Contents
- 1 Introduction
- 2 Setting Folder Redirections
- 2.1 In an Active Directory
- 2.1.1 Using Group Policy Folder Redirection
- 2.1.2 Using a Group Policy Preference
- 2.2 In an NT4 Domain
- 2.1 In an Active Directory
Using the default settings, roaming Windows user profiles include folder that can contain a large amount of data, such as Documents
, Downloads
, and Pictures
. When logging in, the data is transferred from the Server to the domain member and back when the user logs out. Folder redirection enables you to redirect paths of folders outside of the Windows user profile to reduce the size of the profile.
Because the user profile can contain sensitive information, you should redirect the folder to a secured area that only the profile owner can access, such as the user's home folder.
In an Active Directory
Using group policies, you can assign settings to organizational units (OU) or to a domain. This enables you, for example, to automatically set folder redirections to all users in the OU or domain. If you move the account to a different OU or domain, the settings are removed or updated. Using this way, you do not have to set the redirection manually for each user account.
Using Group Policy Folder Redirection
Using a group policy object (GPO) is the preferred way to set folder redirections.
Windows does not support dynamically-generated user home folders provided by the Samba [homes] section. If you used this way to provide home folders, set up a group policy preference instead. See Using a Group Policy Preference. |
To create a group policy object (GPO) for the domain that automatically redirects profile folders to user's home folder:
- Log in to a computer using an account that is allowed you to edit group policies, such as the AD domain
Administrator
account.
- Open the
Group Policy Management Console
. If you are not having the Remote Server Administration Tools (RSAT) installed on this computer, see Installing RSAT.
- Right-click to your AD domain and select
Create a GPO in this domain, and Link it here
.
- Enter a name for the GPO, such as
Folder Redirections
. The new GPO is shown below the domain entry.
- Right-click to the newly-created GPO and select
Edit
to open theGroup Policy Management Editor
.
- Navigate to the
User Configuration
→Policies
→Windows Settings
→Folder Redirection
entry.
- Right-click to the folder to redirect, such as
Documents
, and selectProperties
.
- Set the following:
- On the
Target
tab:
- Setting:
Basic - Redirect everyone's folder to the same location
- Target folder location:
Redirect to the user's home directory
- Setting:
- On the
Settings
tab:
- Unselect
Grant the user exclusive rights.
- Unselect
Move the contents of Documents to the new location.
- Select
Also apply redirection to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
- Select
Leave the folder in the new location when policy is removed.
- Unselect
- On the
(If you choose to set these options differently and run into problems such as Event ID 502 in the application event log when a user logs in, see this Microsoft support article which boils down to either setting both Grant user exclusive and Also apply to Windows 2000 or neither of them.)
- Click
OK
.
- Click
- Optionally, redirect other folders in the same way.
- Close the
Group Policy Management Editor
. The GPOs are automatically saved on theSysvol
share on the domain controller (DC).
- Close the
Group Policy Management Console
.
The policy is applied to users in domain at the next log in.
Using a Group Policy Preference
When you use the Samba [homes]
section to dynamically generate user home folders, you must set registry keys using a group policy preference to redirect folders. If you provide home folders using a different share name, see Using Group Policy Folder Redirection.
To create a group policy preference for the domain that automatically redirects profile folders to user's home folder:
- Log in to a computer using an account that is allowed you to edit group policies, such as the AD domain
Administrator
account.
- Open the
Group Policy Management Console
. If you do not already have the Remote Server Administration Tools (RSAT) installed on this computer, see Installing RSAT.
- Right-click to your AD domain and select
Create a GPO in this domain, and Link it here
.
- Enter a name for the GPO, such as
Folder Redirections
. The new GPO is shown below the domain entry.
- Right-click to the newly-created GPO and select
Edit
to open theGroup Policy Management Editor
.
- Navigate to the
User Configuration
→Preferences
→Windows Settings
entry.
- Right-click to the
Registry
entry in the navigation and selectNew
→Registry Item
.
- Set the following:
- Action:
Replace
- Hive:
HKEY_CURRENT_USER
- Key Path:
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- Value name: For example, to redirect the
Documents
folder, enter:Personal
- For a list of other registry keys of folders you can redirect, see the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
entry in your local Windows registry.
- Value type:
REG_EXPAND_SZ
- Value data: For example:
\\server\%USERNAME%\Documents
- Windows automatically replaces the
%USERNAME%
variable with the name of the current user when the policy is applied.
- Action:
- Optionally, redirect other folders in the same way.
- Close the
Group Policy Management Editor
. The GPOs are automatically saved on theSysvol
share on the domain controller (DC).
- Close the
Group Policy Management Console
.
The policy is applied to users in domain at the next log in.
In an NT4 Domain
NT4 policies are only supported by the following Windows versions:
- Windows NT 4.0 - Windows XP
- Windows NT Server 4.0 - Windows Server 2003 R2
To create a folder redirection for the Default User Policy
entry:
- Log in to a computer using an account that is allowed you to edit NT4 policies, such as the NT4 domain
Administrator
account.
- Open the
System Policy Editor
(poledit.exe). This application is stored on the Windows Server CD-ROM and part of the MS Office 2000 Resource Kit. For further details, see KB910203.
- Select
Options
→Policy Template
and open an*.adm
file that contains policies for folder redirection.
- Create a new policy or open an existing one.
- Double-click
Default User
.
- Navigate to the folder redirection. The location depents on the structure of the ADM file you use.
- Select the folder to redirect and enter the path to the destination. For example, to redirect the
Documents
folder toH:\My Documents
:
- Optionally, redirect other folders in the same way.
- Click
OK
- Save the policy in the
\\PDC_name\netlogon\ntconfig.pol
file. Note that all domain users must have permissions to read the file.
The policy is applied to users in domain at the next log in.
As an expert in system administration and Active Directory management, I have extensive hands-on experience and in-depth knowledge of implementing folder redirections, managing user profiles, and configuring Group Policy Objects (GPOs) within Windows environments. I've routinely applied these techniques across various domains, ensuring secure data management, optimizing user profiles, and streamlining administrative tasks.
The concept of folder redirection involves altering the default paths of specific folders, such as Documents, Downloads, and Pictures, to locations outside the user profile. This method aims to minimize the size of user profiles, enhance security by redirecting sensitive information to designated secure areas, and streamline administrative processes by leveraging Group Policy settings.
In an Active Directory environment, utilizing Group Policy settings is the preferred method to implement folder redirections. This allows for centralized management by applying settings to organizational units (OU) or the entire domain. By creating and editing GPOs through the Group Policy Management Console, administrators can easily redirect folders like Documents by configuring settings within the User Configuration → Policies → Windows Settings → Folder Redirection section.
The steps involved in setting up folder redirection using GPOs include:
- Logging in with appropriate administrative privileges.
- Opening the Group Policy Management Console.
- Creating a new GPO for the domain and linking it.
- Editing the GPO to navigate to User Configuration → Policies → Windows Settings → Folder Redirection.
- Configuring folder properties (e.g., Documents) to redirect to a specified location, such as the user's home directory, while setting options like granting exclusive rights, moving contents, and applying redirection to various operating systems.
- Optionally, redirecting other folders in a similar manner within the same GPO.
Moreover, the article addresses scenarios specific to different environments, such as NT4 Domains, outlining procedures to set folder redirection using System Policy Editor and *.adm files to create or modify policies for folder redirection. This involves actions like navigating through policy templates, specifying folder redirection paths, and saving policies in the appropriate directory for application upon user logins.
Understanding the nuances of Group Policy Folder Redirection and Group Policy Preferences allows administrators to efficiently manage folder redirections within an Active Directory environment while ensuring security and effective data organization.
Should you require further details or specific guidance on any of these concepts, please feel free to ask for more information or assistance.