Folder Redirection Policy for Windows Server 2003
Folder Redirection is one of the undiscovered gems amongst the myriad of Microsoft Group Policies. Firstly, configure the file locations of saved files and secondly, master folder redirection, the result will be greater efficiency for both you and your users.
Let us remind ourselves of where Microsoft Office programs save their files. By default, all Word and Excel files are directed to the My Documents folder. What do people do? In Word or Excel, they change the paths under Tools Menu, amend File Locations to point to their home directory. To complete the circle, the administrator must map a network drive to the user’s home directory on the server. Perhaps now you can see what I mean by saving time? In one fell swoop, you can configure a Group Policy which redirects the My Documents to the server and forget about mapping network drives for home directories.
Windows Server 2003 Group Policy Topics
What we are configuring here is client side caching. My view is that normally, clients can adequately cache their own programs locally. This Application Data setting is different from the Folder Redirection for the ‘My Documents’. Perhaps caching is one of those Group Policies that you only need for laptops.
There is a knack to configuring all these 4 redirection settings. At first, it seems at first as though there are no policies in the container. However, if you right-click one of the yellow folders, for example ‘Desktop’ and select Properties, then a rich selection of settings comes into view.
From the first menu, select Target, now drop down the Settings box and choose: ‘Advanced’ – Specify Location for various user groups’. Choose ‘Advanced’ where you want all people to whom this policy applies to have their own desktop. In real life the ‘Basic’ setting may be better for the Desktop, while ‘Advanced is more appropriate for the ‘My Documents’ folder.
If you are organized, then you would have shared out the redirect folder on the server. However even if you haven’t, you can still choose the group you intend to redirect. As you share out the folder on the server, so the path changes to the famous %UserName%. Permissions permitting, the subfolders are created automatically thanks to %UserName%.
Security Requirements For Folder Redirection
When you configure Folder Redirection policies, you need to pay careful attention to creating the subfolders that each user needs, in particular check the network share and NTFS ACL permissions, otherwise users will be disappointed with an error message.
Best practice states that you should create only the root share on the server, and then let the system create the folders for each user.
This is an area where you need testing and impersonating the users. When troubleshooting, I confess that my strategy is to get a test user working with everyone having full control, then I gradually throttle back the permissions until Folder Direction still works, but each user can only access their own folder.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Whilst the ‘My Documents’ folder is probably the most import redirection setting, the principles are much the same as Desktop redirection above. What I would like to concentrate on here is the Settings Tab.
Once again, in Windows Server 2003 Folder Redirection, Microsoft has thought of everything. What I particularly like is the control you have over moving the files, and there are even options for what do to if the policy is removed.
Finally, at the bottom you have decisions on what do about the My Pictures sub folder.
This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems. Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.
There are so many good gadgets; it’s like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer’s Toolset now!
The start menu uses the same technology as the other folders. However, your strategy for the Start Menu is likely to be different from the strategy for Folder Redirection. Therefore, I suggest that for Start Menu settings that you point everyone in the group to the SAME folder on the Windows server. The tactic is then to fill this folder with Start Menu icons. There is no need for the %UserName% variable, instead why not give all the users in the group, the same Start Menu experience.
Where you have subfolders off the Start Menu, no worries, like well behaved children, they follow their parent folders automatically!
Summary of Windows Server 2003 Folder Redirection Policy
Windows Server 2003 Group Policy provides the ability to redirect named user folders to server locations; one tactic is to automatically send users to a newly created folder. The trickiest part of configuring folder direction is setting permissions on the ‘Share’ and also the NTFS ACL.
See more user Group Policies for Windows
If you like this page then please share it with your friends