Server 2012 R2 - GPO - Folder redirection with Local Sync

Windows Server 2012 R2 Folder redirection with local Sync

Update: 8-29-2014 - Details in Red
 
Before you set up Group Policy for Folder Redirection, you need a properly configured file server. In my examples, I’ll be using Windows Server 2012 R2.

The first decision you’ll need to make is on the share name. My preference is typically to use “HomeDrive” since we’ll be redirecting user folders. I typically create a mapped network drive "H" and you can use this to store profile paths. As an added step, you can make this a hidden share (by adding a $ to the end of the share name) if you think that is necessary for your file server. The less the end users can see or be confused by, the better!

Lets start by granting "Everyone" full control of the hidden share. (Don't worry we will lock it down with security in the net step).
  • Right click "HomeDrive" folder.
  • Select the "Sharing" Tab.
    • Advanced Sharing
  • Check "Share this folder", enter the share name (I added the "$" to the end to make it hidden)
  • Next open permissions, add "Everyone" and grant Full Control. I have change this to be "Authenticated Users"
 
 
Now lets setup the Security Access to the folder.
  • Right click "HomeDrive" folder.
  • Select the "Security" tab.
    • Advanced.
  • Disable Inheritance
    • Copy user information
    • Delete the two "Users" access rights.
  • Add the user "Everyone" if it is not already there. I have changed this to "Authenticated Users"
    • Select "Edit".
    • Applies to: "This folder only".
    • Select "Show advanced permissions".
    • Check the boxes for ONLY the following
      • Traverse Folder/Execute File
      • Read Attributes
      • Create Folders/Append Data
      • Read Permissions
 
 
 
Now we can actually create the GPO for the folder redirection to take place.
  • Open Group Policy Management
  • Right click your "Users" OU
    • Select "Create a GPO in the domain, and Link it here..."
    • Give the GPO a name, I called mine "GPO - Home Folders".
  • Now right click the GPO and select "Edit".
  • Go to User Configuration > Policies > Windows Settings > Folder Redirection.
 
  • Right click either Desktop, Documents or any other folders you would like redirected.
  • Select the options from the image below.
  • Under the Settings tab, UNCHECK the box for "Grant the user exclusive rights to (folder_name)"
    • If you do not do this Domain Admins will have no access and have to manually take ownership of each users folder.
 
 
  • Make sure the link the GPO to the correct OU containing the Users.
  • Create your Users, Apply the Home Drive folder "\\FILESERVER\HomeDrive$\%username%
  • This will automatically create subfolders under the homedrive$ location.

 
If all goes well you will see the following: Green Swirls are your friends!
 

To conclude there will be different beliefs about syncing local copies vs folder redirection. I prefer the local sync for better end user performance. But never EVER redirect the APPDATA folder, nothing but the dark side resides there... currently dealing with the fall out at my current job.
 
Some other notes, Windows 8.1 has a GPO (2012R2) feature where you can have a users primary PC local sync and any other pc the log into with all use the network folder.
 

No comments:

Post a Comment

Subscribe to: Posts (Atom)