none
best practice folder redirection and regular folders

    Question

  • Guys,

    Am looking for a best practice for setting up folder redirection for profile and homefolder. Anyone who can direct me to the right place? Am finding a lot of blogs that are telling different stories.

    Second, is there a best practice available for sharing folders through the network with groups?

    regards,

    Friday, May 18, 2018 6:29 AM

All replies

  • hold on, found this:

    https://blogs.technet.microsoft.com/askds/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders/

    curious if i can use that in my dfs environment

    Friday, May 18, 2018 6:35 AM
  • Hi!

    I just wanted to share how I do things :-)

    Share Permissions

    I usually go with the default, in short (Everyone, Authenticated Users or Domain Users having Full Control or Change permissions), and then rely upon NTFS for the "real" permissions control. 

    NTFS Permissions

    I always assign permissions to security groups, rather than to specific individual users, I think this should be a best practice if it's not written somewhere. 

    Therefore, make sure you review, modify and create security groups as necessary to reflect how permissions within the file system are to be assigned (for example, IT , Sales Business, HR... etc.), and assign permissions to the appropriate group(s).

    I always create a top-level folder that will serve as a "root storage folder" for all user-created data (for example, D:\Data.)  After that I create sub-folders within this folder to segregate and organize data according to job roles and security requirements.  (If you are using using Windows Server, you might consider using DFS (Distributed File System) to enable abstraction between the physical storage of the data, and the logical hierarchical view presented to end-users.
    With DFS, files can be stored on any number of different servers, but presented to users as a single cohesive namespace.)

    Assign permissions as generally as possible at the upper-level folders, and then refine the permissions more narrowly at lower-level folders. 

    Example: 
    Consider assigning Authenticated Users the List Files permission at the very topmost data folder (for example, at D:\Data), this will allow everyone to see folder and file names and also traverse the entire folder structure, but they will not be able to do modifications or open any items.

    At the lower-level folders, create and assign additional permissions to the appropriate department groups (for example, assign the Modify permission to the HR security group to the D:\Data\HR folder.)

    Try to avoid changing inheritance or permissions on lower-level folders.

    Sometimes there's of course cases in which changing lower-level permissions may be the best course of action.

    If the group that has permissions to higher-level folders shouldn't be able to access what's in a lower-level folder, that might be an indication that that data might be better located elsewhere within the folder structure.

    Kind regards,
    Leon


    Blog: https://thesystemcenterblog.com  LinkedIn:   

    Friday, May 18, 2018 7:00 AM
  • Hi enlil,

    Based on my knowledge, you could use dfs combine with folder redirection and roaming profile.

    But since dfs replication can cause some potential inconsistent issue. You may need to consider it before you deploy.

    Here is an example.

    https://social.technet.microsoft.com/forums/windowsserver/en-US/390e72dc-aedc-46fb-80c0-74fab598fc17/folder-redirection-dfs

    For now, I haven't find the official documents to describe  best practice for setting up folder redirection for profile and homefolder  from Microsoft. You could follow the guides to design your environment.

    https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649076(v%3dws.11)

    https://blogs.technet.microsoft.com/askds/2010/09/01/microsofts-support-statement-around-replicated-user-profile-data/

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 18, 2018 9:08 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 21, 2018 7:17 AM
    Moderator
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back
    Best Regards,
    Mary

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 22, 2018 7:52 AM
    Moderator