Windows Folder Redirection

KB ID 0000467 

Problem

Q: What is Folder Redirection?

A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery.

Q: What’s the difference between this and a roaming / roving profile?

A: Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.

Q: What folders can be redirected?

A: From Server 2008 onwards, and with Windows 7 clients and above, the following can be redirected.

  • AppData(Roaming)
  • Desktop
  • Start Menu
  • Documents
  • Pictures
  • Music
  • Videos
  • Favorites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games

Solution

1. On a server create a folder to hold the redirected data, In this case you will notice I’ve called my share Redir$ (The dollar sign just means it’s a hidden share, and can’t be seen if people are network browsing).

Folder Redirection: Permissions for the Root Folder

2. Set the share permissions to Everyone: Full Control (Don’t worry we will secure it with NTFS permissions).

3. On the security tab of the folder click advanced.

4. For Server 2012 / 2016 you should see something like this;

For Server 2008 and older it should look more like this;

5. For server 2012 / 2016 Disable Inheritance and select ‘Convert’.

For 2008 and older, untick “Include Inheritable permissions from this objects parent” > At the warning click “Add”.

6. Select each User in turn (You will need to add the Everyone group) > Then Edit the permissions so that they are as follows.

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only).
  • System – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only).
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only).
  • Everyone – Read Attributes (Apply onto: This Folder Only).
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only).

2012 / 2016

‘Show Advanced Permissions’

2008 and older.

7. Now REMOVE BOTH the entries for USERS > Apply  > OK.

7. On your domain controller open the Group Policy Management Console, (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.

8. I prefer to create a new policy and call it something sensible so if there’s a problem it’s easy to find in the future.

9. Navigate to:

[box]User Configuration > Policies > Windows Settings > Folder Redirection[/box]

Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.

10. I’m going to redirect all my users documents to the one folder I created earlier, so I will choose basic.

Note: You can choose “Advanced” and redirect different groups folders to different locations.

Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.

11. I’m going to accept the defaults on the settings tab, the option I’ve highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it’s the same way user profiles work, you can still back them up).

12. Now as your users log on their folders will be redirected to the share you setup.

Backing up Redirected Folders

13. Even with exclusive rights you can still back this data up:

Related Articles, References, Credits, or External Links

Original Article written 22/06/11

Robocopy – File Server Migration

KB ID 0001233

Problem

I’ve done a lot of migrations, and moving a client’s files and shared data, usually makes them cringe. 

I’ve lost count of the amount of times I’ve heard ‘We can’t have any downtime’, which is fine, until you tell them how much its going to cost to do this on a Saturday! 

As I posted recently, Microsoft have made this a lot easier with the file serve migration tools, which will do the whole thing for you, and migrate profiles, and shares etc.

Windows Server – Migrating Files / Folders / Shares / User Profiles

Thats great, but I find sometimes it’s a little ‘sluggish’ when copying data, and sometimes it’s better to just go ‘old school’  and use Robocopy.

Solution

Why Robocopy? Well the advantage to Robocopy, is you can use it to only copy new files or files that have changed. So in a two step procedure, you can do an initial file copy during working hours, then copy the differences out of hours, and repoint people to the new shares.

Tip: Unless you know the network well, always assume there’s some shares you don’t know about, run the fsmgmt.msc tool and expand ‘shares’.

Robocopy Step 1

Just in case things go wrong, I’m going to generate a log of whats going on, so I can see any errors or files skipped when I’ve finished. On the root of the destination servers C: drive create a folder called ROBOCOPY-Logs, and within this folder create another folder called Last-Copy, (you will see why later).

Replace the values in red below, to suit you environment;

[box]robocopy \\OLDSERVER\d$\FOLDER D:\FOLDER /e /zb /copy:DATSOU /r:3 /w:3 /log:c:\ROBOCOPY-Logs\FOLDER.log /V /NP
[/box]

Where OLDSERVER is the source fileserver, D$ is the drive letter on the Source Server, and D is the drive letter on the new server.

What are those switches doing?

  • /E Copy subdirectories recursively, (including empty ones.)
  • /ZB Use ‘restartable’ mode, and if this fails use ‘backup’ mode.
  • /copy:DATSOU Copy Data, Attributes, Time Stamps, Security, Owner, aUditing information
  • /R:3 Retry three times, if you don’t specify this, it will retry one million times!
  • /W:3 Wait time between the retries above.
  • /log Will output the log to the folder we created above.
  • /V Produce output in verbose (detailed) mode.
  • /NP Do not show percentage progress

Robocopy Step 2

The second time, the command is virtually the same, with one extra switch, (see below).

[box]robocopy \\OLDSERVER\d$\FOLDER D:\FOLDER /e /zb /copy:DATSOU /MIR /r:3 /w:3 /log:c:\ROBOCOPY-Logs\Last-Copy\FOLDER.log /V /NP
[/box]

  • /MIR This is the ‘mirror directory’ switch, and people are scared of it. Why? Because in the documentation it says it removes or ‘purges’ files. People mistakenly think that it will remove any files from the source that do not exist in the destination. This is incorrect it will only remove files from the destination that no longer exist in the source.

 

It Has Not Copied Share Permissions!

That’s correct, I never said it would, it copies NTFS permissions, ownership and ACL information. If you want to copy Share permissions then use the smigdeploy tools from the link I posted above.

Can I Copy the Share Permissions Afterwards?

Yes, if you take a look at the following article, (I wrote a while ago,) you can see me doing just that, after a file copy.

Migrating – Folders and Share Permissions

I Can’t Copy Profiles / I get Permissions Errors?

  • Make sure the user you are using to copy files with, is a member of the ‘Backup Operators’ Group.
  • Make sure you execute the Robocopy command from an administrative command window.
  • Try doing the copy from the SOURCE server.

 

Related Articles, References, Credits, or External Links

NA

VMware View – Using Persona Management

KB ID 0000615 

Problem

Persona Management, is the VMware version of “Roaming Profiles” and “Redirected Folders” rolled into one. Though the redirected folders bit is a lot easier to set up and less problematic than the Microsoft Folder Redirection policy.

Its handy if you using floating pools but still want your users to have a persistent user interface. Having these files centrally makes them easier to backup, and the more your users can customise their desktops and settings the better their level of equipment husbandry.

Solution

Create a “Roaming Profile” Network share with the correct permissions

1. On a network accessible server, create a folder and set the SHARE permissions as follows;

Share Permissions

Everyone = Read. Domain Users = Full Control.

Note: You may also want to DISABLE Caching on this folder.

2. Stop inheritable permissions from propagating to the folders and set the security permissions as follows;

Security / NTFS Permissions

Creator Owner (Subfolders and Files Only) = Full Control. Domain Users (This folder Only) = List Folder/Read Data and Create Folders/Append Data. System (This Folder, Subfolders and files) = Full Control. Creator Owner (Subfolders and Files Only) = Full Control. Everyone = No Permissions.

Note: I’m using domain users, you might have a different security group that you want to substitute.

3. Make sure that the machines that you will be using as view targets, have the View Persona Management option selected (this is selected by default).

Configure Windows 7 to be a VMware View Desktop

4. You need to get the administrative template for Persona Management. You will find it on your VMware Connection Server in the following location;

[box] C:Program FilesVMwareVMware ViewServerextrasGroupPolicyFiles [/box]

Locate the ViewPM.adm file and copy it to a domain controller.

5. Create a new group policy that is linked to the OU containing your View machines.

6. Edit the policy > Expand Computer Configuration > Policies >Administrative Templates > Right Click > add/Remove Administrative Temple > Add in the ViewPM.adm template.

7. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management [/box]

8. In the roaming and Synchronisation Section > Manage user persona > Set to Enabled > Next Setting.

9. Enable > Enter the shared folder you created earlier > Next Setting.

10. Enabled (to remove local cached copies of the profile).

11. Enabled to roam the local folder > That’s all I’m going to configure in this branch of the policy.

Persona Management Folder Redirection

12. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management > Folder Redirection [/box]

Here you will find the folders that can be redirected to a central location.

13. For example, here I’m redirecting the users “My Documents” folder.

14. And their “My Pictures” folder.

15. Make sure you have a pool created, and your users are have an ‘entitlement’ to them. These machines will also HAVE TO be in the OU your policy is applying to.

Creating a ‘Manual Pool’ and Connecting a View Client

Deploying Linked Clone View Desktops

16. Now when your users connect to their View Desktops.

17. Their user profile will be persistent.

18. Because their settings are stored in your profile shared folder.

Note: Persona Management will store the profile in username.domainname format. The reason there is a V2 on the end of it, denotes the profile is for Windows 7 or Vista. If users swap between these OS’s and any older Windows OS’s, then they will get a separate profile for those as well. If this is the case rely on the folder redirection rather than the profile.

Related Articles, References, Credits, or External Links

NA