A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery.
Q: What’s the difference between this and a roaming / roving profile?
A: Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.
Q: What folders can be redirected?
A: From Server 2008 onwards, and with Windows 7 clients and above, the following can be redirected.
AppData(Roaming)
Desktop
Start Menu
Documents
Pictures
Music
Videos
Favorites
Contacts
Downloads
Links
Searches
Saved Games
Solution
1. On a server create a folder to hold the redirected data, In this case you will notice I’ve called my share Redir$ (The dollar sign just means it’s a hidden share, and can’t be seen if people are network browsing).
Folder Redirection: Permissions for the Root Folder
2. Set the share permissions to Everyone: Full Control (Don’t worry we will secure it with NTFS permissions).
3. On the security tab of the folder click advanced.
4. For Server 2012 / 2016 you should see something like this;
For Server 2008 and older it should look more like this;
5. For server 2012 / 2016 Disable Inheritance and select ‘Convert’.
For 2008 and older, untick “Include Inheritable permissions from this objects parent” > At the warning click “Add”.
6. Select each User in turn (You will need to add the Everyone group) > Then Edit the permissions so that they are as follows.
CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only).
System – Full Control (Apply onto: This Folder, Subfolders and Files).
Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files).
Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only).
Everyone – List Folder/Read Data (Apply onto: This Folder Only).
Everyone – Read Attributes (Apply onto: This Folder Only).
Everyone – Create Folder/Append Data (Apply onto: This Folder Only).
2012 / 2016
‘Show Advanced Permissions’
2008 and older.
7. Now REMOVE BOTH the entries for USERS > Apply > OK.
7. On your domain controller open the Group Policy Management Console, (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.
8. I prefer to create a new policy and call it something sensible so if there’s a problem it’s easy to find in the future.
9. Navigate to:
[box]User Configuration > Policies > Windows Settings > Folder Redirection[/box]
Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.
10. I’m going to redirect all my users documents to the one folder I created earlier, so I will choose basic.
Note: You can choose “Advanced” and redirect different groups folders to different locations.
Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.
11. I’m going to accept the defaults on the settings tab, the option I’ve highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it’s the same way user profiles work, you can still back them up).
12. Now as your users log on their folders will be redirected to the share you setup.
Backing up Redirected Folders
13. Even with exclusive rights you can still back this data up:
Related Articles, References, Credits, or External Links
I got this when backing up to an HP RDX removable disk backup system. The drive WAS formatted as NTFS, but the job failed with the following error;
Error:
V-79-57344-4608 – 0xe0001200 – This operation requires a backup-to-disk folder on a local NTFS volume on the media server. Check the job log for details
V-79-57344-4608 – The backup-to-disk folder that was specified for this job must be on a local NTFS volume. Create a new backup-to-disk folder on a local NTFS volume or modify the current folder, and then submit the job again.
Note: Seen on Backup Exec 10.x and 11.x
Solution
In my case the problem was because I was backing up Exchange (2003 on an SBS 2003 server) and it had the GRT option enabled. (Though in these older versions of Backup Exec they didn’t call it GRT).
With Removable Backup to disk Folders you cannot use GRT. Sorry either use a tape or a normal backup to disk folder. And that’s for Exchange, Active Directory and Sharepoint.
1. From within Backup Exec > Tools > Options > Microsoft Exchange > Remove the tick from “Enable the restore of individual mail messages and folders from Information Store backups” > OK.
2. That’s fine for all NEW jobs but if you already have your backup job create you need to edit it. Navigate to Job Monitor > Right click the relevant job> Properties > Microsoft Exchange > Remove the tick from “Enable the restore of individual mail messages and folders from Information Store backups” > Submit > OK.
Related Articles, References, Credits, or External Links
Usually If I’ve got a lot of user profiles and data to shift, I use the clients backup software, copying user and group permission’s is pretty easy, xcopy can do that quite happily. The problem is migrating the shares and share permissions, that’s got to be done manually, for a few folders that’s easy to do, but if they have a LOT of shared folders that can be a problem.
So heres how to migrate both the share permissions and the NTFS permissions. from one server to another.
Solution
Note: For this to work, the drive letter on the source server and the new server needs to be the same.
1. On the new server, map a drive letter the the shared drive on the old server.
2. Copy the contents of the OLD drive to the NEW drive with the following command.
xcopy x:*.* e:*.* /D /E /C /F /H /K /O /Y
3. The copy over can take some time, remember if your old server has a slow network card or you only have a 10/100 switch then it may take considerably longer. In this example I was moving approx 140GB – it took a couple of hours.
4. That gets the files over with the correct windows permissions. Lastly we need to migrate the share permissions, on the OLD server > Start > Run > Regedit > Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanserverShares > Right click the entire “Shares” Key and export it to a file. (I just called it Shares and dropped it on the old servers C: drive).
5. Now I’ve read other sites and posts that say WARNING importing this key will break shares on the new server, but that is NOT the case. If you are worried you can export the same key on the NEW server to back it up.
6. Copy the file you exported from the old server to the new server, then double click it, you will get a warning about adding/merging the file into the registry > Accept by clicking yes.
7. All being well it should say it was successful. Now simply reboot the NEW server and the shares will be recreated.
Related Articles, References, Credits, or External Links
The title may raise an eyebrow, in a time when people are concerned with hardening their servers and making things more secure, why would you want a shared folder anyone can access without a password? Well because most of us operate in the real world where the biggest secret on our network is ‘who has not paid into the biscuit fund?’
I have a folder on my test domain that I use for sharing files and programs with my colleagues. I don’t want to start creating user accounts for them, so they have to ask me what the password is every time they need to copy an ISO file, or want to drop some service packs in there.
Solution
1. Create your folder, and from its properties, share the folder and grant anonymous access.
2. Don’t forget to also set the NTFS permissions on the ‘Security tab.
3. Even with these permissions set you will get prompted for a username/password unless you enable the ‘Guest’ account.
Note: Here the share is on a domain controller, if your server is simply a member/workgroup server, then enable the Guest account in ‘local users and groups’, (Windows Key+R > lusrmgr.msc {enter}).
Related Articles, References, Credits, or External Links
Over the last couple of years I’ve done a lot of imaging of School PC’s I don’t know why but they come with a myriad of different drive and partition configurations. Even big vendors like HP and Dell ship their machines with recovery partitions these days.
If you are imaging with WDS this can cause a problem so what I usually want to do is remove all the partitions, create one big one that takes up all the drive, and format it as NTFS.
Solution
Before you begin make sure you are clued up on working with WDS unattended files, run through my instructions here.
The following procedure needs to be added to the WDS Unattended file NOT the unattended file for the image, (again run through KB0000180 if you are unsure.)
1. While editing your Unattended answerfile you need to locate, “Microsoft-Windows-Setup_neutral” and add “DiskConfiguration” to the “1 windowsPE” component.
2. Right click it and add a disk > Set Disk ID = 0 > Set WillWipeDisk = true.
3. Right Click > Create Partition > Set Extend = true > Set Order = 1 > Set Type = Primary.
4. Select Modify Partitions > Set Active = true > Set Extend = false > Set Format = NTFS > Set Label = SYSTEM > Set Letter = C > Set Order = 1 > Set Partition ID = 1.
5. This procedure will add the following to your unattended file.
Related Articles, References, Credits, or External Links
In part two we built our reference machine and took an image of it using WDS. Now to automate the deployments we need to create some unattended answer files, these will answer all the questions that the Windows 8 machines will ask while they are building. We will take those files and import them into the WDS server we configured in part one. Finally to make sure everything is working we will deploy Windows 8.
Solution
Download and Install the Windows Assessment and Deployment Kit for Windows 8
1. We used to have the WAIK for Windows 7, now this has been replaced with the ADK. (download link).
2. It’s a MASSIVE download, it will take a long time.
Create a WDS Distribution Share
1. On a drive that has some room (Approx 5GB should be fine,) create a folder.
2. Launch the System Image Manager.
3. In the top left section > Right click ‘Select a Distribution Share’ > Select ‘Create Distribution Share..’
4. Navigate to the folder you created earlier.
5. Now you don’t need to do this next part, but I copy the full contents of the Windows 8 DVD into this folder as well.
6. Like so.
7. Then in the bottom left section > Right click > ‘Select Windows Image..’.
8. Navigate to the Windows 8 Media > Sources Directory > Select ‘install.wim’.
Note: The install.wim MUST match the version you are going to deploy, it’s no good pointing to a Windows 8 Pro image if you are going to deploy Windows 8 Enterprise.
9. Select the version you are going to deploy > OK.
10. This is normal, select yes to create a catalog file. It will take a while, it has to mount the image, interrogate it and create all the components. Now would be a good time to put the kettle on.
Create the Unattended file for WDS (WDSUnattended.xml)
This unattended file will be just for the WDS settings, it will not be applied to the image you are going to deploy. It sets the keyboard and language settings for WDS to use, then it gives the credentials to connect to WDS, and wipes all the partitions from the target machines hard drive. It then repartitions it ready for deployment.
WARNING: As reiterated below, the disk configuration settings below will wipe the target machines drive of ALL partitions, even manufacturers rescue partitions. If you are imaging machines anyway this should not be a problem, but don’t email me to complain of you lose the recovery files for a laptop/PC while you were practicing!
1. Create a new answer file.
2. The components may not start amd64 (if you are deploying x86 images) and some of the numbers might be different on yours. But the main titles of the components will be the same. Locate Microsoft-Windows-Internationa-Core-WinPE.
3. Add it to Pass 1. If you are unfamiliar with SIM, you add a component (or a sub component) to one of the ‘Passes’ in the center, then you can select that component (or sub component) and set the values for its settings in the top right hand section. The SIM builds an XML file in the background which will become the unattended answer file.
4. You will now see this component under pass 1, select it and set the following settings. (These are for my local English Great Britain settings, you may need to change your settings according to your locale).
Wiping the Targets Hard Drive and Partitions with WDS
6. Locate the Microsoft-Windows-Setup component > Disk Configuration sub component.
7. Add to Pass 1.
8. Right click > Insert New Disk.
9. Expand > Disk > Create Partitions > Right click > ‘Insert New CreatePartition’.
10. Select the DISK.
Disk ID = 0 WillWipeDisk = true
11. Select the Partition.
Extend = true Order = 1 Type = Primary
12. Right click ModifyPartition > Insert New ModifyPartition.
13. With the new ModifyPartition selected.
Action = AddlistItem Active = true Extend = false Format = NTFS Label = SYSTEM Letter = C Order = 1 PartitionID = 1
Select Partition to install Image to
1. Locate the WindowsDeploymentService sub component, (also in Microsoft-Windows-Setup).
2. Add to Pass 1.
3. Expand Image Selection > Install To.
Disk ID = 0 PartitionID = 1
4. Expand Login > Credentials.
Domain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). Password = {Of a user with administrative rights – IT WILL GET OBFUSCATED*). Username = {Of a user with administrative rights).
*I used to say ‘encrypted‘, but thats NOT the case, they are simply Base64 encoded.
Attach the Answerfile to the WDS Server
1. Save the file you have just created.
2. Place it in your Remoteinstall folder in the WdsClientUnattend sub folder.
3. Launch the Windows Deployment Services management console > Expand Servers > Right click your server > Properties.
4. Client tab > Tick to enable unattended installation > I’m deploying x64 bit images so next to that option > Browse.
5. Navigate to and select the file you have just created > Open > Apply > OK.
Create the Unattended file for Your Image (OOBEUnattend.xml)
1. Create a new answer file.
2. Locate the Microsoft-Windows-Shell-Setup component.
3. Add to Pass 4.
4. With the component selected.
ComputerName = * CopyProfile = true (Unless you don’t want to copy the profiles from your source image). ProductKey = Your 25 character Windows 8 unlock code Note: Only put in a code of you are deploying with MAK keys or Retail Keys, if you are planning on using KMS leave this option blankRegisteredOrganization = Your business name. RegisteredOwner = Your owners name. ShowWindowsLive = false {now depreciated for Windows 8} TimeZone = GMT Standard Time Note: For other time zones see here
Automatically Join the Domain
1. Locate the Microsoft-Windows-UnattendedJoin component
2. Add to Pass 4.
3. With Identification selected.
JoinDomain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). UnsecureJoin = true
Set the Image Language and Keyboard Settings
4. Locate the Microsoft-Windows-International-Core component.
Set the Local Administrator Password and Add a Local Administrator
Note: The local admin account is disabled by default, so here I’m setting the local admin’s password, and then creating a new local admin user called Sysadmin.
1. Locate the Microsoft-Windows-Shell-Setup component > UserAccounts sub component
2. Add to Pass 7.
3. With AdmnistratorPassword selected set the password value.
4. Right click LocalAccounts > Insert New LoacalAccount.
5. With LocalAccount selected.
Action = AddListItem Description = Sysadmin DisplayName = Sysadmin Group = Administrators Name = Sysadmin
6. Then set the password value.
7. Save the answer file.
8. Save the file as OOBEUnattand.xml
Attach the Answer file to the Windows 8 Image
1. Launch the Windows Deployment Services Management console.
2. Locate the Windows 8 Image you are attaching the answer file to > Right click > Properties.
3. Tick the option ‘Allow image to install in unattended mode’ > Select File > Browse.
4. Select the OOBEUnattend.xml file you created earlier.
5. Note: It makes a copy of the file and stores it elsewhere calling it ImageUnattend.xml (watch out for this if you need to edit the answer file and nothing changes!)
Deploy Your Windows 8 Image.
1. Boot your target machine to the network via pXe > Press F12 to boot from the WDS.
2. Install an Image.
3. Select the image you want to deploy.
4. After the install, the machine should reboot and present you with a domain logon.
5. And your programs and settings will be pre-configured.
Related Articles, References, Credits, or External Links