![]() ![]() If you want to make the experience happen on the first logon, you can enable the Always Wait on the Network at Computer Startup or Logon group policy setting. Folder redirection should be enabled by the second logon. I put Pictures, Music, and Videos into their own folders and do not let them follow the Documents folder.Ĭonfigure your GPO to apply to a test user and link it to an OU.Personally, I make the following exceptions to three specific folder redirection targets: This folder redirection policy will only apply to devices running Windows Vista and above.Įnable folder redirection on any remaining folders that you wish to store centrally. This will allow administrators to view the desktop folder. See the screenshot below for an example:īefore pressing OK, select the Settings tab and uncheck Grant the user exclusive rights to Desktop. Under Root path, type the namespace path to your FR folder. Change the setting from Not configured to Basic. ![]() Right click on Desktop and select properties. Creating the GPO in this container ensures we don’t accidentally roll out settings before we are ready.Įdit the GPO and navigate to User Configuration\Policies\Windows Settings\Folder Redirection. Create a new GPO under the Group Policy Objects container and name it. Launch the Group Policy Management Console. How to Configure Group Policy for Folder Redirection That group is now a mail-enabled security group. In Active Directory, select the group and change the type from Distribution to Security. Note: Any distribution group can be changed to a security group. Just be sure to set the Applies to: This folder only setting. If you have a dedicated security group for the users, you can remove the authenticated users entry and substitute your dedicated security group. In this case, you would apply the four permission entries on the sub-root folder (ex: IT) instead of at the FR folder level. For example, you might create the following folder structure: ![]() If you want to create separate redirected folder locations for different departments or users, you would create sub-root folders under \data\FR. Domain Administrators will still be able to access the redirected folder but all other users are denied access. Because they are the creator of the folder, the CREATOR OWNER permission entry will give them Full Control to that folder, all subfolders (ex: \data\FR\Joseph\Desktop) and all files. When a user (with folder redirection enabled) logs in, their account will create their root folder (ex: \data\FR\Joseph\). These permissions allow for any user to create a folder in the root of \data\FR. Give Authenticated Users Read/Execute, List folder contents, Create folders, write attributes to this folder only.Give CREATOR OWNER Full Control to subfolders and files only.Give Domain Administrators Full Control to this folder, subfolders, and files.Give SYSTEM Full Control to this folder, subfolders, and files.We now need to configure four permission entries: You should now have zero permissions listed for this folder. Disable inheritance and remove all inherited permissions. How to Correctly Set Security Permissions for Folder RedirectionĮdit the security properties on the FR folder and select the advanced button. All redirected folders will be kept in this sub folder. Navigate to your namespace (ex: \\Test.local\Data\) and create a new folder named “FR”. With our DFS Namespace created, it is time create our folder redirection structure and configure our Group Policy Object. When properly configured, Folder Redirection manages itself and untethers the user from their computer. Tags: Applications, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista | 10 Comments | Configuring Folder Redirection – Part 2 – Group Policy and Security Posted in Best Practice, Quick Tip, TroubleShooting | ![]() And if you have a favorite troubleshooting tool, let me know what it is in the comments below. The next time you get a call about a slow machine or a broken application, launch the reliability monitor to get a bird’s-eye view. The default view is a linear chart by day but you can also sort the monitor by weeks. reported problems (and uninstalled solutions).recently installed drivers or applications.When I am troubleshooting a computer and want a quick history of the machine, I launch the View reliability history tool from the start menu or run perfmon /rel . Problems like this make me love the reliability monitor tool because I no longer have to trust the user (hint – they lie). Ever get calls about a computer acting up and everyone swears nothing has changed? Yeah, me too. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |