DESKTOP

Windows Server 2003 : Managing Special Folders with Group Policy (part 1) - Folder Redirection, Setting Up Folder Redirection

10/2/2013 3:16:42 AM

1. Folder Redirection

You redirect users’ folders to provide a centralized location for key Microsoft Windows XP Professional folders on a server or servers. This centralized location, called a sharepoint, provides users with an access point for storing and finding information, and it provides administrators with an access point for managing information. The Folder Redirection node in the Group Policy Object Editor console enables you to redirect certain special folders to network locations, including file shares in other forests in which two-way forests trusts have been established. The Folder Redirection node is located under User Configuration\Windows Settings in the Group Policy Object Editor console. Special folders are folders such as My Documents and My Pictures, which are located in a user’s profile.

Note

The default storage location for a user profile is %systemdrive%\Documents and Settings\username, where username is the user logon name. If the computer was upgraded from Windows NT 4.0, Windows 95, Windows 98, or Windows Millennium Edition (Me), the profile will be in %systemroot%\Profiles\username.


Windows Server 2003 allows the following special folders to be redirected:

  • Application Data

  • Desktop

  • My Documents

  • My Pictures

  • Start Menu

Advantages of Redirecting Folders

The following benefits pertain to redirecting any folder, but redirecting My Documents can be particularly advantageous because this folder tends to become large over time.

  • Even if a user logs on to various computers on the network, his or her documents are always available.

  • When roaming user profiles are used, only the network path to the My Documents folder is part of the roaming user profile, not the My Documents folder itself. Therefore, its contents do not have to be copied back and forth between the client computer and the server each time the user logs on or off, and the process of logging on or off can be much faster than it was in Microsoft Windows NT 4.0.

  • Offline File technology provides users with access to My Documents even when they are not connected to the network and is particularly useful for people who use portable computers.

  • Data stored on a shared network server can be backed up as part of routine system administration. This approach is safer because it requires no action on the part of the user.

  • The system administrator can use Group Policy to set disk quotas, limiting the amount of space taken up by users’ special folders.

  • Data specific to a user can be redirected to a different hard disk on the user’s local computer from the hard disk holding the operating system files. This capability makes the user’s data safer if the operating system needs to be reinstalled.

Redirecting My Documents to Home Folders

In Windows Server 2003 operating systems, a new feature enables you to redirect My Documents to a user’s home folder. This option is intended only for organizations that have already deployed home folders and want to maintain compatibility with their existing home folder environment. The ability to redirect My Documents to a user’s home folder requires a Windows XP Professional client and does not function for Microsoft Windows XP Home Edition, Microsoft Windows 2000, or Windows NT clients.

When you redirect My Documents to a user’s home folder, the system assumes that the administrator has set the following items correctly:

  • Security Security is not checked and permissions are not changed when you redirect My Documents to a user’s home folder.

  • Ownership No ownership checks are made when you redirect My Documents to a user’s home folder. Normally, folder redirection fails if a user is not the owner of the folder to which he or she is being redirected.

  • Home directory property on the user object When you redirect My Documents to a user’s home folder, the client computer finds the path for the user’s home directory from the user object in Active Directory at logon time. If this path is not set correctly for the affected users, folder redirection fails.

This relaxed security environment is why redirecting My Documents to a user’s home folder is recommended only for organizations that have already deployed home folders and want to provide backward compatibility.

Note

Do not redirect My Documents to a home directory location that is subject to encryption by the Encrypting File System (EFS) because only you or a domain administrator will be able to decrypt it. The user whose My Documents folder is redirected there will not be able to decrypt it.


2. Setting Up Folder Redirection

There are two ways to set up folder redirection:

  • Redirect special folders to one location for everyone in a site, domain, or OU.

  • Redirect special folders to a location according to security group membership.

To redirect special folders to one location for everyone in the site, domain, or OU, complete the following steps:

1.
Open a group policy object (GPO) linked to the site, domain, or OU containing the users whose special folders you want to redirect to a network location.

2.
In User Configuration, open Windows Settings, and then double-click the Folder Redirection node to view the folder you want to redirect.

3.
Right-click the folder you want to redirect (Application Data, Desktop, My Documents, or Start Menu), and then click Properties.

4.
In the Target tab in the Properties dialog box for the redirected folder (shown in Figure 1), in the Setting list, select Basic–Redirect Everyone’s Folder To The Same Location.

Figure 1. Target tab in the Properties dialog box for the redirected folder


Off the Record

Windows Server 2003 has more options for redirecting folders than Windows 2000 Server. In Windows 2000 Server, there are no selectable options for folder redirection in the target folder location section. Instead, there is only a text box where you can enter the location of the target folder. While Windows Server 2003 still offers the same features, in Windows 2000 you would have to use environment variables such as %username% or %userprofile% instead of being able to select from a drop-down list. Keep this in mind if you come across troubleshooting documents written for Windows 2000 folder redirection.

5.
In the Target Folder Location list, select the redirect location you want for this GPO from one of the following options:

  • Create A Folder For Each User Under The Root Path (not available for the Start Menu folder), which creates a folder with the user’s name in the root path. A new feature for Windows Server 2003 operating systems, folder redirection automatically appends the user name and the folder name when the policy is applied.

  • Redirect To The Following Location, which enables you to redirect the folder to a location represented by the Uniform Naming Convention (UNC) path in the form \\servername\sharename or a valid path on the user’s local computer.

  • Redirect To The Local Userprofile Location, which enables you to redirect the folder to the default folder location in the absence of redirection by an administrator.

  • Redirect To The User’s Home Directory (available for the My Documents folder only), which enables you to redirect the user’s My Documents folder to the user’s home directory.

Note

Use the Redirect To The User’s Home Directory option only if you have already deployed home directories in your organization. This option is intended only for organizations that want to maintain compatibility with their existing home directory environment.

6.
If you have selected the Create A Folder For Each User Under The Root Path or Redirect To The Following Location option, enter the path to which the folder should be redirected, either the UNC path in the form \\servername\sharename or a valid path on the user’s local computer.

7.
Click the Settings tab (shown in Figure 2), and then set each of the following options (keeping in mind that the default settings are recommended):

  • Grant The User Exclusive Rights To Special Folder Type (in this example, My Documents), which allows the user and the local system full rights to the folder—no one else, not even administrators, will have any rights. If this setting is disabled, no changes are made to the permissions on the folder. The permissions that apply by default remain in effect. This option is enabled by default.

    Note

    If you redirect My Documents to the home folder, domain administrators have Full Control permission over the user’s My Documents folder, even if you enable the Grant The User Exclusive Rights To My Documents option.

  • Move The Contents Of User’s Current Special Folder Type (in this example, My Documents) To The New Location, which redirects the contents of the folder to the new location. This option is enabled by default.

Figure 2. Settings tab in the Properties dialog box for the redirected folder


Off the Record

Errors concerning Folder Redirection appear in the Application Log in the Event Viewer on the affected computers. For example, if you attempt to redirect a user’s desktop and select the option Move The Contents Of Desktop To The New Location, but you fail to give the user permission to write to that folder, the user’s desktop will not be redirected. If that happens, you can find errors in the Event Viewer where the user logged on indicating that the user didn’t have permission to access the folder. To solve the issue, either give the user Write permission to the desktop or clear the Move The Contents Of Desktop To The New Location check box.

8.
Choose one of the following options in the Policy Removal area (keeping in mind that the default setting is recommended):

  • Leave The Folder In The New Location When Policy Is Removed, which leaves the folder in its new location even when the GPO no longer applies. This option is enabled by default.

  • Redirect The Folder Back To The Local Userprofile Location When Policy Is Removed, which moves the folder back to its local user profile location when the GPO no longer applies.


9.
Choose one of the following options (available for the My Documents folder only) in the My Pictures Preferences area:

  • Make My Pictures A Subfolder Of My Documents, which redirects My Pictures automatically to remain a subfolder of My Documents. This option is enabled by default and is recommended.

  • Do Not Specify Administrative Policy For My Pictures, which removes My Pictures as a subfolder of My Documents and has the user profile determine the location of My Pictures. With this option, the location of My Pictures is not dictated by Group Policy and a shortcut takes the place of the My Pictures folder in My Documents.

10.
Click OK.

To redirect special folders to a location according to security group membership, complete the following steps:

1.
Open a GPO linked to the site, domain, or OU containing the users whose special folders you want to redirect to a network location.

2.
In User Configuration, open Windows Settings, and then double-click the Folder Redirection node to view the folder you want to redirect.

3.
Right-click the folder you want (Application Data, Desktop, My Documents, or Start Menu), and then click Properties.

4.
In the Target tab in the Properties dialog box for the folder (shown in Figure 1), in the Setting list, select Advanced–Specify Locations For Various User Groups and then click Add.

5.
In the Specify Group And Location dialog box (shown in Figure 3), in the Security Group Membership box, click Browse.

Figure 3. Specify Group And Location dialog box


6.
In the Select Group dialog box, type the name of the security group for which you want to redirect the folder and then click OK.

7.
In the Specify Group And Location dialog box, in the Target Folder Location list, select the redirect location you want for this GPO from one of the following options:

  • Create A Folder For Each User Under The Root Path (not available for the Start Menu folder), which creates a folder with the user’s name in the root path. A new feature for Windows Server 2003 operating systems, folder redirection automatically appends the user name and the folder name when the policy is applied.

  • Redirect To The Following Location, which enables you to redirect the folder to a location represented by the UNC path in the form \\servername\sharename or a valid path on the user’s local computer.

  • Redirect To The Local Userprofile Location, which enables you to redirect the folder to the default folder location in the absence of redirection by an administrator.

  • Redirect To The User’s Home Directory (available for the My Documents folder only), which enables you to redirect the user’s My Documents folder to the user’s home directory.

Note

Use the Redirect To The User’s Home Directory option only if you have already deployed home directories in your organization. This option is intended only for organizations that want to maintain compatibility with their existing home directory environment.

8.
If you have selected the Create A Folder For Each User Under The Root Path or Redirect To The Following Location option, enter the path to which the folder should be redirected, either the UNC path in the form \\servername\sharename or a valid path on the user’s local computer.

9.
In the Specify Group And Location dialog box, click OK.

10.
If you want to redirect folders for members of other security groups, repeat steps 4 through 9 until all the groups have been entered.

11.
Click the Settings tab (shown in Figure 2), and then set each of the following options (keeping in mind that the default settings are recommended):

  • Grant The User Exclusive Rights To Special Folder Type, which allows the user and the local system full rights to the folder—no one else, not even administrators, will have any rights. If this setting is disabled, no changes are made to the permissions on the folder. The permissions that apply by default remain in effect. This option is enabled by default.

    Note

    If you redirect My Documents to the home folder, domain administrators have Full Control permission over the user’s My Documents folder, even if you enable the Grant The User Exclusive Rights To My Documents option.

  • Move The Contents Of User’s Current Special Folder To The New Location, which redirects the contents of the folder to the new location. This option is enabled by default.

12.
Choose one of the following options in the Policy Removal area (keeping in mind that the default setting is recommended):

  • Leave The Folder In The New Location When Policy Is Removed, which leaves the folder in its new location even when the GPO no longer applies. This option is enabled by default.

  • Redirect The Folder Back To The Local Userprofile Location When Policy Is Removed, which moves the folder back to its local user profile location when the GPO no longer applies.


13.
Choose one of the following options (available for the My Documents folder only) in the My Pictures Preferences area:

  • Make My Pictures A Subfolder Of My Documents, which redirects My Pictures automatically to remain a subfolder of My Documents. This option is enabled by default and is recommended.

  • Do Not Specify Administrative Policy For My Pictures, which removes My Pictures as a subfolder of My Documents and has the user profile determine the location of My Pictures. With this option, the location of My Pictures is not dictated by Group Policy and a shortcut takes the place of the My Pictures folder in My Documents.

14.
Click OK.

Off the Record

If you redirect a user’s Application Data and the user encrypts files or folders using the Encrypting File System (EFS), the user might not be able to decrypt his or her EFS encrypted folders when he or she is not connected to the network. This occurs because the user’s encryption keys are stored in the Application Data folder structure. For Windows 2000 Professional systems, network connectivity isn’t an immediate issue because the encryption keys are stored in memory. However, if the user restarts, network connectivity can become an issue if it is still not available. For Windows XP Professional systems, loss of network connectivity could become an immediate issue for users trying to decrypt EFS encrypted files because the user’s encryption keys are not stored in memory.


Other  
 
Top 10
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
3 Tips for Maintaining Your Cell Phone Battery (part 1) - Charge Smart
OPEL MERIVA : Making a grand entrance
FORD MONDEO 2.0 ECOBOOST : Modern Mondeo
BMW 650i COUPE : Sexy retooling of BMW's 6-series
BMW 120d; M135i - Finely tuned
PHP Tutorials : Storing Images in MySQL with PHP (part 2) - Creating the HTML, Inserting the Image into MySQL
PHP Tutorials : Storing Images in MySQL with PHP (part 1) - Why store binary files in MySQL using PHP?
Java Tutorials : Nested For Loop (part 2) - Program to create a Two-Dimensional Array
Java Tutorials : Nested For Loop (part 1)
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS