☰
Mitch Jaehrlich
- Home
- Portfolio
- Tech Blog
- Contact
- About
Why would you want a redirected folders?
Folder redirection is a classic feature of running a Windows Server environment. But since its inception, there have been new innovations leveraging cloud services. OneDrive and Intune for Azure AD allows live profile syncing to any device across the world. All you need is an internet connection, enabling a smooth transition to work from home.
If you want to upgrade to a modern version of folder redirection, you'll need to remove existing redirection systems. This guide will show you how your classic folder redirection was likely set up, so you know exactly how to tear it down, for an online future.
Step 1: Create a Shared Folder on the Server
Create the folder
Start by creating a shared folder on the server. This is where you will be storing all your user's redirected folder content. You will want to set this up close to the root directory, in case long file names become an issue.
In our example, we will create the directory "C:\Profile$\". The appended $ symbol sets the shared folder as "hidden", so it will not show up in File Explorer lists and must be explicitly browsed to. In this case, it also functions as the 's' in 'Profiles'.
Setup the folder permissions
Right-click the folder, select Properties, open the Security tab, then click Advanced. With the Advanced Security Settings page open, remove access to everything, except System, Administrators, and Creator. Then add the user group for who you want the folder redirection policy to apply.
Click the drop-down box next to Applies To and select This Folder Only. Then click Show Advanced Permissions, and give your users the following permissions:
- List Folder
- Read attributes
- Read extended attributes
- Create Folders
- Read Permissions
Also be sure to set the Share permissions with Full Access to the Domain Users group.
Step 2: Create a Folder Redirection GPO
Start by opening gpedit.exe from searching the start menu. Right click an OU that you want folder redirection to apply to, and select Create a GPO, and give it a name.
On the Scope tab, remove Authenticated Users from Security Filtering. Then add the Folder Redirection user group. And then go to the Delegation tab and add Authenticated Users with Read permissions.
Right click the GPO and select Edit. Go to User Configuration -> Policies -> Windows Settings -> Folder Redirection. Right click a folder you want to redirect and select Properties. In the drop-down menu next to Setting, select Basic. For Target Folder Location, select "Create a folder for each user under the root path". And for the Root Path, enter the path to your shared folder in step 1. e.g. \\Server\Profile$
Step 3: Bask in the Glory of Folder Redirection
At this point, you have a folder ready for redirection. You may add additional folders, to be redirected, too.
Over time, the user's computers in your OU will catch on to the changes and start moving their files over to the server in the background.
To jump start the process, you may want to send a gpupdate /force
via Command Prompt.
Step 4: How to Remove Folder Redirection
Now that your users have their files on the server, you will want to move those files back to their computers and disable the policy.
Start by going back into the edit menu of the GPO, User Configuration -> Policies -> Windows Settings -> Folder Redirection. For each of the redirected folders, right-click the folder and select Properties, then move to the Settings tab. In the Policy Removal section, change the selection to "Redirect the folder back[...]".
Close the edit window and move to the Delegation tab for the GPO. Remove the security group that has your users.
And that's it. You may want to run a gpedit /force
to kick start the removal. Either way, the next time the users log out and back into their profiles, the server will copy all their files back to their computer and the files on the server will no longer sync from the user's computers.
Windows Server is No Match for Your Google-fu
Thanks for reading. I hope your Folder Redirection deployment or destruction goes well. Let me know if you have any questions.