTS (NOT COPIES) all of those profile folders. So yes. They disappear.

Offline files can be used to take any file are offline, not just redirected folders. So let's say you had a file share \\myserver\humanresources\companypolicies

You could make that share available offline and users could type in the network path and reached the cached copies even off the network.  But clearly it wouldn't make sense for some random folder to appear on the c: drive.  The offline copies are instead stored in a hidden cache area.

Same goes with redirected folders that are marked as available offline. They won't suddenly xread the original folders in the profile. Redirected folders eliminated those. But users can still reach their personal documents, downloads, etc because the computer is accessing those files via \\someshare\user and that path and all its files are going to get put on that same secret cache.

Unless you actually investigated it, you may not have realized that this is how it worked on your 2003 server. Yes, you probably had redirected folders. And yes users could access those while offline. But unless you actively dig into the original profile path it could be easy to assume that's where the offline cache was... But that assumption would've been wrong.

These are things that haven't really changed since 2003/XP, with the minor exception that the local profile locations got minor tweaks in Vista. But those tweaks didn't change how either redirected folders or offline files worked.
Gandalf GreyAuthor Commented:
I followed the document linked https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-folder-redirection.  Redirected content (Desktop & Documents folders) appears to sync between local device and newly created server locations as desired.

1 - I removed the "Grant the user exclusive rights" for each redirected entity and therefore allow administrator access to all redirected folders on the server.  (I could customize the Essentials role GPO for this also but any re-initiation of the Essentials GPO basically wrote over the top of any customizations).
2 - I was able to use a hidden share for the base location (Essentials Role insisted on having an openly visible share for this and basically "broke" anytime you tried to remove said share).
3 - I am now able to control the roll-out of this solution via membership of the security group created.  That's a lot less chaotic that the all-or-nothing approach of the Essentials redirection GPO.

Initial testing went well using a couple of test user accounts.  I then removed the users from the redirected group and removing the server-side redirected data.  I forced GPUpdate several times.  The local files and folders showed a return to local paths (thus following the GPO by design).

I then reintroduced the users to the group for redirection.  The subsequent test was unsuccessful - the paths were not re-created.  Some trial & error with the GPO Results tool showed failure - something to do with folders (I did not find a conclusive answer in the logs where indicated).  After a while I tried a different account on the same computer which worked and I then decided to check the offline-status via the Sync Center.  I found the previously sync'd files/folders no longer able to sync and presumably halting recreation of the same paths by the GPO on the server.  Once I cleared out these sync errors while logged in as each user; the user accounts were able to log on to the server and successfully run the GPO and I could watch the folders/files get recreated again on the server.

Maybe the reason for default ‘exclusive access by the user’ - to stop the offline files becoming orphaned?  I doubt this will be required in real life in our environment - just nice to have administrative access and to be able to confirm the sync status from the server.

So I think I have a workable solution that works as desired.
FOXActive Directory/Exchange EngineerCommented:
Good work
Gandalf GreyAuthor Commented:
Thank you Fox - that document covered all the detail I needed to create an actual solution.  Cliff - thank you for your dialog - you are correct in your observations of redirected folders and offline files.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.