28 July, 2011

How to Configure Folder Redirection

Folder Redirection

In an earlier post, we saw why we need "Roaming Profile" and how to configure "Roaming Profile" (http://www.adshotgyan.com/2011/07/how-to-configure-roaming-profiles.html). A User Profile contains data - documents, files, folders but.... can also contain movies, songs, etc... (Even though we as an administrator can restrict them) but still the bottom line is that the profile size can be few MBs to few GBs...

Now think about a situation that Mr. Gappu has a Roaming Profile and the size of his Roaming Profile is 3 GB... Now you will ask.. Whats a big deal.. Whats a problem in that... Think again....

The problem lies in the working and design of Roaming Profiles... Roaming Profiles download "ALL" the data from the network location when you log on to a machine where you have not logged in before... So assuming Mr. Gappu uses a new machine every time/everyday to log on, then every day 3 GB of data is copied from the server to his local machine....

A lot of network bandwidth and above of it might take few mins (5-30 or even more depending upon the network speed) before Mr. Gappu will get the desktop and starts working... So till that time he has a "Official" reason to roam around and chat thereby wasting company`s time... (Now you stop thinking if you could have a huge roaming profile...coz you have a local profile... so stop dreaming and start working)

The solution to this is to implement "Folder Redirection".... Folder Redirection also saves your data on the network, BUT it does not sync with your local machine every time to log on (Even though you can make it to do)... But the point to stress here is that by default it will not copy the data from the server to your local machine every time you log on to a new machine... be it a new machine or old machine... It will simple NOT COPY the data... You will get your data directly from the server (real time)...

Now lets see how can we implement Folder Redirection...

Before we implement Folder Redirection, I would like you to have a look in the registry to confirm the location of the Users Data

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Users Shell Folders

Note that the path for My Documents, My Pictures, Desktop, Etc.... is all Local

Now lets configure the Group Policy for Folder Redirection

Lets Redirect the "Desktop"

Basic - Redirect everyone’s folder to the same location
In majority of the cases, you will choose this option

Advanced - Specify locations for various user groups
You will use this option when you wants to redirect folders depending upon the group membership of the user

Once you choose the option "Basic - Redirect everyone’s folder to the same location", you have then the following options
1. Create a folder for each user under the root path
2. Redirect to the following location
3. Redirect to the local user profile location

For this lab, we will choose the option "Create a folder for each user under the root path"

Lets create a folder in the file system of the server where the data will be stored. make sure you assign appropriate permissions on the folder for the Users

Give the Network Location of that folder which you just created. make sure you do NOT specify the %UserName% variable here as we did in the case of Roaming Profiles

Keep the default options...

Run gpupdate /force and you will get the following message stating that the Folder Redirection will apply on next reboot...

Event ID as well stating that Folder redirection will apply at next reboot because of "Logon Optimization"

Also, note that the folder got created for that User on the network Location that was specified in the Folder Redirection Group Policy

Like Roaming Profiles, you as an administrator do not have permissions on the user folders. But unlike Roaming profile, where you could take the ownership of the folder and can view the data, in case of Folder Redirection it is not so easy. And I do not recommend you to play around with the permissions here...

On the client machine, you will get the Event ID 501 stating that the Folder redirection has been successfully applied...

Go into the properties of any folder on the client desktop which is being redirected and you will notice that it points to the network location instead of the local path.. That means that the data id being redirected to the Network Location...

The important thing that needs to be noticed is that if now you check the Profile of the User, you will not find the "Desktop" folder which was earlier present... This happens because the "Desktop" is getting redirected and the folder will be "CUT" from the Profile Share and will be PASTED into the Redirected Folder...

Be it Local profile (Cache Copy of the Roaming Profile in this Case)

Or Roaming Profile Share

Again, not recommended, But since I took the ownership of the user folder which was getting redirected, I am now able to view all the contents (The ownership was taken just to show that the data is getting redirected.. Taking the ownership can lead to data been inaccessible to the user)

Just a quick look in the Registry again.. This time you will notice that the path for Desktop has been changed from Local -> Network

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Users Shell Folders