Recently we investigated an issue for a customer where redirecting the documents library using a Group Policy Object (GPO) created folders in the incorrect location. Whilst everything appeared to be configured correctly on first glance, the results were not as expected.

 

Background:

The customer had just undertaken a significant systems migration and found that when users were saving to the documents folder, it was not being saved in the expected location. The administrator had configured the users to each have a documents folders located on a  share that resides on a file server, this enables the users to save documents in a centralised and secure location rather than the machine’s local hard drive. However, the documents library was still pointing to the local machine (C:\Users\Username\Documents) and a common issue occurred whereby users were saving to this location rather than the network location. To ensure that users’ documents location was directed to the network rather than the local path, a GPO was configured  to redirect all users’ documents folders to the centralised file server. Once the GPO was applied, it was observed that this caused the name of the user’s directory within the share location to change from their username to My Documents. The problematic GPO configuration is shown in the steps below:

  1. Select User Configuration\Policies\Windows Settings\Folder Redirection
  2. Right click Documents and select Properties
  3. Underneath the Target tab set:
    1. Setting: Basic – Redirect everyone’s folder to the same location
    2. Target folder location: Redirect to the following location
    3. Root path: \\servername\share\%username%
    Target tab for document redirection GPO
  4. Underneath the Settings tab uncheck all tick boxes and change Policy Removal to leave the folder in the new location when the policy is removed.
Settings tab for GPO document redirection

 

 

After carrying out an investigation we found that this was occurring due to a configuration file named desktop.ini being copied into the user’s share location when synchronisation occurred on logoff. This configuration file renamed the folder from the user’s username to My Documents. However, manually entering the share location (e.g. \\ServerName\Users\%username%) would still permit access to the user’s directory.

User's shared locationDesktop.ini file

 

Resolution:

To resolve this issue we need to a) rename the users’ directory back to their username and b) configure the GPO so the renaming does not occur again.

First, modify the GPO so that the desktop.ini file will not rename the users file share again. This is completed using the following steps:

  1. Locate the configured GPO, right click and select edit.
  2. Browse back to User Configuration\Policies\Windows Settings\Folder Redirection
  3. Right click Documents and Select Properties
  4. Underneath the Target tab:
    1. Confirm the Target folder location is set to redirect to the following location. There is a bug where this can change to create a folder for each user under the root path.
    2. Change the root path to direct to a sub folder underneath the user’s profile root directory:\\servername\share\%username%\Documents

Completing these changes will then redirect the Documents shortcut to the correct location. The desktop.ini configuration file will then be copied to the documents sub folder changing its name to My Documents rather than the root folder.

The final step is to change the user’s share name back to their username. To achieve this, complete one of the following methods:

  1. Remove the desktop.ini file from the root of the share location which will rename the folder back to the username
  2. Edit the Security settings of the desktop.ini file and deny Read Access to all administrators and this will then rename the folder back to the username

Once you have completed one of the above methods, the user’s directory within the network share will be changed from My Documents back to their username.

 

Alternative GPO Configuration
You can also configure this GPO to redirect to the users profile directory which can be configured on the user’s object profile tab within Active Directory Users and Computers. You can specify this option on the GPO by choosing the redirect the folder to the users profile directory option underneath the Document Redirection field.
If you chose this option you could encounter the same renaming problem as described above if you have configured your users profile directory to be \\servername\Share\%username%. To resolve this you could either change the GPO to redirect to the following location as previously described or change the users profile directory to \\servername\Share\%username%\My Documents.
Advertisements