Data Centers

Keeping user data recoverable with folder redirection

Derek Schauland discusses the benefits of using Folder Redirection instead of roaming profiles in Windows to give users fast and reliable access to their data no matter where they are.

Back in the days of Windows NT, the roaming profile was all the rage. A user could go to the office and work at his own computer, using the network, e-mail, files, and other resources. If, for some reason, that user has to switch to another workstation temporarily, he logs on to a different computer and Windows downloads the settings for his individual profile; just as if he were sitting at his own computer.

The problem with roaming profiles is the amount of bandwidth they can consume, resulting in a slow network for other users. Sure it is a bit of an inconvenience for users if they don't have all their desktop shortcuts, but they aren't necessary to get the job done. The important thing for the users is to have access to their data.

Windows 2000 introduced the concept of folder redirection, and XP and Vista built on this concept. How this concept helps both users and administrators in a Windows environment is the focus of this post.

What is the difference between folder redirection and roaming profiles?

Basically, roaming profiles include personal desktop settings and other user-experience items such as shortcuts, but folder redirection is a feature that allows specified user folders to redirect to a central server location, making users' data accessible from any workstation they log on to.

Why use folder redirection?

The reasons to use redirected folders are probably as numerous as the number of times someone at Microsoft gets asked about the Windows 7 Release Candidate, but my favorite two reasons are fairly simple:

  • Data availability for the users: Automatically redirecting users' Favorites or My Documents folders to a network folder allows the data to always be available in the same place for the user.
  • Disaster recovery: Having your users store all their data on a network server allows the IT department to back up the data as part of a normal routine. This ensures the files your users need are available even in the event of a recovery scenario.
What about offline files?

Folder Redirection and off-line files are two different animals entirely. Folder redirection points a specified folder or folders at the network location where the data is actually stored. For example, if you redirect My Documents on the client machine to \\servername\users_share\%username%, the folder will display the contents of the share.

If you synchronize My Documents on the client machine with the user folder mentioned above, the data in My Documents will be a replica of that on the network share, allowing a mobile employee to leave the office and still be able to work on files as if at work. In Windows Server 2008, offline files can be managed for entire sites (see my post on branch caching).

Simple configuration of folder redirection

Folder Redirection is handled by Group Policy to ensure that as the user logs on, her redirected folders are showing the correct data.

To configure Folder Redirection in Group Policy, complete the following steps:

1.       Create a new GPO called Folder Redirect. Note: A new GPO is not required for folder redirection, but it may help keep Group Policy settings more organized to create a GPO for a single desired result. I will look at that in a future post.

2.       Expand the User Configuration Node.

3.       Expand Windows Settings.

4.       Expand Folder Redirection.

5.       Select the folder you wish to redirect, right-click, and choose Properties.

6.       On the Folder tab from the Properties dialog box, select the setting for redirection from the dropdown list:

  • Not configured: Redirection will not occur on this folder; this is the default.
  • Basic: Redirect everyone's folder to the same location. You can configure the target options associated with this selection. These settings tell Windows where to put the redirected data.
  • Create a folder for each user under this root path: This is the default.
  • Redirect to the following location: Places all redirected data in the folder at the path specified.
  • Redirect to the local userprofile folder: This will redirect the users' data back to their local user profile location.
  • Advanced: Specify locations for various user groups. This allows redirection locations to be different based on a user's group membership. Using this option will require you to add security groups and paths for folder redirection. (This configuration is beyond the scope of this tip.)

7.       Once the destination choices are made, enter the network share path where the data will be redirected, for example \\servername\datashare.

8.       Use additional settings regarding exclusive rights to redirected content and the handling of existing content in the original location that can be found on the Settings tab of the Properties dialog box.

9.       Then, click OK.

Configure the other folders to be redirected as needed.

Folder Redirection can be a great help to both the users and IT staff in an organization. Hopefully these features of Windows get even better as new versions of the operating system are released, and they will give you something to consider when deciding how to handle the volumes of user data generated within your organization.

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

28 comments
BlueCollarCritic
BlueCollarCritic

A perfect example of why this Folder Redirection is not always a great idea is whats going on right now where I work. Everyone but me is having probelms access what they need to do tehir job ebcause the file server/network are experiencing problmes for the second day in a row. I however am moving right along because I run everything locally, using the location that everyone else is re-directed to as a backup location and not a live/working from space.

wlportwashington
wlportwashington

We have been doing this for years with great success. A simple edit in the GPO and it works great with XP. We do not use Vista so I don't know how it would work that and have seen problems in Windows 7. Once the user account is setup in the server, we verify the mapping by checking the Advanced properties in My Documents to ensure the path is correct. The only problem is with users that insist on saving to the C: drive or to the desktop. Even restricting access to the C: drive in the GPO causes more headaches than it is worth. For those we tell them the good old analogy of: TBSSBB, that is "Too-Bad-So-Sad-Bye-Bye." Of course you can also configure the backup server to do those particular problem users at night with the correct agents.

mmatchen
mmatchen

There's also an option in which you can specify access permissions to the folder. The default option is to have ownership privileges, meaning not even an admin can open a user's folder. There may be some situations where you need to enable the admin rights option, so I just wanted to make sure folks were aware of it. Of course, then you have to make sure you're compliant with your privacy policies. Either way, FYI.

cbader
cbader

Keep in mind that if you are going to redirect users My Documents folder you should make sure to have a firm policy that states that servers torage is not to be used for personal data. That way they cant get pissed when you delete their music collection off of the server.

jwhitby3
jwhitby3

Do forgive me if I'm missing something here, but didn't SUN do this years ago with NFS? Call it what you want it's network file storage, and it's not some blazing new idea.

paul.hughes
paul.hughes

I support around four thousand users in a clinical healthcare environment. When you're dealing with nurses and doctors that *have* to maintain access to all of their assigned clinical applications in order to provide care to patients, and they can be deployed anywhere within a two thousand PC estate, taking the stance that "Sure it is a bit of an inconvenience for users if they don?t have all their desktop shortcuts" can translate directly into literal life or death situations. To maintain access in a resilient way we use a combination of profile redirection and "Hybrid" profiles. These are roaming profiles that are marked mandatory and utilise Jeroen van de Kamp's Flex Profile Kit to keep some very specific parts of the profiles able to be altered by the users. If you're looking to provide a way for users to drag settings and data around a network with them, in my experience roaming profiles are still by far the most robust way to do it.

jimmeq
jimmeq

I tried Folder Redirection, and when I removed the settings from the AD OU, the folders did not redirect locally and I don't know how to change it. Be careful!

lrussell
lrussell

I've tried this in several forms. It works great for non-mobile workers because their My Dox folders live on a Raid array server that's backed up and I feel safer. But for mobile users and the offline synch option there are a myriad of problems. Too often files won't completely synch so if I deployed this for everyone using laptops, #1 I'd have to make a separate GP for mobile users, #2 then I'd get flooded with calls every time they get a notification that something didn't synch or had a conflict "Which file do I keep??!!!" How do I know? I wish it worked a little more consistently.

asharp
asharp

I use a hybrid of redirection for the "My Documents" folder to a network location, and roaming profile to maintain user desktop, and application settings. The only hang up I have found is if a user creates an Outlook .pst file; which is stored in the "Local Settings" folder, and wouldn't replicate in either case. I chose this setup, because in a Manufacturing facility a lot of Hot seating can take place at the supervisor level on the floor; this approach insures I don't have to setup there e-mail and other setting as they move seat, areas, or computers get changed out.

basil.cinnamon
basil.cinnamon

How about a drive letter mapping on a user's PC? N: >> \\server\SusieQ\projectX Group Policies gives IT a lot more control, but is it really necessary? If you're on a small office Workgroup instead of on a Domain, wouldn't hsi be just as good? You could also Offline Folders N: if desired.

HaroldHO
HaroldHO

It is incredibly useful to allow a data custodian the ability to maintain certain departments, as well as allowing the owners (end-users in the case of folder redirection) full access. If you don't specify "Allow the user exclusive rights", one way to solve this problem is to use "Creator/Owner" with full control as an inheritable permission at the root where the user's folders are being created. Then, you can append an additional Security Group with specific access to maintain the folders from the technical end. This way, as the user creates files, they automatically have the correct access to them without having to add each user to their 'home' folder's permissions - or, in the case of "Grant the user exclusive rights", it automatically gives the users rights but with their actual account in the ACL (and the folders won't inherit anything!). Another note - you can always take ownership of a My Documents or Desktop that's redirected if you have sufficient domain privileges - if the "Exclusive Rights" thing seemed like a good idea at one point in time. In the case where you need to obtain information (termed employee had documents and their manager wants them, but doesn't want to bother with logging onto their account), you can take ownership of the directory and re-configure permissions after you do the necessary legwork.

alexisgarcia72
alexisgarcia72

Music, videos, itunes, etc must not be allowed into company servers / workstations. I'm normally flexible and allow certain users to have an small mp3 collection in the workstation, never in MY DOCUMENTS (because is redirected to the server) Mp3 files take valuable space from the servers, and server space cost money because SAN storage prices, and backup can take longer.

csprague
csprague

I am getting ready for a summer project dealing with this very issue. I will be replacing a server where user's folders have been redirected to and my testing shows this will be next to impossible without creating the new server with the exact name, folder structure and permissions as before. I found that if users are forced to log into a new profile the redirected folders will go back to the local profile folders, but the data remains on the server. Beyond the data not migrating back to the local profile, creating new local profiles for every user in your organization obviously adds a tremendous amount of complexity. As was mentioned before, be careful and test, test, test!!!

pdr5407
pdr5407

I think that folder redirection is the best way to backup and protect data at a business or corporation. However, what about at home, does anyone use this on their home network? I backup all my user files to DVD or to a backup hard drive once a month.

It's Just Me
It's Just Me

I use a registry hack to force the Outlook (2003) files to be created in "%UserProfile%\My Documents\Outlook". I create a file called ForcePSTPath.reg and enter the following: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook] "ForcePSTPath"=hex(2):25,00,75,00,73,00,65,00,72,00,70,00,72,00,6f,00,66,00,69,\ 00,6c,00,65,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,\ 65,00,6e,00,74,00,73,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,\ 00 Works like a charm!

dragan
dragan

I put Outlook.pst file on network drive p:>>\\mailsrv\outlookfiles and on Domain user logon login.bat with net use command for mapping. After creating user on some station start Outlook and in tools/options/mail setup/data files define location off Outlook.pst file. Now on each station user can access and use Outlook.

theron
theron

Move said .pst file to My Documents. It can also go in a replicating folder, such as the base user folder, but email packrats get punished with 10 minute "Loading Your Settings" waits while their 300 MB pst copies.

BlueCollarCritic
BlueCollarCritic

I understand why IT/Admin folks like Folder Direction however it can also be a very counter productive restraint/irrittaion for the non-basic user. I work on development related items and am in and out of development like applications and test systems and folder re-direction (or anything else like it) is NOT a help but a hinderence and here's why. 1) When the file server is off line so am I. This doesn't happen all the time but it does happen and it really sucks to have to quit working for X hours because the IT staff has hijacked all your stuff. 2) Not every application is capable of handling folder direction including Microsoft based apps. I have more then one application that features have either quit working or I have to reset every time I use it because Folder Re-direction has fragged it. 3) Folder redirection can really frag up a laptop that connects to the system. I have my own personal laptop (company doesn't have one it can provide me which is OK w/me) I use to work remotely when I travel or just when at home. Since IT started re-directing things like "MY Documents" I continually have problems when my lapto is not connected to the network. AND finally... 4) Not every user believes in the computer fairy who will magically restore any and all of their files when a failure occurs and so they (like mysefl) keep their stuff backed up to a USB drive. My portable USB drive is the only way I can work where ever and when ever I want independent of the state of the network. In closing, while there are a good number of end users that need and should be set to use folder re-direction, the attitude of make al suffer for some is a poor one. IT Admins know better then any of us that there is no 1 tool that works for every job and yet that is teh approach they use for managing users files; bad practice.

rkuhn040172
rkuhn040172

Mapping folders gives the user access to what they need but doesn't force them to do it. Folder redirection forces them to save their files to the correct location for DR and backup purposes.

Alces
Alces

Good policy, but how do you deal with such a request from the VP/President/CEO/putYourFavExecTitleHere? Do you just give them the bold "NO"? In my (smallish) company that would create more discussions and explaining than it's worth saving the storage space (unfortunately).

tweller.tampa
tweller.tampa

The migration that you described is really not all that bad. The server name problem can be handled by creating a DNS alias or by writing a logon script that will change the user's machine to reflect the new server name. The folder structure part is a little more tricky if the user has local replicas. If that is the case you may want to look at SMS which will handle the folder redirection nicely. You're correct on the testing part for a server migration. I used to recruit a user from every possible scenario and migrate them a week before so you can work out the gotchas. Migrations are tricky but never found one that was impossible

alexisgarcia72
alexisgarcia72

300MB PST? I normally have users with 10GB inboxes and several 5GB pst files. We are not using Archiving anymore because pricing and support (EAS)

tweller.tampa
tweller.tampa

Thank you for the correction. next time I will proof before sending. SMS is supposed to read DFS. Sorry

jwhitby3
jwhitby3

Let me start by saying that very rarely do I have to touch a windows box of any description (I work on Solaris and Linux servers). If I DO need to setup this way DFS seems like it would be worth looking into. I will also add that this seems a lot like the way that we setup our LDAP, and NFS shares. I guess this would be the MS equivalent?

cbader
cbader

We use DFS on our network to avoid this issue. This way when you map a drive or redirect the My Documents you dont put the standard \\server\share UNC path, you type \\domain\share. If the locations of the files move you update the DFS entry in AD and no one ever knows the difference.

alexisgarcia72
alexisgarcia72

5GB pst file size is nothing. I have PArtners, CEOS, CIOS, etc with 30GB pst total each... with files normally between 5 ~ 12 GB each.. This users are very busy users they do not have time for training they only wants all the email at hand. They are normally traveling they do not spend time in deleting old emails, etc. They have everything and I'm talking about massive email users (send/receive about 60 ~ 300 emails daily) We had EAS (EXchange archive system) in the past for email archiving but we had several issues with the indexing. I have 1.6TB backup of PST Data in tape, replicated to a couple of Buffalo Terastations PRO and another copy in the Pillar SAN.

Alces
Alces

I had a few users' Outlook choke on a 2GB .pst. was OL 2000, though. And one copied himself on all outgoing emails so he has a copy, too.... At some point you just have to give up explaining and training :)