none
Folder Redirection Deployment

    Question

  • Hello,

    I am trying to deploy Roaming profiles and wanted to deploy the Folder Redirection before that. So I followed the Microsoft support article (https://technet.microsoft.com/en-us/library/jj649078(v=ws.11).aspx) and did the following.

    Step 1: Create a folder redirection security group in the Administration Center - Added one test user to the group

    Step 2: Create a file share for redirected folders and gave the above security group full permissions to that folder.

    Step 3: Create a GPO for Folder Redirection and added that security group into the GPO.

    Step 4: Configure folder redirection with Offline Files

    Step 5: Enable the Folder Redirection GPO

    Step 6: Test Folder Redirection

    However, I do not see the GPO being applied when I log in to a computer as the test user.

    My environment is Domain Controller and Active Directory - Server 2012 std, Workstations - Windows 10.

    Please help thank you!


    • Edited by PARAKUM Monday, January 02, 2017 8:58 PM Formatting
    Monday, January 02, 2017 8:57 PM

Answers

  • Hello,

    there is an error in the Microsoft's tutorial, when they ask you to remove Authenticated Users (step 3): We should not remove the Authenticated Users, we just have to ensure that they can't apply the Group Policy, however, they must be able to read it anyway.

    You can easily fix this:

    Add Authenticated Users back by using the "Delegation" tab and select "Read" on the role (very important).

    the difference is that the Authenticated User should NOT be able to "Apply the Group Policy" but just "Read" the group Policy.

    Then, it should work as expected

    • Marked as answer by PARAKUM Tuesday, January 03, 2017 3:30 PM
    Monday, January 02, 2017 10:29 PM

All replies

  • Hello,

    there is an error in the Microsoft's tutorial, when they ask you to remove Authenticated Users (step 3): We should not remove the Authenticated Users, we just have to ensure that they can't apply the Group Policy, however, they must be able to read it anyway.

    You can easily fix this:

    Add Authenticated Users back by using the "Delegation" tab and select "Read" on the role (very important).

    the difference is that the Authenticated User should NOT be able to "Apply the Group Policy" but just "Read" the group Policy.

    Then, it should work as expected

    • Marked as answer by PARAKUM Tuesday, January 03, 2017 3:30 PM
    Monday, January 02, 2017 10:29 PM
  • Thank you my friend! that did the trick! :)
    Tuesday, January 03, 2017 3:31 PM
  • Roaming profiles are not supported in Windows 10.
     You should not used those anymore.
    • Edited by yannara Tuesday, January 03, 2017 4:28 PM
    Tuesday, January 03, 2017 4:27 PM
  • Roaming profiles are not supported in Windows 10.
    You should not used those anymore.

    Any official reference for that?

    (I agree, the start menu has problems for roaming users, but I'm not aware of an official response from MS that they won't fix it. 1511 contained various fixes for Edge and Cortana for roaming users.)

    Tuesday, January 03, 2017 5:41 PM
  • What? What do you mean by they are not supported? So I can't deploy them?
    Tuesday, January 03, 2017 8:30 PM
  • Roaming profiles are not supported in Windows 10.
    You should not used those anymore.

    Any official reference for that?

    (I agree, the start menu has problems for roaming users, but I'm not aware of an official response from MS that they won't fix it. 1511 contained various fixes for Edge and Cortana for roaming users.)


    I heard this in Finland MVP's presentations about Windows 10. You might find this statement somewhere in Ignite videos conserning Windows 10 deployments, because our contry MVPs basically brings these messages from Ignite.
    Wednesday, January 04, 2017 12:20 PM
  • I heard this in Finland MVP's presentations about Windows 10. You might find this statement somewhere in Ignite videos conserning Windows 10 deployments, because our contry MVPs basically brings these messages from Ignite.

    That's not really official though, is it? There have been various things in both directions in that kind of format, and nothing necessarily final. I suspect the true position is that there are factions in MS arguing in both directions... often the case, and not new for roaming profiles.

    In any event, as things stand, roaming profiles still work, and are part of the core functionality of windows in an enterprise environment. MS will need to make a more formal statement about withdrawing that functionality if they want to change that. Roaming profiles are still documented here, including references to support on Windows 10 Anniversary edition (page last modified 29 Dec 2016):

    https://technet.microsoft.com/en-us/library/jj649079%28v=ws.11%29.aspx

    Wednesday, January 04, 2017 2:12 PM
  • I future versions it will be removed.

    But go with Work Folders instead of Folder Redirection.

    Joakim

    Wednesday, January 04, 2017 3:33 PM
  • I future versions it will be removed.
    Again, official reference for this?
    Wednesday, January 04, 2017 3:57 PM
  • Dear Mike, I´m not so interested into looking up official information for you. Also, about this you might not even find anything official yet. Like, as an example, Direct Access will be depreicated at some point, we know that but it´s not official. I kindly wanted just to get you a hint, that you might want not to spend any more time on planning those roaming profiles. My opinion is, that roaming profiles has always been painful to maintance. Then came folder redirections and offline files, they were little bit better, but still problematic and performance consuming. Now, today.. the future is in Onedrive.
    Wednesday, January 04, 2017 4:05 PM
  • I’ll update the TechNet documentation. The group policy will not apply if you remove Authenticated Users due to the security change made in MS16-072.

     

    Regarding Roaming User Profiles (RUP) support, RUP is supported on Windows 10 but we’re no longer investing in new features. We do plan to deprecate RUP in the future but the timing has not been determined.

     

    Our recommendation is to use our modern solutions for roaming user data:

     

    ·         For settings and application data, use UE-V or Enterprise State Roaming (ESR)

    ·         For user data, use Work Folders or OneDrive for Business

    Wednesday, January 04, 2017 4:49 PM
  • Regarding Roaming User Profiles (RUP) support, RUP is supported on Windows 10 but we’re no longer investing in new features. We do plan to deprecate RUP in the future but the timing has not been determined.

     

    Our recommendation is to use our modern solutions for roaming user data:

     

    ·         For settings and application data, use UE-V or Enterprise State Roaming (ESR)

    ·         For user data, use Work Folders or OneDrive for Business

    Thanks for the update on this. Just to clarify something - we use roaming profiles currently for two main things:

    • Avoiding slow login for our students, who rarely use the same machine twice. Copying a profile down during login is much faster in our experience than the profile creation process. Having a roaming profile means our students get slower login just once at the start of the year, rather than every login.
    • Having settings move with the user between machines, for any and all applications, including ones that are not centrally provided, or are not identifiable from the running executable (e.g. Java or Python applications).

    I've had an initial look at UE-V, but didn't proceed with it once it became clear that it did not handle the above. I know less about ESR, but a quick look at that is even less promising. It certainly doesn't look like it addresses the slow login issue, and I can see nothing about synchronising application settings for normal windows apps only universal ones and only those specifically written to support it. We have no Universal apps at present, and 300+ traditional ones, many of them not of our choosing.

    They may be modern, but they do not appear to be solutions to the problems we currently solve with roaming profiles.

    Also, we're talking about desktops here, not laptops, so the device cannot physically move with the user.

    Currently, roaming profiles (plus folder redirection to reduce the amount of data copied at logon and logoff) address the above issues very well indeed for our kind of environment.

    If roaming profiles are to go, what will replace them that covers the above use cases?

    There are third-party solutions, but they tend to be expensive, and to break with each new windows version, so we'd prefer to avoid those...

    Wednesday, January 04, 2017 5:18 PM
  • I’ll update the TechNet documentation. The group policy will not apply if you remove Authenticated Users due to the security change made in MS16-072.

     

    Regarding Roaming User Profiles (RUP) support, RUP is supported on Windows 10 but we’re no longer investing in new features. We do plan to deprecate RUP in the future but the timing has not been determined.

    Jeff,

    Thank you for taking time to answer. Following the advise from Swisstone, I kept/added them in the Delegation of the group policy.

    The policy's Folder Redirecting portion works, but the Roaming portion is still not taking effect for some reason. Are there any further steps that I need to follow for this to take place?

    Thank you!

    Thursday, January 05, 2017 3:36 PM
  • Mike: I'll respond on the separate post you created.

    Parakum: If the Roaming User Profile is not applying, I would start by reviewing the event logs on the client.

    Troubleshoot User Profiles with Events
    https://technet.microsoft.com/en-us/library/jj649075(v=ws.11).aspx#Events_Step2ViewingtheOperationallogfortheUserProfileService


    Sunday, January 08, 2017 5:15 AM