Tip

Folder redirection tips and tricks

Jason Rush, Technical Writer, Microsoft Corp.

Folder redirection tips and tricks
By Jason Rush, Technical Writer, Microsoft Corp.

The Folder Redirection extension to Group Policy is used to redirect such user-specific folders as My Documents from the client to a server to facilitate administrative management of user data.

  1. Let the system create folders for each user

    To ensure that folder redirection works as well as possible, create the root share only on the server, and let the system create the folders for each user. Set the share permissions to Full Control for the security groups you're redirecting, and set the NTFS permissions for Everyone to Full Control, this folder, subfolders and files.

    If you must create folders for the users, ensure that you have the correct permissions set. The tables below shows the default and minimum permissions required for folder redirection:

    User Account Folder Redirection Defaults Minimum permissions needed
    Creator/owner Full Control, this folder, subfolders and files Full Control, this folder, subfolders and files
    Local Administrator Full Control, this folder, subfolders and files Full Control, this folder, subfolders and files
    Everyone Full Control, this folder, subfolders and files List Folder/Read data, Create Files/Write Data, Create Folders/Append Data

    Requires Free Membership to View

  1. - This Folder only
    Local System Full Control, this folder, subfolders and files Full Control, this folder, subfolders and files

    NTFS Permissions required for root folder

    User Account Folder Redirection Defaults Minimum permissions needed
    Everyone Full Control Use security group that matches the users who will need to put data on share

    Share level (SMB) Permissions required for root folder

    User Account Folder Redirection Defaults Minimum permissions needed
    %username% Full Control, owner of folder Full Control, owner of folder
    Local System Full Control Full Control
    Everyone Traverse Folder, Read Attributes, Read Extended Attributes and Read Permissions Everyone - no permissions

    NTFS Permissions required for each user's redirected folder

  2. Use offline folder settings on the server share where the user's info is stored.

    This is especially important for users with laptops. Redirected folders of any type should be coupled with offline files. The recommended configuration for offline files to use is:

    MyDocs: Autocaching for Documents or Manual Caching for documents (if you want users to have to "pin" files)
    AppData: Autocaching for Programs
    Desktop: Autocaching for Programs if the desktop is read-only
    StartMenu: Autocaching for Programs

    For more info: User Data and User Settings Step-by-Step Guide, to be posted soon on TechNet.

  3. Incorporate %username% into fully qualified universal naming convention (UNC) paths

    This allows the system to easily create folders for users based on their username. For example, \servershare%username%My Documents

  4. Have My Pictures follow My Documents

    This is advisable unless there is a compelling reason not to, such as file share scalability.

  5. Policy removal considerations

    Keep in mind the behavior your folder redirection policies will have upon policy removal. The Folder Redirection section of the online help gives details.

  6. Accept defaults

    In general, accept the default folder redirection settings.

  7. Don't store roaming profiles on the same server as redirected folders that are enabled for offline use

    When a share is unavailable, offline folders considers the whole server to be unavailable until the offline cache is manually synchronized. Roaming profiles will not be synchronized with the server while offline folders considers the server to be unavailable. If you are using offline folders in conjunction with folder redirection and roaming user profiles, you should ensure that the folder redirection share and the profiles share are located on different servers.


    This was first published in January 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.