none
Folder Redirection & Windows 2012 R2

    Question

  • Scenario:

    Clustered Windows 2012 R2 File Servers and Windows 7, 8, 8.1 Clients.  The cluster has a file share called personal and it is shared out as personal$ and the share was created via the failover cluster manager.  Access-based enumeration is on as well as continuous availability.  Permissions are set as follows:

    Share Permissions: Everyone - Full Control
    NTFS Permissions:

    DOMAIN\Domain Users   - Read & Execute
    DOMAIN\Domain Admins - Full Control
    BUILTIN\Administrators - Full Control
    NT AUTHORITY\SYSTEM - Full Control
    CREATOR OWNER - Full Control

    GPO Information (one of the settings):

    Setting: Basic: Redirect everyone's folder to the same location
    Target Folder location: Create a folder for each user under the root path
    Root Path: \\FILESRVCLUSTER\Personal$

    For user Clair, this folder will be redirected to:

    \\FILESRVCLUSTER\Personal$\Clair\Documents

    Under Settings:

    Grant the user exclusive rights to Documents *UNCHECKED*
    Move the contents of Documents to the new location. *CHECKED*
    Also apply redirection policy to Windows 2000, etc.. *CHECKED*

    Policy Removal:

    Redirect the folder back to the local userprofile location when policy is removed.

    Situation:

    Currently trying to setup folder redirection so that when a user logs into their machine, their Desktop, AppData, Pictures, Videos, etc.. will go to their home drives that are located on the cluster.  The problem is that when the GPO is applied, instead of a seeing the "Pictures" folder - for example - they will see Personal$.  So for every folder that is redirected, that user sees Personal$ instead of the folder name.  (In short, the user's folders are looking at the ROOT of Personal$ versus in their "home" location.)  The idea would be to have the folders show as their "original" names.

    A couple of interesting notes:

    1. I'm using a Windows 8.1 client to test things.  I've found that removing the policy does *NOT* restore the settings.
    2. I noted that on one of the File Servers that Personal directory shows up as Music (just like the Music folder on a computer) in Windows Explorer but in Failover Cluster Manager and via command prompt it shows up as \Personal.

    Any assistance would be appreciated!

    Friday, March 6, 2015 5:59 PM

Answers

  • Hello Martin,

        Here is a bit of feedback on the "actual" solution as it required me calling Microsoft on this issue:

    1. Folks need to know that registry tattooing still happens with GPO and Windows 2012 R2.  This was the biggest impediment to things working correctly.  (See: https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/ for additional information.)

    2. It is important to note that we did have the option - under Policy Removal - to "redirect the folder back to the local userprofile location when policy is removed" and tattooing still happened.

    3. We ended up having to modify the registry for those users were testing in order to clean up the tattooing that had happened. 

    4. Another change that was done, was on the location of the home folders, we changed the "default" Everyone share permissions (Everyone gets full control on the share) and changed it to "Domain Users" having Read&Execute/List folder Contents/Read permissions. Note: This is different obviously than the NTFS permissions.

    For folks reading this post/topic:

    Here are some of the settings used (for example) for the AppData(Roaming) properties:

    Thursday, March 19, 2015 9:04 PM

All replies

  • > Setting: Basic: Redirect everyone's folder to the same location
    > Target Folder location: Create a folder for each user under the root path
     
    Change that to "redirect to the following path" and use
    %homeshare%%homepath%Documents (eg) - I found this redirection to work
    well in all past and current OS versions.
     
    > 2. I noted that on one of the File Servers that Personal directory shows
    > up as Music (just like the Music folder on a computer) in Windows
    > Explorer but in Failover Cluster Manager and via command prompt it shows
    > up as \Personal.
     
    That most probably is an issue with desktop.ini (manipulating the
    explorer display name for files and folders):
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Sunday, March 8, 2015 11:57 AM
  • Hello Martin,

        Thanks for the response.  A couple of problems I noted:

    1. When I changed the Target Folder location to Redirect to the following location (for example for the folder DOCUMENTS) and I type in \\FILESRVCLUSTER\Personal$\%username%\Documents in Root Path it accepts it but when I go back to look at the setting after it's been accepted, I notice that the setting has reverted back to Create a folder for each user under the root path and the Root Path has reverted to \\FILESRVCLUSTER\Personal$

    2. My thought is that if the system can't find the particular folder ie \Documents or \Pictures it won't actually map to the location correctly.

    Thoughts?

    Thanks!

    Monday, March 9, 2015 2:07 PM
  • > 1. When I changed the *Target Folder* location to *Redirect to the
    > following location* (for example for the folder DOCUMENTS) and I type in
    > \\FILESRVCLUSTER\Personal$\%username%\Documents in *Root Path *it
    > accepts it but when I go back to look at the setting after it's been
    > accepted, I notice that the setting has reverted back to *Create a
    > folder for each user under the root path *and the *Root Path* has
    > reverted to *\\FILESRVCLUSTER\Personal$*
     
    Yes, that's kind of "stupid intelligence" built into that CSE.
     
    > 2. My thought is that if the system can't find the particular folder ie
    > \Documents or \Pictures it won't actually map to the location correctly.
     
    No - it will create the subfolder if it can do so. But if %username%
    does not exist, it will fail (AFAIK at least).
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Monday, March 9, 2015 4:31 PM
  • Hello Martin,

        Here is a bit of feedback on the "actual" solution as it required me calling Microsoft on this issue:

    1. Folks need to know that registry tattooing still happens with GPO and Windows 2012 R2.  This was the biggest impediment to things working correctly.  (See: https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/ for additional information.)

    2. It is important to note that we did have the option - under Policy Removal - to "redirect the folder back to the local userprofile location when policy is removed" and tattooing still happened.

    3. We ended up having to modify the registry for those users were testing in order to clean up the tattooing that had happened. 

    4. Another change that was done, was on the location of the home folders, we changed the "default" Everyone share permissions (Everyone gets full control on the share) and changed it to "Domain Users" having Read&Execute/List folder Contents/Read permissions. Note: This is different obviously than the NTFS permissions.

    For folks reading this post/topic:

    Here are some of the settings used (for example) for the AppData(Roaming) properties:

    Thursday, March 19, 2015 9:04 PM