Last Updated 11/02/16
CMIT 220 Windows Server & Active Directory Fundamentals
I will explain how to set up users folders that redirect to a network location and how to configure the user profile settings in an AD DS environment. Because Folder Redirection is often used in conjunction with several other tools like Roaming profiles, Offline files, and Home drives, I will briefly explain some of these here. However, because Roaming Profiles is another student’s presentation yet to be given, I will not touch on this much.
Home Folder: is a dedicated local storage area where a user’s data and profile settings are Usually stored. The OS assigns a default home directory where the user’s files like Documents, Music, Pictures, etc are stored, but this Home folder can be redirected to another location on a local computer or to a network share. In Win NT, the default location is in <root>\WINNT\Profiles\<username>. In older Microsoft OS like 2000, XP, and 2003, the default location is <root>\Document and Settings\<username>. For Win Vista, 7, 8, and 10, it is in <root>\Users\<username>. For Linux the default home directory is /home/<username>. Mac OS X is /Users/<username>.
Roaming Profile: allows the user’s profile settings and configurations to follow them when they log into any system within the same network. It is a copy of the local user’s profile settings and configurations stored on a network share. It is copied down from the server the first time a user logs in to a computer, and synced back up to the network share during log off when any changes are made.
Folder Redirection: used to store a user’s data in a new location, either locally or on a network share. Used with Local profiles, only the user’s documents and files are stored on the network share. Used with Roaming profiles the user’s settings and configurations move with the user also. Folder redirection is implemented using Group Policy.
Folders most often redirected:
Offline Files: is turned on by default when network files are available and offers the user an available connection to their files when they aren’t connected to the network. This is true because offline files are cached and saved to a temporary folder on the local machine, but if the user has never logged into this workstation, there would be no files to access. This is ideal for users that use a portable device like a laptop that will be away from the network or who connect to the network via a remote connection. Offline files can cause problems if you plan to use many workstations, as you run the risk of creating folders and files with the same names that will overwrite existing folders on the network share.
When to use folder redirection: In an environment where you have a large amount of users and workstations to manage and control the settings and permissions for. Folder redirection to a network location provides user back ups that make it more efficient to recover a user’s data from a system crash or damage, and reduces downtime by allowing a user an always available access to their data from any workstation. You can also set the amount of disk space a user can utilize.
Why use folder redirection on a networked drive: It provides a place to backup the users data and settings to a network location to secure data from loss. It ensures that user’s profile settings and permissions can be centrally controlled and managed with ease by system administrators. It allows for faster log on and log offs and more efficient bandwidth because file access speeds are based on the performance of the network and servers, and data is only copied up when offline files are cached from network connectivity loss. It allows the user’s data to always be available no matter what workstation they use to log on from, and because the data is copied up in one direction only, it provides less risk of data loss.
What you will need:
A Server OS running Active Directory
Domain Services (AD-DS)
A target location
What we will be doing:
- Creating an OU
- Creating and setting up a network share
- Connecting to/Mapping a drive letter to the share
- Creating a GPO and link it to our OU
- Using GPM to setup Folder Redirection
- Turning On Offline Files for Users
- Final Steps
- You must create an OU in order to link a GPO to it. GPOs cannot be linked to containers.
- I created an OU named MyTestEnvir and added a few more OUs within this OU.
- The Users Folders under the Domain Users is the OU we will be linking the GPO to.
- Create a folder on the network that will be the target location for the Users’ data and set the share permissions on this folder.
- I am going to use the default Users folder in the root directory of my server. You can choose to create your own folder.
- Right click this folder and click Properties.
- Click the Advanced Sharing tab.
- Set the User’s Home folder to connect to the network share automatically when user logs in. I will do this by Mapping the network share to a drive letter so there is a linked connection to the network share. This will create the user’s folder in the share folder named Users on the server that we created in Step 1.
- Go into Active Directory Users and Computers and locate your users.
- Here I have created a few users. Right click on the users name, and select properties.
NOTE: You can highlight all the users here, then right click, and edit all the settings at one time.
- Under the Profile tab of the user, choose ‘Connect’ and Carefully choose a drive letter to associate the Users’ Home share with.
- I will choose N because it is available and higher up on the list and will leave a fair amount of drive letters available for other devices to use.
- Type in the UNC path Server Name\Share Name\%username%
As you will see, when I use the Windows variable %username% and then hit Apply, the user’s name is pulled from the properties of the current user’s folder and appears in its place in the path, which in this case is Howard. When I hit OK, you then see the User Howard’s folder created in the share folder named Users that we created in Step 1. This is the location where the redirected files will be place for each user in this OU.
- A mapped drive to the network share is now available under the Users profile on the client machine.
- For the settings to take place, you may have to force a gpupdate on a client machine logged in under the users account, and log off and back on again.
- Create a GPO and link it to the OU we created.
Open GPM by opening up Server Manager, and from the toolbar up top click on Tools, then click on Group Policy Management.
- Locate the OU you created for this account.
- Right click on the folder and choose to Create a GPO in this domain, and Link it here…
- Name the GPO. I named it ‘Folder Redirection’.
Right click on the GPO you just created and select Edit.
Since we are in the place to edit configurations for offline files, I will do this here. Although I did not do this, it may be wise to create another OU under the Users Folders OU and link a GPO to it specifically for offline file configurations.
- To make the Offline file feature available on a client pc Expand Computer Configuration>Policies>Administrative Templates>Network>Offline Files
- Offline files are Enabled by Default if no configuration is set. If you Enable it here, the user cannot disable it, the same goes if you Disable it here, users cannot enable it.
- Left alone, the user can disable or enable this setting on the local pc manually.
NOTE: The Administrative Templates here contain the policies that have been retrieved from the Local computer and apply to the computer.
- Must restart the computer for this to take place.
- To make the user’s folder Always available for offline files, go under the User Configuration>Policies>Administrative Templates>Network>Offline Files.
- Here you can specify network files and folders that will always be available offline. You would enter the UNC paths of the files or folders you wish to make available offline.
- By Default, if you do not configure this setting, NO files and folders are made available offline.
NOTE: Settings configured in both Computer Configuration and User Configuration folders are combined and all specified folders will be available.
- User must log off and back on to take place.
You may also want to configure how the offline files are handled if there is no network connection. Here you would choose in the above picture ‘Action on Disconnect’.
Here you apply the Action to allow server files to be available to the local computer or not available if the network server becomes unavailable.
Redirect the Documents folder.
This is under the User Configuration>Policies>Windows Settings>Folder Redirection. This expands a list of folders that can be redirected.
Right click on the Documents folder and choose Properties. Here we will just choose Basic which redirects everyone’s folder to the same location.
Next you choose the Target folder location, which we created in Step 2. There are several options. You can choose to redirect to the User’s Home directory, specify your own location, redirect to the local user’s profile location, or create a folder for each user under the root path which is what we are going to do here. Type in the root path as follows: Server Name\Share name and Windows puts the Documents folder under the User’s name. This is done for every user under this OU.
Under the settings tab in the Documents properties you can specify whether the user has exclusive rights to this folder, if the contents currently in their Documents folder under their user profile should be moved to the new location, as well as whether this policy will apply to systems running older operating systems. You also specify what is to be done with the folder if the policy is ever removed.
NOTE: When you click OK, you will get a warning that if there are any Group Policy settings that have been set that do not apply to the older operating systems, and you don’t check the option to Apply these here, you will not be able to change any of the Folder Redirection settings in this Group Policy Object for those operating systems. If you do not have any clients running older OS, then you are safe to leave this option unchecked and click Ok to continue.
- It is a good idea to enforce a group policy update and restart the client computer.
You can see that the Default Save location for Howard’s Documents folder is now being redirected to the network share named Users, under the user’s folder Howard located on CHRISSYSSERVER. The local user’s Document folder is empty.
- Here is an screenshot of offline files enabled and working. The first image shows No network connection and a file created that has not yet been synced to the network location.
- Here is the sync taking place when the network connection is restored.
Spiceworks, Inc. “Configure User Home Folders and Folder Redirection.” Spiceworks Community Global. N.p., n.d. Web. 31 Oct. 2016.
“Setup Home Drives and Folder Redirection – PC-Addicts.” N.p., n.d. Web. 31 Oct. 2016.
By Knowing the Time When This New Profile Was Loaded, It Is Possible to Compare It against the Timestamp of Review.doc. If Review.doc Was Created or Written to after the Profile Load Time, the File Must Be Preserved Because It Came from a Different Source. If the Review.doc Timestamp Is Older than the Load Time, Review.doc Must Be Deleted Because It Would Have Been Copied to the Local Computer at Load Time. “Step-by-Step Guide to User Data and User Settings.” Step-by-Step Guide to User Data and User Settings. N.p., n.d. Web. 31 Oct. 2016.
@TechRepublic. “SolutionBase: Working with Roaming Profiles and Folder Redirection – Page 5672900 – TechRepublic.” TechRepublic. N.p., 2007. Web. 31 Oct. 2016.
Http://www.windowsnetworking.com/authors/brien-posey/. “Profile and Folder Redirection In Windows Server 2003.” WindowsNetworking.com. N.p., 2005. Web. 31 Oct. 2016.
By. “Step by Step Redirecting and Managing the Modern Start Menu in Windows 2012(R2) RDS.” Msfreaks. N.p., 2014. Web. 31 Oct. 2016.
“Using Folder Redirection in Group Policy.” Using Folder Redirection in Group Policy. N.p., n.d. Web. 31 Oct. 2016.
“Windows Networking: User Accounts, Groups, Permissions & Their Role in Sharing.” HowTo Geek RSS. N.p., n.d. Web. 31 Oct. 2016.
Hardware, By DaveP in Forum. How To Configure Offline Files to Synchronize When a Particular Network Connection Becomes Active. N.p., n.d. Web. 31 Oct. 2016.
By Default, Windows Checks the Box That Says. “Windows Networking: How to Work With Network Drives & Network Locations.” HowTo Geek RSS. N.p., n.d. Web. 31 Oct. 2016.
“Activate Offline Files via GPO and Assign the User Folder to Always Be Available Offline.” WOUTER MAKKINJE. N.p., n.d. Web. 31 Oct. 2016.
By Default, Windows 7 Uploads Roaming User Profile Data the Same as Earlier Versions of Windows-during User Logoff, Windows Uploads the Roaming User Profile Data to the Server. However, Windows 7 Uses the Computer-based Group Policy Setting, Background Upload of Roaming User Profile’s Registry File While User Is Logged On, to Configure the User Profile Service to Upload Roaming User Profile Registry Data in the Background While the User Remains Logged on to the Computer. “What’s New in Folder Redirection and User Profiles.” What’s New in Folder Redirection and User Profiles. N.p., n.d. Web. 31 Oct. 2016.
©Christine Dunnells 2016