Windows Folder Redirection
KB ID 0000467 Dtd 22/06/11
Problem
Q. What is Folder Redirection?
A. Essentially you can take folders folders that hold stuff like your "My documents" or your "Favorites" folder, and put them out on a network server, that's great if you want to back that sort of information up for disaster recovery.
Q. What's the difference between this and a roaming / roving profile?
A. Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.
Q. What folders can be redirected?
A. Assuming we are taking about a Server 2008 environment with Windows 7 clients the following can be redirected.
AppData(Roaming)
Desktop
Stat Menu
Documents
Pictures
Music
Videos
Favorites
Contacts
Downloads
Links
Searches
Saved Games
Desktop
Stat Menu
Documents
Pictures
Music
Videos
Favorites
Contacts
Downloads
Links
Searches
Saved Games
Solution
1. On a server create a folder to hold the redirected data, In this case you will notice I've called my share Redir$ (The dollar sign just means it's a hidden share, and can't be seen if people are network browsing).
Folder Redirection: Permissions for the Root Folder
2. Set the share permissions to Everyone: Full Control (Don't worry we will secure it with NTFSpermissions).
3. On the security tab of the folder click advanced.
4. Change Permissions.
5. Untick "Include Inheritable permissions from this objects parent" > At the warning click "Add".
6. Select each User in turn (You will need to add the everyone group) > Then Edit the permissions so that they are as follows.
CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
System - Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
Everyone - List Folder/Read Data (Apply onto: This Folder Only)
Everyone - Read Attributes (Apply onto: This Folder Only)
Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
System - Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
Everyone - List Folder/Read Data (Apply onto: This Folder Only)
Everyone - Read Attributes (Apply onto: This Folder Only)
Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
7. On your domain controller open the Group Policy Management Console (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.
8. I prefer to create a new policy and call it something sensible so if there's a problem it's easy to find in the future.
9. Navigate to:
Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.
10. I'm going to redirect all my users documents to the one folder I created earlier, so I will choose basic.
Note: You can choose "Advanced" and redirect different groups folders to different locations.
Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.
11. I'm going to accept the defaults on the settings tab, the option I've highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it's the same way user profiles work, you can still back them up).
12. Now as your users log on their folders will be redirected to the share you setup.
13. Even with exclusive rights you can still back this data up:
No comments:
Post a Comment