none
Folder Redirection with Terminal Services - Filtering applicability

    Question

  • Hello Everyone,

    After a couple of days reading online and doing some testing, I decided to ask here as I'm unable to solve the issue I'm having. The scenario is more complex, but I'll summarize what I'm trying to accomplish.

    Environment: 2 Win2012 Servers, 1 Client

    What I'm looking for:

    When Client connects through RDP to "Server A", all user folders (Documents, Videos, Music, Pictures, Desktop) get redirected to the equivalent folders in the Client.
    Example: "C:\Users\Username\Desktop" in "Server A", redirects to "C:\Users\Username\Desktop" in "Client"

    When Client connects through RDP to "Server B", no folder is redirected

    What I think should have worked, but it's not: 

    - Put each server in a different OU in Active Directory (they also belong to different security groups)
    - Linked a GPO to the OU containing "Server A" with the following settings:
        Computer Configuration
          "Policies -> Administrative Templates -> System/Group Policy -> Configure user Group Policy loopback processing mode" = Enabled (Merge)
        User Configuration
          "Policies -> Windows Settings -> Folder Redirection -> Desktop" = Basic (Redirect everyone's folder to the same location)
              "\\%clientname%\Users$\%username%\Desktop"

     Why is not working and another things I tried:
       - The %clientname% variable gets populated after the Group policy runs, so it's not able to find the network share and it fails.
       - Replacing %clientname% for "Client1" works, but I actually have more than 1 client, and want it to work regardless of the client from which the user is connecting.
       - Tried using a login script with mklink, but I'll have to remove the user folders in "Server A" before doing the link, and doesn't seem like the right thing to do
       - Assigning the GPO to a OU containing the users also works, but I don't know how to use a WMI filter to apply it only to users logging in to  "Server A"

    So...

    Any ideas? maybe a delay so the clientname bvariable gets populated, or a WMI filter that I can use to allow the policy to run in computers members of the security group "server A" belongs to.
    I appreciate any help you can provide.
    Thanks!!

    Tuesday, October 01, 2013 3:18 PM

Answers

  • Hi guys,

    Martin, I've tried both options you suggested and they didn't work (check my previous post for the reasons)

    Matthias, I've tried GPP but it's the same issue, as %clientname% does not exist.

    Anyway, I resolved it using a vbs logon script which I post bellow with a couple of search tags in case someone needs it.
    how to map redirect user profile folders terminal server client login script gpo

    So, First we need to assign a GPO to the OU with the Servers we want the policy to apply, the GPO must have enabled loopback processing in 
    Computer Configuration
          "Policies -> Administrative Templates -> System/Group Policy -> Configure user Group Policy loopback processing mode" = Enabled (Merge)

    Then the following Logon script saved as .vbs file in
    Userr Configuration
          "Policies -> Windows Settings -> Scripts (Logon/Logoff) -> LogOn"
    Const cstRegKey = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"
    ' Terminal Server Folder Redirection VBS Script
    Dim oShell, sSessionInfo, sSessionNumber, sClientName, sSource, sTarget, sDestFolder
    Set oShell = CreateObject("WScript.Shell")
    
    ' Gets user session information
    sSessionInfo = Split(LCase(oShell.Exec("query session %username%").StdOut.ReadAll), vbCrLF)(1)
    
    ' Cleans output
    Do While InStr(sSessionInfo, "  ")
     sSessionInfo = Replace(sSessionInfo, "  ", " ")
    Loop
     
    'Gets Session Number
    sSessionNumber = Split(sSessionInfo)(2)
    
    'Gets ClientName from Registry and Exits if error
    On Error Resume Next
    sClientName = LCase(oShell.RegRead("HKCU\Volatile Environment\"&sSessionNumber&"\CLIENTNAME"))
     If Err.Number <> 0 Then
      EndScript 1
     End If
    
    
    sDestFolder = "\\"&sClientName&"\Users$\%USERNAME%\"
    
    ' Sub Procedure to modify registry keys
    Sub RedirectFolder(sSource, sTarget)
     oShell.RegWrite cstRegKey&sSource, sDestFolder&sTarget, "REG_EXPAND_SZ"
    End Sub
    
    ' Redirect Slected Folders
    RedirectFolder "Desktop", "Desktop"
    RedirectFolder "Personal", "Documents"
    RedirectFolder "Favorites", "Favorites"
    RedirectFolder "My Pictures", "Pictures"
    RedirectFolder "My Music", "Music"
    RedirectFolder "My Video", "Videos"
    
    EndScript 0
    
    ' Cleans Memory and Exits
    Sub EndScript(iOutValue)
      sSessionInfo = Empty
      sSessionNumber = Empty
      sClientName = Empty
      sSource = Empty
      sTarget = Empty
      sDestFolder = Empty
      Set oShell = Nothing
      Wscript.Quit iOutValue
    End sub

    Thanks for all the help
    Take Care

    • Marked as answer by Edu's Wednesday, October 02, 2013 4:10 PM
    Wednesday, October 02, 2013 4:10 PM

All replies

  • Hello,

    Have you tried creating your own environment variable?

    http://technet.microsoft.com/en-us/library/cc772047.aspx

    You could use GPP Environment Variables and build the variable you need.

    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Tuesday, October 01, 2013 3:44 PM
  • PS:

    "Clientname" is not resolved during login. This is normal.

    See also here:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/28a079d6-0e53-4431-b60b-1467817fb230/clientname-environment-variable-at-login-script-problem


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Tuesday, October 01, 2013 3:46 PM
  • Hi,

    Thanks for your reply.

    I'm aware of clientname not being resolved during login, so I'm looking for a workaround.

    I can't use a GPP environmental variable as the value is not static (Users logging in from different clients)
    I also tried using a login script which populated the clientname variable as follow:

    @echo off
    for /f “tokens=1-3″ %%1 in (‘query session %USERNAME% ^| find “>”‘) do set ses_num=%%3
    
    for /f “tokens=1-3″ %%1 in (‘reg query “HKCU\Volatile Environment\%ses_num%” /v CLIENTNAME’) do set clientname=%%3 )

    And set the policy link priority to execute that before the GPO for folder redirection but didn't work.

    Also tried using a login script that modified the registry key for folder redirection under "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" but didn't work either.

    I should be able to combine that login script with a script that redirects the user folders, but besides modifying the registry keys (which didn't work) or using mklink (which requires to delete the local folders before redirecting), I don't know how to do it.

    So I think best way would be to assign the policy to all users and use a WMI filter to choose only the computers that belong to a specific security group.
    Still, don't know if it's possible or how to create that WMI filter


    • Edited by Edu's Tuesday, October 01, 2013 4:19 PM
    Tuesday, October 01, 2013 4:17 PM
  • There's two possible solutions:

    a) Enable loopback and link your FR GPOs to the server OUs. This requires different OUs for servers with redirection enabled or redirection diesabled.

    b) Replace FR with GPP registry. Not that easy, but it works like a a charm (I've proven this to implement "primary computer" for XP workstations during the process of writing a book about GPOs). Here you can utilize Item level targeting, maybe on RDP Client names or whatever you want

    To test whether these solutions work with redirecting to "\\client" is your job now. I doubt that they do - I believe \\client will be available too late in the logon process.


    Martin

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

    Restore the forum design - my user defined Cascading Style Sheet!

    Wednesday, October 02, 2013 7:45 AM
  • I can't use a GPP environmental variable as the value is not static (Users logging in from different clients)

    What I was saying is, use a custom per user GPP Environment Variable (User Settings)
    Like myclientname = %clientname%.

    This is just a wrapper.

    I would give it a try.
    Create a custom user variable and logon the user. Perform a update.
    What happens the next time you login? Can you use the custom variable for folder redirection?


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!


    Wednesday, October 02, 2013 10:39 AM
  • Not that easy, but it works like a a charm (I've proven this to implement "primary computer" for XP workstations

    Any plans for a blogpost on that? :-)

    Sounds nice.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Wednesday, October 02, 2013 10:41 AM
  • Hi guys,

    Martin, I've tried both options you suggested and they didn't work (check my previous post for the reasons)

    Matthias, I've tried GPP but it's the same issue, as %clientname% does not exist.

    Anyway, I resolved it using a vbs logon script which I post bellow with a couple of search tags in case someone needs it.
    how to map redirect user profile folders terminal server client login script gpo

    So, First we need to assign a GPO to the OU with the Servers we want the policy to apply, the GPO must have enabled loopback processing in 
    Computer Configuration
          "Policies -> Administrative Templates -> System/Group Policy -> Configure user Group Policy loopback processing mode" = Enabled (Merge)

    Then the following Logon script saved as .vbs file in
    Userr Configuration
          "Policies -> Windows Settings -> Scripts (Logon/Logoff) -> LogOn"
    Const cstRegKey = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"
    ' Terminal Server Folder Redirection VBS Script
    Dim oShell, sSessionInfo, sSessionNumber, sClientName, sSource, sTarget, sDestFolder
    Set oShell = CreateObject("WScript.Shell")
    
    ' Gets user session information
    sSessionInfo = Split(LCase(oShell.Exec("query session %username%").StdOut.ReadAll), vbCrLF)(1)
    
    ' Cleans output
    Do While InStr(sSessionInfo, "  ")
     sSessionInfo = Replace(sSessionInfo, "  ", " ")
    Loop
     
    'Gets Session Number
    sSessionNumber = Split(sSessionInfo)(2)
    
    'Gets ClientName from Registry and Exits if error
    On Error Resume Next
    sClientName = LCase(oShell.RegRead("HKCU\Volatile Environment\"&sSessionNumber&"\CLIENTNAME"))
     If Err.Number <> 0 Then
      EndScript 1
     End If
    
    
    sDestFolder = "\\"&sClientName&"\Users$\%USERNAME%\"
    
    ' Sub Procedure to modify registry keys
    Sub RedirectFolder(sSource, sTarget)
     oShell.RegWrite cstRegKey&sSource, sDestFolder&sTarget, "REG_EXPAND_SZ"
    End Sub
    
    ' Redirect Slected Folders
    RedirectFolder "Desktop", "Desktop"
    RedirectFolder "Personal", "Documents"
    RedirectFolder "Favorites", "Favorites"
    RedirectFolder "My Pictures", "Pictures"
    RedirectFolder "My Music", "Music"
    RedirectFolder "My Video", "Videos"
    
    EndScript 0
    
    ' Cleans Memory and Exits
    Sub EndScript(iOutValue)
      sSessionInfo = Empty
      sSessionNumber = Empty
      sClientName = Empty
      sSource = Empty
      sTarget = Empty
      sDestFolder = Empty
      Set oShell = Nothing
      Wscript.Quit iOutValue
    End sub

    Thanks for all the help
    Take Care

    • Marked as answer by Edu's Wednesday, October 02, 2013 4:10 PM
    Wednesday, October 02, 2013 4:10 PM
  • Hi,

    I’m glad to hear that you have resolved the issue and thanks for sharing your solution in the forum. This will help others who face the same scenario resolve the issue quickly. If there is anything else I can do for you, please do not hesitate to let me know. I will be very happy to help.

    Best regards,

    Justin Gu

    Friday, October 04, 2013 1:21 AM