Sunday, March 27, 2011

Folder Redirection

Folder Redirection

Windows provides the ability to redirect specific user folders to server locations, using a group policy extension called Folder Redirection.

Many administrators may wish to use folder redirection in such a way that a user's folders are automatically redirected to a newly created folder for each user. This article discusses how to redirect to the new folder location and the minimum NTFS Access Control List (ACL) permissions you need to complete the redirection successfully.

Set Up

Folder Redirection is a User group policy. This means that a user for whom you configure folder redirection must have a group policy linked to some folder structure where their user object is subordinate, such as a site, domain, or organizational unit.

Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where To do this, the administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can designate the server file system path to which the folder should be redirected.

The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.


Security Requirements

If you configure Folder Redirection to create new subfolders for each user, that user needs sufficient Share and NTFS ACL permissions to create the subfolder in the appropriate location.

When a user does not have sufficient Share and NTFS ACL permissions, their folder is not redirected and you can view one of the following event messages in the local application event log:
Event ID: 101

User: username

Computer: computername

Description:
Failed to perform redirection of folder foldername. The new directories for the redirected folder could not be created. The folder is configured to be redirected to \\servername\sharename\%username%, the final expanded path was \\servername\sharename\username. The following error occurred:
Access is denied.
-or-
Event ID: 101

User: username

Computer: computername

Description:

Failed to perform redirection of the folder application data. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected topath. Files were being moved from path to path. The following error occurred: The security descriptor structure is invalid.

No comments: