“Change how you think. Change your life!”
This 2 part guide will help you setup Redirected Folders on a DFS Namespace Share or a single server share and enable Offline Files for these redirected folders. The offline folders are set to use the Offline copy all the time, regardless if there is a connection to the server. A Background sync every 10 minutes with a 5-minute variance, enabled for syncing shares in both manual and automatic offline mode. ‘Policy Screens’ and ‘Files not Cached’ will be enabled for blank (“”) screens and caching so that Access Databases can be synced and cached too.
As the computer’s offline files will always be right because the offline file cache is the only one used, create an Offline Files Automatic Resolution Policy for conflicts by using SyncConflictHandling for \\domain.local\Drives\RedirectedFolders or \\Server\RedirectedFolders.
- You should setup a DFS Namespace. This step is not necessary but is the recommended way. You can still use this guide if you wish to use just \\server\share, however the best practice is using DFS.
- On the Properties of the DFS Namespace, in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, check Enable access-based enumeration for this namespace
- Create a new Namespace Folder for RedirectedFolders that is SEPARATE from anything else (folder off the root DFS Namespace)
- Add the target location for the RedirectedFolders
- On the properties of the RedirectedFolders folder in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, make sure the dot is beside Use inherited permission from the local file system.
Side Note on DFS:
DFS is a phenomenal service that you should take advantage of. Not only is it site-aware through AD Sites & Services (for calculating what server is closest to the user, thereby faster access), but it allows for replication between servers, redundancy with multiple DFS Namespace servers, but most of all, it condenses all of your file shares from all of your servers into 1 special folder that takes on a domain-wide path. This allows for the adding and subtracting of servers, moving data between servers, and keeping a distributed and replicated store of your files such that your users never need to worry about what server to access, what server the data is physically on, or if there is a change in server share locations. All of that is done behind the scenes by you and your users just have the appearance of a single location to find all of their files, making it super easy to find what they are looking for.
Groups, File and Folder Shares & NTFS Permissions
Create the groups in Active Directory first:
Global Security Groups
Redirected Folder Users
Members: Those users who you want to add to this policy. Start with it being empty and then when everything is done, we’ll add users in here.
Members: All computer objects you wish to add that will store offline files. Start with it being empty and then when everything is done, we’ll add computer objects in here.
Members: All computer objects you wish to add that will NOT store offline files. This will be for shared systems where you don’t want to store multiple sets of offline files.
Domain Local Security Groups
Description: \\domain.local\Drives\RedirectedFolders [Read]
Notes: \\domain.local\Drives\RedirectedFolders [Read]
Description: \\domain.local\Drives\RedirectedFolders [Modify]
Notes: \\domain.local\Drives\RedirectedFolders [Modify]
Description: \\domain.local\Drives\RedirectedFolders [Full]
Notes: \\domain.local\Drives\RedirectedFolders [Full]
Members: File Admins
Description: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Notes: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Members: Redirected Folder Users
Description: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Notes: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Members: Redirected Folder Users
Share Permissions on \\domain.local\Drives\RedirectedFolders
Everyone: Full Control (Best practice is to give Full Control to everyone and control permissions through NTFS Permissions)
NTFS Permissions on \\domain.local\Drives\RedirectedFolders
SYSTEM: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_CreateFolders: ONLY Create Folders / append data, Applies to: “This folder only.”
ACL_RedirectedFolders_Read: Read & execute, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Modify: Modify, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Full: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_ListFolderContents: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions, Applies to: “This folder only.”
CREATOR OWNER: Full Control, Applies to: “Subfolders and files only.”