Beruflich Dokumente
Kultur Dokumente
Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server
2012 R2, Windows Vista
This topic describes how to use Windows Server to deploy Folder Redirection with Offline Files to Windows client computers.
Important
Due to the security changes made in MS16-072, we updated Step 3: Create a GPO for Folder Redirection of this topic so that
Windows can properly apply the Folder Redirection policy (and not revert redirected folders on affected PCs).
Prerequisites
Hardware requirements
Folder Redirection requires an x64-based or x86-based computer; it is not supported by Windows® RT.
Software requirements
Folder Redirection has the following software requirements:
To administer Folder Redirection, you must be signed in as a member of the Domain Administrators security group, the
Enterprise Administrators security group, or the Group Policy Creator Owners security group.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server
2012, Windows Server 2008 R2, or Windows Server 2008.
Client computers must be joined to the Active Directory Domain Services (AD DS) that you are managing.
A computer must be available with Group Policy Management and Active Directory Administration Center installed.
If the file share uses DFS Namespaces, the DFS folders (links) must have a single target to prevent users from
making conflicting edits on different servers.
If the file share uses DFS Replication to replicate the contents with another server, users must be able to access
only the source server to prevent users from making conflicting edits on different servers.
When using a clustered file share, disable continuous availability on the file share to avoid performance issues with
Folder Redirection and Offline Files. Additionally, Offline Files might not transition to offline mode for 3-6 minutes
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 1/8
12/6/2017 Deploy Folder Redirection with Offline Files
after a user loses access to a continuously available file share, which could frustrate users who aren’t yet using the
Always Offline mode of Offline Files.
Note
To use new features in Folder Redirection, there are additional client computer and Active Directory schema requirements. For
more information, see Folder Redirection, Offline Files, and Roaming User Profiles.
1. Open Server Manager on a computer with Active Directory Administration Center installed.
2. On the Tools menu, click Active Directory Administration Center. Active Directory Administration Center appears.
3. Right-click the appropriate domain or OU, click New, and then click Group.
4. In the Create Group window, in the Group section, specify the following settings:
In Group name, type the name of the security group, for example: Folder Redirection Users.
5. In the Members section, click Add. The Select Users, Contacts, Computers, Service Accounts or Groups dialog box
appears.
6. Type the names of the users or groups to which you want to deploy Folder Redirection, click OK, and then click OK again.
Note
Some functionality might differ or be unavailable if you create the file share on a server running another version of Windows
Server.
1. In the Server Manager navigation pane, click File and Storage Services, and then click Shares to display the Shares page.
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 2/8
12/6/2017 Deploy Folder Redirection with Offline Files
2. In the Shares tile, click Tasks, and then click New Share. The New Share Wizard appears.
3. On the Select Profile page, click SMB Share – Quick. If you have File Server Resource Manager installed and are using
folder management properties, instead click SMB Share - Advanced.
4. On the Share Location page, select the server and volume on which you want to create the share.
5. On the Share Name page, type a name for the share (for example, Users$) in the Share name box.
Tip
When creating the share, hide the share by putting a $ after the share name. This will hide the share from casual
browsers.
6. On the Other Settings page, clear the Enable continuous availability checkbox, if present, and optionally select the
Enable access-based enumeration and Encrypt data access checkboxes.
7. On the Permissions page, click Customize permissions…. The Advanced Security Settings dialog box appears.
8. Click Disable inheritance, and then click Convert inherited permissions into explicit permission on this object.
9. Set the permissions as described Table 1 and shown in Figure 1, removing permissions for unlisted groups and accounts,
and adding special permissions to the Folder Redirection Users group that you created in Step 1.
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 3/8
12/6/2017 Deploy Folder Redirection with Offline Files
10. If you chose the SMB Share - Advanced profile, on the Management Properties page, select the User Files Folder
Usage value.
11. If you chose the SMB Share - Advanced profile, on the Quota page, optionally select a quota to apply to users of the
share.
Table 1 Required permissions for the file share hosting redirected folders
Security group of users needing to put data on share (Folder List folder / read data1 This folder only
Redirection Users)
Create folders / append
data1
Read attributes1
Read extended
attributes1
Read permissions1
1 Advanced permissions
2. From the Tools menu click Group Policy Management. Group Policy Management appears.
3. Right-click the domain or OU in which you want to setup Folder Redirection and then click Create a GPO in this domain,
and Link it here.
4. In the New GPO dialog box, type a name for the GPO (for example, Folder Redirection Settings), and then click OK.
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 4/8
12/6/2017 Deploy Folder Redirection with Offline Files
5. Right-click the newly created GPO and then clear the Link Enabled checkbox. This prevents the GPO from being applied
until you finish configuring it.
6. Select the GPO. In the Security Filtering section of the Scope tab, select Authenticated Users, and then click Remove to
prevent the GPO from being applied to everyone.
8. In the Select User, Computer, or Group dialog box, type the name of the security group you created in Step 1 (for
example, Folder Redirection Users), and then click OK.
9. Click the Delegation tab, click Add, type Authenticated Users, click OK, and then click OK again to accept the default
Read permissions.
Important
Due to the security changes made in MS16-072, you now must give the Authenticated Users group delegated Read
permissions to the Folder Redirection GPO - otherwise the GPO won't get applied to users, or if it's already applied, the GPO
is removed, redirecting folders back to the local PC. For more info, see Deploying Group Policy Security Update MS16-072 .
Note
Offline Files is enabled by default for redirected folders on Windows client computers, and disabled on computers running
Windows Server, unless changed by the user. To use Group Policy to control whether Offline Files is enabled, use the Allow or
disallow use of the Offline Files feature policy setting.
For information about some of the other Offline Files Group Policy settings, see Enable Advanced Offline Files Functionality,
and Configuring Group Policy for Offline Files.
1. In Group Policy Management, right-click the GPO you created (for example, Folder Redirection Settings), and then click
Edit.
2. In the Group Policy Management Editor window, navigate to User Configuration, then Policies, then Windows Settings,
and then Folder Redirection.
3. Right-click a folder that you want to redirect (for example, Documents), and then click Properties.
4. In the Properties dialog box, from the Setting box click Basic - Redirect everyone’s folder to the same location.
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 5/8
12/6/2017 Deploy Folder Redirection with Offline Files
Note
To apply Folder Redirection to client computers running Windows XP or Windows Server 2003, click the Settings tab
and select the Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and
Windows Server 2003 operating systems checkbox.
5. In the Target folder location section, click Create a folder for each user under the root path and then in the Root
Path box, type the path to the file share storing redirected folders, for example: \\fs1.corp.contoso.com\users$
6. Click the Settings tab, and in the Policy Removal section, optionally click Redirect the folder back to the local
userprofile location when the policy is removed (this setting can help make Folder Redirection behave more
predictably for adminisitrators and users).
7. Click OK, and then click Yes in the Warning dialog box.
Tip
If you plan to implement primary computer support or other policy settings, do so now, before you enable the GPO. This
prevents user data from being copied to non-primary computers before primary computer support is enabled.
2. Right-click the GPO that you created, and then click Link Enabled. A checkbox appears next to the menu item.
1. Sign in to a primary computer (if you enabled primary computer support) with a user account for which you have enabled
Folder Redirection.
2. If the user has previously signed in to the computer, open an elevated command prompt, and then type the following
command to ensure that the latest Group Policy settings are applied to the client computer:
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 6/8
12/6/2017 Deploy Folder Redirection with Offline Files
gpupdate /force
4. Right-click a redirected folder (for example, the My Documents folder in the Documents library), and then click
Properties.
5. Click the Location tab, and confirm that the path displays the file share you specified instead of a local path.
1. Prepare domain
- Group name:
- Members:
- GPO name:
- Redirected folders:
- Windows 2000, Windows XP, and Windows Server 2003 support enabled?
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 7/8
12/6/2017 Deploy Folder Redirection with Offline Files
- Computer-based or User-based?
Change history
The following table summarizes some of the most important changes to this topic.
January 18, Added a step to Step 3: Create a GPO for Folder Redirection to delegate Read permissions Customer
2017 to Authenticated Users, which is now required because of a Group Policy security update. feedback.
See Also
Deploy Folder Redirection, Offline Files, and Roaming User Profiles
Deploy Primary Computers for Folder Redirection and Roaming User Profiles
Enable Advanced Offline Files Functionality
Microsoft’s Support Statement Around Replicated User Profile Data
How to Add and Remove Apps
Troubleshooting packaging, deployment, and query of Windows Runtime-based apps
© 2017 Microsoft
https://technet.microsoft.com/en-us/library/jj649078(d=printer,v=ws.11).aspx 8/8