Tuesday, November 23, 2004

Redirecting the Client Desktop to the Server

As some of you know, I have a strong interest in backing up data and making sure it's secure. Naturally, I took advantage of the My Document Redirection tool in Small Business Server 2003. I like it for a number of reasons:

  • My Documents and everything in my Documents lives on the server, so it's easily backed up

  • Using multiple PCs all have the same My Documents folder

  • I designed the tool :o)

But that's not enough. Recently, I've found that for the current things that I work on, I keep them on my desktop, until I'm finished, then I file them away in my Documents or delete them. So what's the problem?

My Desktop is not a safe place to store things!

It's not backed up, The data is only in one place, it's the most important data to me at that time.

What did I do? I simply just re-directed the desktop to the server. Here's how:

  1. On the SBS server, open Server Management, Advanced Management and Group Policy Management

  2. Now decide were you want this policy. I would put it in the Users OU under: Expand Forest, {domain name}, My Business and Users

  3. Right click on SBSUsers and select Create and Link GPO Here...

  4. Give your GPO a name, I usually start with who created the GPO, followed by what's in the GPO, for this example, I'll use "Seanda - Desktop Redirection"

  5. You'll see the newly created GPO appear in the SBSUsers OU, right click it and choose Edit

  6. The Group Policy Object Editor opens, let's drill in to User Configuration, Windows Settings, Folder Redirection and right click on Desktop and choose Properties

  7. Here is where we will instantiate the policy. On the Target tab, change the Setting to Basic - Redirect everyone's folder to the same location

  8. In the Root Path type in the location to redirect to: \\{servername}\users.
    • In this example, I'm redirecting to the built in Users' share, since the ACLs are set correctly, if you want to redirect to a different share, you should read help topic in the "More Information" button on the My Document Redirection tool

  9. On the Settings tab, you can choose a number of things:

    • Grant the user exclusive rights to desktop - if this is checked. Administrators cannot get into this folder without taking ownership

    • Move the contents of Desktop to the new location - if this is checked (and I think you should keep it checked), the contents of the current desktop, will move to the new location, this is so your users don't know what you've done. :)

    • Finally, Policy Removal will tell policy what to do if you ever delete this policy in the future

That's all there is to it. The next time your users log in (might be 2 times for XP clients, due to asynchronous logons), the users desktop will exist on the server & automatically included in your SBS backup!

So what's the draw back? Well, the items on the desktop will all get the funky blue icon saying that it is synchronized for offline use in the event the server goes down.

Enjoy the redirected life

26 comments:

Sean Daniel said...

I wouldn't really call it a hack, since it's supported Group Policy, but it's nice to not have to worry about yet another place users store data...

Anonymous said...

Hello Sean Daniel.

Now it its the second time you help me.
First time was problems with a mssql server.

Second is this.

Thank!

Kasper, Denmark.

Anonymous said...

I'm confused. Which is the better practice? Setting the users home folder so their entire profile is on the server, OR keeping their profile on the workstation and redirecting certain folders to storage on the server? The users are not really roaming, so the home folder might be overkill, but which is the best practice for performance? i.e. if the entire profile is stored on the server, does it take too long to login, log out?

Sean Daniel said...

From my perspective, if your computers are mostly identical, and all the apps are installed to identical locations, and your network is at least 100mb, and the server has the diskspace, then keeping the whole profile on the server awesome. That's what I would do.

Anonymous said...

Hi Sean,
I would like your advice regarding Folder Redirection.

In our SBS 2003 the 'Configure My Documents Redirection is set to 'Redirect all My Documents folders to the default shared folder for users on the Small Business Server'.

In the Default Domain Policy, Passwords and Folder Redirection GPO, the policy is set to Basic: Redirect everyone's folder to the same location and the path is \\SERVER\Users\%username%

Grant user exclusive rights to My Documents is enabled,
Move the contents of My Documents to the new location is enabled and the Policy Removal Behavior is set to Leave contents.

My question is, can I change the path to \\SERVER\Users\%username%\My Documents without it adversely affecting anything? I would like to make this change and it be transparent to the user.

Would it be easier to change the policy to restore to the local profile and then apply the redirection with the new path?

Thanks for any advice you can give me!

Paul

Sean Daniel said...

Folder Redirection is applied by the client, not the server. And the client only performs this action at logon.

So, if you change the policy, the next time the policy is changed on the client is at logon. At logon, the client will copy the contents of the OLD My Documents directory, to the NEW My Documents directory. Both OLD and NEW locations have to exist, and the client has to have r/w permissions.

Once all the clients, and all the profiles on each client has copied their My Documents from OLD to NEW, the OLD share can be taken down.

So you shouldn't have to go back to the clients and then back to the server, as long as both source and destination exist.

Keep in mind that Policy refreshes every 90-130 minutes. Folder Redirection is applied very lazily, meaning that if you reboot the client and login, the client asks Group Policy "are there any policies", GP replies with "yes". Because the client wants to show the user their desktop very quick, it will skip reading the policy. If you reboot again, the client will ask "GP what was the policy", and the GP will reply "it's Folder Redirection!", and the client will already be past the point of applying the policy. On the 3rd reboot/logon, the client will perform the folder redirection task, and force the user to wait at "applying settings" logon prompt, until the copy is done (please don't kill the machine during this time, hopefully it's not a big directory).

Good luck Paul!

Anonymous said...

Thanks Sean,

Can you clear up one thing for me though?

If I want to redirect from \\SERVER\Users\%username%

to...

\\SERVER\Users\%username%\My Documents

do I need to create the My Documents folder myself on the server and give the user r/w permissions or will SBS automatically set the permissions on this folder itself?
We have around 70 users and I don't really want to create a My Documents folder for each user within their %username% folder if I can avoid it!

Thanks,
Paul

Sean Daniel said...

I believe you need to ensure the user has full control over the %username% directory, and Group Policy takes care of the rest.

When you edit the policy, you'll see an example of the full path it lives in.

Anonymous said...

Sean,
Are you familiar with any redirection for ANY folder??

What i like to do, is redirect any Folder on the Clients computer to the server.

Now its only limited to the My documents. Means you have to store any folder in the My documents to redirect it.

Waht i like to do is redirct some files on the Client comuter which are stored on another place!

Tried to add a folder to the Gpo Redirected folders, but looks like not Possible!

Any comment??
Regards, Robert

Sean Daniel said...

Group Policy can only redirect special folders, like My Documents, or the Desktop. There are more options to redirect special folders with a Vista client. You'll either need Windows Server 2008, or Vista to update the policy though, because the 2003 client doesn't have the templates installed for the new Vista Group Policy management.

You cannot redirect random folders to the server.

Hope this helps,
Sean

Anonymous said...

Sean,

I have been playing around yesterday a little bit...
Found out that when i redirect, application data on the server, some settings on the client are changed.

This changes i found in Local settings, Application data, Microsoft, windows, configuration settings.

I changed back the settings on the server, all the settings on the client are removed, but still the CLIENT is deploying a number of folders on the server.

Means somewhere, theres left a few configuration settings, who tells the client to deploy some folders on the server.

Looks like me that those setting won't be on the server because, i used the wizard to remove them!

Means there are some possibilities
straight on the Client ??

C. Robert

Sean Daniel said...

The Client Side Offline Cache is enabled when you use Group Policy to point folders to the server. If you disable the policy, the client side cache still points to the server, so you'll have to go to the client to turn it off.

I'm not sure I understand what scenario you're trying to accomplish, maybe you can tell me what you're thinking?

Also, if you move application data, be weary of the user logging into another PC without the exact same software configuration, otherwise things will look weird, as applications that exist on the other PC but not the one their logged into, they will see shortcuts etc for that application, that don't work.

Koen en Heidi said...

Dear Sean,

I'm a student doing a practical period at a company. They asked me to figger out how to use Folder Redirection on SBS 2K3 R2.

I'm having some problems, for a couple of days now, setting up an environment with Folder Redirection.

I'll try to explain every step I took.

I made a user 'koen' with home folder "\\testsrv\Users\%username%"
I verrified that user 'koen' has Full control on "\\testsrv\Users\koen"

Then I followed your guide and made a Group Policy. I place everything at "\\testsrv\Users".

I added "Koen kc. Creemers (koen@sbstest.local)" to the Security Filtering of the GPO.

Performed a "gpupdate /force" on the server.

I got vmware running on my "testsrv" (name of my testserver) and booted up 2 xp pro's. Made both vm's member of my sbstest.local domain. Logged in as koen and made some shortcuts and a textfile on my Desktop,I log off and on and off and on a couple of times.

Switched to the other vm and logged in as koen and I don't get the shortcuts or textfile on my Desktop.

For more info feel free to ask, I hope you can help me.

Thanks in advance,

Koen Creemers

Sean Daniel said...

Koen, Feel free to email me on the email tab of this page.

it looks like you're missing the gpupdate /force on the clients in order for their group policy to update.

Sean

Koen en Heidi said...

I finnally figured it out.

Bit off a dumb mistake, but I'll explain anyway.

The place you put your GPO in is de OU of your users, I thought it was just a random place to stock your GPO and thought I could specify the users in 'Security Filtering', nope big mistake don't put it in SBSUsers when you got your users in an ou 'company name' / 'users' :-)

Thanks anyway, my apologies for my english.

Kind regards,

Koen Creemers

Sean Daniel said...

Hi Coone,

Yes, GPOs apply to whatever is below where they are linked to inside of GPO, and then the security filter is applied. It's much faster to process Group Policy by OU, then by security group, so in larger organizations, it's better to sue the OU structure then security filtering. For small business, either is fine.

Glad it was all figured out. Please note that higher policies can overrule the lower policies if they set the appropriate flags.

Anonymous said...

Hi Sean,

Is there a simple way to change the default location of the RedirectedFolders on SBS 2008?
I'd like to move this folder to another volume, but wanted to make sure that this won't break redirection when adding new user accounts in the future.

Thanks,

Brian Hershey

Sean Daniel said...

I believe with SBS 2008 on the Storage tab, there is a ove "Move Redirected Folder" task that will move all the files and update the group policy object to the new location for any existing user. New users would of course start in the new location.

Anonymous said...

Hi Sean,

I could really use your advice! If you apply the Desktop Folder redirect in SBS2008, it all works fine, but if you then uncheck the desktop redirect option for a user, the desktop still seems to reside in the Folder redirection location on the server and the client still shows the offline folder symbol on all desktop icons. I need to turn desktop redirect of for three users, and have tried unchecking the desktop redirect option and just leaving the My Documents option checked. No joy! I have also tried turning of all redirection, going to the client PC, turning of Offline folders, deleting the user account from the PC and then re-adding it! Still no joy. When I turn Offline folders back on the desktop redirects as well!! (I use gpupdate /force as well)

Do I need to force the desktop back, using a new group policy and if so how?

Many thanks for all you do and offer us novices!

Mark

Sean Daniel said...

Hi Mark,

If you were reading above, the status of the policy under Policy Removal states what should happen when the policy is removed. Your choices are to move it back to the original location or leave it where it is. If the files aren't moving back, most likely it was selected to leave it where it is.

Additionally, Offline files are different than Folder Redirection (although they are typically enabled at the same time). If your files are still being made available offline and the server appears offline, you need to go into the offline files tool (XP) or Sync Center (Vista & Win7) and remove the server source from the offline files peice.

I hope that helps,
Sean

Anonymous said...

Hi Sean,

Thanks for your response. I find the information you post invaluable - so a big thank you!

I am working on an SBS2008 server, and using the "wizard" to redirect folders. I believe theoretically that unchecking the Desktop option should return the desktop to the local computer, but unfortunately, this doesn't happen!! I looked briefly at the underlying policy last night, and my first impressions were that it should have reset the desktop to local, but it was late.
It would seem that I am not the only one to come across this problem with SBS 2008, as there are a number of other people asking the same thing if you do a quick google.
It would appear that I might need to create a policy to force the desktop to go back. Oh well I shall have some fun today!!

Many thanks,

Mark.

Sean Daniel said...

that should work, if you use the variables like %My Documents%. Test it out on one client first by creating a filter, and then doing a GPUPDATE /FORCE so you aren't waiting... then see what happens.

Keep in mind that folder redirection is applied on log-in. so you'll have to do the GPUPDATE /FORCE (I'd recommend doing it twice) and then logging out and logging back in. You'll be waiting at the logon prompt until the copy is completed, so on the test client, make sure that it doesn't have too many documents...

Sean

Todd said...

How is the redirection of the Favorites folder done? When I'm moving data for a client - they always want My Documents, Desktop, and Favorites. I don't see an option for Favorites in the GOP, though. How are you handling this?

Sean Daniel said...

Unfortunately only SBS 2008 does this functionality, and it's only supported on Vista and Win7 (or higher).

Sean

Anonymous said...

I have used redirected folders successfully for quite some time. Now it is time to retire a server hosting the redirected content.

I am about to move my redirected folders to a new server. I still use Server 2003 (original release). If I change the root policy path as follows:

from:
\\server1\users

to:
\\server2\users

If I leave on the switch to automatically move the data, will it only move data for new users from the C: drive or will it also move data for the existing users who are already redirected? If it relocates an already redirected path, and there are Gigs of data in the My Documents folder for example, it could take a fair amount of time to get the data pumped over when they log in. This could cause some user frustration.

My plan was to simply robocopy the data over after hours. Am I wasting my time?

Sean Daniel said...

Hi,

The correct way to do this will be to leave both servers running. Change the policy to point to the new server, and then on each client run "GPUPDATE /FORCE" and then reboot and log in. You'll notice on the login that it takes forever (depending how much data the user has) as during the logon process, the data is copied. you'll have to do this for each user on each computer before removing the old server location.

Good luck!
Sean