- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
I’m sure when you set up Folder Redirection in Group Policy for your users, backing out or disabling Folder Redirection was probably the last thing on your mind. Because of that, design decisions that were made during your implementation can have a direct impact on removing the redirections and can cause major problems.
Scenario 1: Accidental redirection on servers ^
When logging into the server console or over RDP to perform administrative tasks, the server Administrator is having his/her folders redirected to a file server. (I hear this a lot… I mean A LOT.)
To fix this, you’ll need to take two actions: First, enable Loopback. Working under the assumption that this is a server that only admins will be logging into, you’ll most likely want to use Replace mode so that user policies don’t apply in the future. Second, the easy option is to delete the profiles of the users on the server by going to System > Advanced system settings > User Profile Settings… > highlight the user and click Delete.
Delete user profiles
If for some reason deleting the local profiles on the server isn’t an option (or there are just too many servers to do it), you’ll need to add a new Folder Redirection to the same GPO that has your Loopback setting. In the Group Policy Management Console, go to User Configuration > Windows Settings > Folder Redirection. Right-click on one of the folders that will shouldn’t be redirected and choose Properties. In the Properties for each folder, set the Target Setting to “Basic” and the Target folder location to “Redirect to the local userprofile location.” On the Settings tab, make sure you uncheck “Move the contents of [folder] to the new location” so that the redirected files don’t end up on the server.
Redirect to the local userprofile location | Move the contents of Documents to the new location
Scenario 2: Redirecting back to users’ local storage ^
You’ve been tasked with taking folders that are currently redirected to a file server and directing them back to the end user’s local storage.
Before you start making changes, you’ll want to go to User Configuration > Windows Settings > Folder Redirection. Right-click on one of the redirected folders, choose Properties, and go to the Settings tab. Make note of whether “Move the contents of Documents to the new location” is checked and the “Policy Removal” behavior.
When a Folder Redirection is created, the move option is checked by default and the Policy Removal is set to, “Leave the folder in the new location when the policy is removed.” If bells and whistles aren’t going off in your head, they should be! If you were to remove the policy right now, Folder Redirection would stay how it is currently configured with the folder(s) redirected… which is probably not what you want to happen. The good news is that new logins by users won’t have folders redirected since the policy is gone, but any computers that the user has logged in to will keep their Folder Redirection.
You’ll want to set the Policy Removal option to “Redirect the folder back to the local user profile location when policy is removed.” You’ll also want to ensure that “Move the contents of [folder name] to the new location” option is also checked so that the files get moved back to the user’s computer when you change the policy. If these settings needed to be changed, you’ll need to allow enough time for users to get the changes before removing the Folder Redirection completely.
Once you’re confident that your users have received the updated policy from the Settings tab, you can change the Setting on the Target tab to “Not configured.”
Location of the document folder not configured
If you primary goal is just to disable Folder Redirection, the easiest thing you can do is to go to the Target tab, change the Setting to Basic, and change the Target folder location to “Redirect to the local userprofile location” like we did in Scenario 1. Just be aware that doing this prevents the end user from moving the folder to another location since the setting is still managed.
Redirect to the local userprofile location
Gotchas and other things to consider ^
Remember that the default Group Policy refresh interval is 90-120 minutes (unless you’ve changed it in your environment). If you change the Folder Redirection settings now, most of your computers will get the change pretty quickly, right? Not so fast… That interval assumes that the computer is powered on and can communicate with Active Directory. You also have to remember that Folder Redirection is a user side policy; so, the user will have to be logged in and have access to Active Directory to get the change. If you have to make modifications to the Policy Removal behavior, you may need to wait several days before making the change to the target setting.
Redirecting folders back to laptops has a couple of challenges. First, Folder Redirection will require that the user can access the corporate network prior to logging in. Unless you’ve implemented Direct Access, this will require the user to connect to a VPN prior to login. Second, the process of copying the files back down to the laptop will be incredibly slow over most WAN connections... especially if the user has a lot of data. If it is possible, you may want to encourage your end user to bring in the laptop and use a connection on your local network to make the transfer.
If you have users that log in from multiple computers, make sure that they log in to their primary computers first to get the new settings. Otherwise, their files will end up on the wrong computer and will appear to be missing on their primary computers.