Thursday, October 21, 2010

Most Underrated and Underused features of a SBS server - Part 2

Folder Redirection

Windows provides the ability to redirect specific user folders to server locations, using a group policy extension called Folder Redirection. Folder Redirection allows users and administrators to redirect the path of a folder with critical data to a new location on the server. Users have the ability to work with documents on a server as if the documents were based on the local drive.

Set Up

Since Folder redirection works by applying group policies , there has to be a logical structure of AD. Once an administrator creates the group policy and links it to the appropriate AD object, he can designate which folders to redirect and where to store thos e on the server,following is the location of the GP

User Configuration\Windows Settings\Folder Redirection


When you go to the properties of any of the folders application data , desktop , My documents , Start Menu a similar screen as below will appear


Go through the options it gives you get here

You can redirect all folders to one location or choose the advanced option to have different location for various User Groups. You can also choose the folder location and provide the path below.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies. You can use only variables like %username% or %userprofile% , Other variables may not be available

What can you redirect ?

  • My Documents
  • My Pictures
  • Application Data
  • Desktop
  • Start Menu

If you have a SBS 2008 , folder redirection is easy as 1 2 3 . Just open the SBS console and it gives you ability to redirect folders for the users. SBS 2008 is a phenomenal server OS for small businesses and very easy to administer for novices.



How much easier can it get ? A UI to set up folder redirection. NO GPO settings , no folder permissions .

In both cases we need some specific permissions on remote  file share , if these are incorrect , you may face issues. For folder redirection to work properly, the destination shared folder NTFS and Share Permissions must be properly configured.  If redirecting a folder to a location that the end user should not change, i.e. the Start Menu or Locked Down Desktop the following permissions should be applied:

  • Share Permissions:
    • Everyone – Full Control
    • Administrators – Full Control
    • System – Full Control
  • NTFS Permissions:
    • Everyone – Read and Execute
    • Administrators – Full Control
    • System – Full Control

If Group Policy is configured to redirect to a location where the GPO will automatically create the destination folder, i.e. user’s individual Application Data, Desktop or My Documents folders the following permissions should be applied to the parent folder:

  • Share Permissions:
    • Everyone – Full Control
    • Administrators – Full Control
    • System – Full Control
  • NTFS Permissions:
    • Everyone - Create Folder/Append Data (This Folder Only)
    • Everyone - List Folder/Read Data (This Folder Only)
    • Everyone - Read Attributes (This Folder Only)
    • Everyone - Traverse Folder/Execute File (This Folder Only)
    • CREATOR OWNER - Full Control (Subfolders and Files Only)
    • System - Full Control (This Folder, Subfolders and Files)
    • Domain Admins - Full Control (This Folder, Subfolders and Files)

So let your users redirect important company information to a central share. But be aware

1. If you have too much data in the folder you want to redirect , and you are setting this up for the first time , it will take huge amount of time to move the data to the shared folder , thus delaying the logon.

2. If folder redirection is being set up for the first time , the clients will have to log out and log in minimum 3 times to start the folder redirection.

No comments:

Post a Comment