none
Folder Redirection Fails when user is a member of local administrators or power users group

    Question

  • Hello,

    I'm trying to redirect Documents, Music, Pictures, Videos, and Favorites folders to a network drive via GPO with Win7.  This has worked for us without issue in the past using XP.

    I am using the Folder Redirection GPO set to Basic, with "grant user exclusive rights to documents" and "move the contents of documents to the new location" set to disabled.  "Also apply redirection policy to Windows 2000..." is set to enabled.

    Whenever a user (that is not a member of local administrators or power users group) logs in, the GPO applies properly and the folders are redirected.

    Whenever a user (that is a member of local administrators or power users group) logs in, the folder redirection fails.

    Application log shows Event ID 502 and the error reads as follows (for example):

    Failed to apply policy and redirect folder "Favorites" to "H:\Favorites".

    Redirection options= 0x9000.

    The following error occured: "Can not create folder "H:\Favorites"".

    Error details: "The system cannot find the path specified".

     

    The same errors are reported for the other attempted redirected folders.

    H:\Favorites exists, H: is mapped and accessible.

    "Always wait for the network at computer startup and logon" is enabled.

    If the user is not a member of "Power Users" or "Administrators," the redirections work properly.

    What am I missing?

    Thank you!

    Thursday, January 27, 2011 3:36 AM

Answers

  • Hi m.wolfe,

     

    Based on the logs you provided, I considered this could be the connection issue that the Group Policy cannot be applied. I suggest you to configure the EnableLinkedConnections registry value to check if the issue persists.

     

    Follow these steps:

     

    1. Click Start, type regedit in the Start Search box, and press ENTER.

    2. Locate and then right-click the following registry subkey:

         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    3. Point to New, and then click DWORD Value.

    4. Type EnableLinkedConnections, and then click Modify.

    5. In the Value data box, type 1, and then click OK.

    6. Exist Registry Editor, and then restart the computer.

     

    Best Regards,

    Miya Yao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, January 31, 2011 2:38 AM
    Moderator

All replies

  • Hi m.wolfe,

     

    Thanks for posting in Microsoft TechNet forums.

     

    The Event ID 502 you mentioned could be caused by missing incomplete information in subkeys of the following registry location:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions

     

    You can export and import the registry from a working machine to solve this issue.

     

    Note: Before you do this, please backup the registry key firstly.

     

    Best Regards,

    Miya Yao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 28, 2011 3:38 AM
    Moderator
  • Hi Miya,

    Thank you for the reply.

    I will check the mentioned registry subkeys shortly, however I do not have any working machines.  I am preparing a new deployment of Windows 7.  This issue has occurred on all machines that I have tried so far.

    Friday, January 28, 2011 3:48 AM
  • I checked the referenced area of the registry and found a large number of subkeys with unfamiliar information.  Nothing appears to be corrupt, but I don't know what I am looking for.  Can you explain further?

     

    Thank you.

    Friday, January 28, 2011 5:21 AM
  • Hi,

     

    Since there’s no working machine, it’s hard to check the registry key.

     

    I recommend you check the GPSVC.log to find which is related to the issue.

     

    1. Access the problematic Windows 7 machine. Click Start -> Run -> type regedit -> click OK.

    2. On the left panel, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.

    3. Right click Winlogon and select New -> DWORD Value.

    4. Name the new value as UserEnvDebugLevel.

    5. Double click UserEnvDebugLevel.

    6. Set the value data as 0x00030002 (Hexadecimal).

    7. Restart the computer.

    8. Log on the domain user to reproduce the mapped drive problem.

     

    The information will be written into the %Systemroot%\Debug\UserMode\GPSVC.log file. Please find the file and check if there any  folder redirection failed information.

     

    Best Regards,

    Miya Yao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 28, 2011 8:48 AM
    Moderator
  • Here are the entries relevant to Folder Redirection that I find in gpsvc.log:

     

    GPSVC(3cc.5c4) 20:35:58:818 ProcessGPOs: Processing extension Folder Redirection
    GPSVC(3cc.5c4) 20:35:58:818 CompareGPOLists: The lists are the same.
    GPSVC(3cc.5c4) 20:35:58:818 CheckGPOs: No GPO changes but couldn't read extension Folder Redirection's status or policy time.
    GPSVC(3cc.5c4) 20:35:58:818 ProcessGPOs: Extension Folder Redirection skipped with flags 0x7.
    
    
    
    
    
    GPSVC(3cc.974) 20:36:14:762 ProcessGPOs: -----------------------
    GPSVC(3cc.974) 20:36:14:762 ProcessGPOs: Processing extension Folder Redirection
    GPSVC(3cc.974) 20:36:14:762 ReadStatus: Read Extension's Previous status successfully.
    GPSVC(3cc.974) 20:36:14:762 CompareGPOLists: One list is empty
    GPSVC(3cc.974) 20:36:14:762 CompareGPOLists: One list is empty
    GPSVC(3cc.974) 20:36:14:762 GPLockPolicySection: Sid = S-1-5-21-1940680811-796995895-1873945657-62924, dwTimeout = 30000, dwFlags = 0
    GPSVC(3cc.974) 20:36:14:762 LockPolicySection called for user <S-1-5-21-1940680811-796995895-1873945657-62924>
    GPSVC(3cc.974) 20:36:14:762 Sync Lock Called
    GPSVC(3cc.974) 20:36:14:762 Writer Lock got immediately.
    GPSVC(3cc.974) 20:36:14:762 Lock taken successfully
    GPSVC(3cc.974) 20:36:14:762 Taking console lock with timeout 30000.
    GPSVC(3cc.974) 20:36:14:762 Sync Lock Called
    GPSVC(3cc.974) 20:36:14:762 Writer Lock got immediately.
    GPSVC(3cc.974) 20:36:14:762 Lock taken successfully
    GPSVC(3cc.974) 20:36:14:762 ProcessGPOList: Entering for extension Folder Redirection
    GPSVC(3cc.974) 20:36:14:762 UserPolicyCallback: Setting status UI to Applying Folder Redirection policy...
    GPSVC(3cc.974) 20:36:14:762 GetWbemServices: CoCreateInstance succeeded
    GPSVC(3cc.974) 20:36:14:762 ConnectToNameSpace: ConnectServer returned 0x0
    GPSVC(3cc.974) 20:36:14:809 LogExtSessionStatus: Successfully logged Extension Session data
    GPSVC(3cc.974) 20:36:15:371 ProcessGPOList: Extension Folder Redirection returned 0x3eb.
    GPSVC(3cc.974) 20:36:15:371 ProcessGPOList: Extension Folder Redirection was able to log data. RsopStatus = 0x0, dwRet = 1003, Clearing the dirty bit
    GPSVC(3cc.974) 20:36:15:371 Releasing console lock.
    GPSVC(3cc.974) 20:36:15:371 UnLockPolicySection called for user <S-1-5-21-1940680811-796995895-1873945657-62924>
    GPSVC(3cc.974) 20:36:15:371 UnLocked successfully
    GPSVC(3cc.974) 20:36:15:371 ProcessGPOs: Extension Folder Redirection ProcessGroupPolicy failed, status 0x3eb.

    Saturday, January 29, 2011 2:08 AM
  • Hi m.wolfe,

     

    Based on the logs you provided, I considered this could be the connection issue that the Group Policy cannot be applied. I suggest you to configure the EnableLinkedConnections registry value to check if the issue persists.

     

    Follow these steps:

     

    1. Click Start, type regedit in the Start Search box, and press ENTER.

    2. Locate and then right-click the following registry subkey:

         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    3. Point to New, and then click DWORD Value.

    4. Type EnableLinkedConnections, and then click Modify.

    5. In the Value data box, type 1, and then click OK.

    6. Exist Registry Editor, and then restart the computer.

     

    Best Regards,

    Miya Yao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, January 31, 2011 2:38 AM
    Moderator
  • Thank you, Miya.

     

    Applying this setting appears to have resolved the issue, however, I am still investigating the security implications of this setting.

    Wednesday, February 02, 2011 5:45 PM
  • This has resolved the issue with one large exception - administrator users no longer receive UAC prompts.  I'm not sure if there is any benefit to this method over disabling UAC.
    Wednesday, February 09, 2011 11:41 PM
  • Hallo m.wolfe

    Does it work now for you?

    I'm having the same problem but I don't want to set the EnableLinkedConnections value or disable UAC.

    Regards,
    Matias

    Thursday, June 23, 2011 9:24 AM
  • Hallo m.wolfe

    Does it work now for you?

    I'm having the same problem but I don't want to set the EnableLinkedConnections value or disable UAC.

    Regards,
    Matias


    Does it work?  Yes.

    Does it work well? No.

    It seemingly neuters UAC.  Users never receive UAC prompts.  I don't know exactly what the difference between disabling UAC and enabling linked connections is.

    Additionally, there are still problems with mapped drives when installing software.  We use redirected "My Documents" folders.  These redirections don't seem to exist when running an installer that required elevated permissions (all of them?).  For installers that require access to "My Documents" folders, the installers will fail.

    It's been awhile since I've looked at this and don't remember all of the details, but I have been meaning to find a better solution.  However, I am somewhat doubtful that there is a better solution, other than not having your users run as local admins.


    Thursday, June 23, 2011 11:22 AM
  • Miya,

    I know this is an old thread but I am working a case now with the same error and I checked and we have this setting already in place.  Yet we continue to have the same problem that folder redirection does not work.

    Gizmo

    Friday, November 03, 2017 3:00 PM