The Adamj Method for Folder Redirection with Offline Files – Part 1

by | Last updated 2022.11.07 | Published on 2018.06.12 | Guides

“Change how you think. Change your life!”

This 2 part guide will help you setup Redirected Folders on a DFS Namespace Share or a single server share and enable Offline Files for these redirected folders. The offline folders are set to use the Offline copy all the time, regardless if there is a connection to the server. A Background sync every 10 minutes with a 5-minute variance, enabled for syncing shares in both manual and automatic offline mode. ‘Policy Screens’ and ‘Files not Cached’ will be enabled for blank (“”) screens and caching so that Access Databases can be synced and cached too.

As the computer’s offline files will always be right because the offline file cache is the only one used, create an Offline Files Automatic Resolution Policy for conflicts by using SyncConflictHandling for \\domain.local\Drives\RedirectedFolders or \\Server\RedirectedFolders.

System Requirements

  1. You should setup a DFS Namespace. This step is not necessary but is the recommended way. You can still use this guide if you wish to use just \\server\share, however the best practice is using DFS.
  2. On the Properties of the DFS Namespace, in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, check Enable access-based enumeration for this namespace
  3. Create a new Namespace Folder for RedirectedFolders that is SEPARATE from anything else (folder off the root DFS Namespace)
  4. Add the target location for the RedirectedFolders
  5. On the properties of the RedirectedFolders folder in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, make sure the dot is beside Use inherited permission from the local file system.

Side Note on DFS:

DFS is a phenomenal service that you should take advantage of. Not only is it site-aware through AD Sites & Services (for calculating what server is closest to the user, thereby faster access), but it allows for replication between servers, redundancy with multiple DFS Namespace servers, but most of all, it condenses all of your file shares from all of your servers into 1 special folder that takes on a domain-wide path. This allows for the adding and subtracting of servers, moving data between servers, and keeping a distributed and replicated store of your files such that your users never need to worry about what server to access, what server the data is physically on, or if there is a change in server share locations. All of that is done behind the scenes by you and your users just have the appearance of a single location to find all of their files, making it super easy to find what they are looking for.

Groups, File and Folder Shares & NTFS Permissions

Create the groups in Active Directory first:

Global Security Groups

Redirected Folder Users
Members: Those users who you want to add to this policy. Start with it being empty and then when everything is done, we’ll add users in here.

CONF_Offline Files_On
Members: All computer objects you wish to add that will store offline files. Start with it being empty and then when everything is done, we’ll add computer objects in here.

CONF_Offline Files_Off
Members: All computer objects you wish to add that will NOT store offline files. This will be for shared systems where you don’t want to store multiple sets of offline files.

Domain Local Security Groups

ACL_RedirectedFolders_Read
Description: \\domain.local\Drives\RedirectedFolders [Read]
Notes: \\domain.local\Drives\RedirectedFolders [Read]
ACL_RedirectedFolders_Modify
Description: \\domain.local\Drives\RedirectedFolders [Modify]
Notes: \\domain.local\Drives\RedirectedFolders [Modify]
ACL_RedirectedFolders_Full
Description: \\domain.local\Drives\RedirectedFolders [Full]
Notes: \\domain.local\Drives\RedirectedFolders [Full]
Members: File Admins
ACL_RedirectedFolders_CreateFolders
Description: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Notes: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Members: Redirected Folder Users
ACL_RedirectedFolders_ListFolderContents
Description: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Notes: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Members: Redirected Folder Users

Permissions

Share Permissions on \\domain.local\Drives\RedirectedFolders
Everyone: Full Control (Best practice is to give Full Control to everyone and control permissions through NTFS Permissions)

NTFS Permissions on \\domain.local\Drives\RedirectedFolders

SYSTEM: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_CreateFolders: ONLY Create Folders / append data, Applies to: “This folder only.”
ACL_RedirectedFolders_Read: Read & execute, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Modify: Modify, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Full: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_ListFolderContents: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions, Applies to: “This folder only.”
CREATOR OWNER: Full Control, Applies to: “Subfolders and files only.”

Create the GPOs in Part 2

How to Prepare for On-Prem WSUS UUP Updates

How to Prepare for On-Prem WSUS UUP Updates

Quality updates are coming on March 28 for on-premises Windows 11, version 22H2 devices. The updates are coming via the Unified Update Platform (UUP) which interoperates with WSUS and Microsoft Configuration Manager. UUP quality updates are cumulative, including all...

Backing Up Windows Server Update Services

Backing Up Windows Server Update Services

You probably already know that backing up your Windows Server Update Services is crucial. You want to back up because restores are faster than rebuilding WSUS. Although it’s not difficult to rebuild, it takes valuable time we know you don’t have. Your WSUS...