The Adamj Method for Folder Redirection with Offline Files – Part 1

Home Blog Guides The Adamj Method for Folder Redirection with Offline Files – Part 1

“Change how you think. Change your life!”

This 2 part guide will help you setup Redirected Folders on a DFS Namespace Share or a single server share and enable Offline Files for these redirected folders. The offline folders are set to use the Offline copy all the time, regardless if there is a connection to the server. A Background sync every 10 minutes with a 5-minute variance, enabled for syncing shares in both manual and automatic offline mode. ‘Policy Screens’ and ‘Files not Cached’ will be enabled for blank (“”) screens and caching so that Access Databases can be synced and cached too.

As the computer’s offline files will always be right because the offline file cache is the only one used, create an Offline Files Automatic Resolution Policy for conflicts by using SyncConflictHandling for \\domain.local\Drives\RedirectedFolders or \\Server\RedirectedFolders.

System Requirements

  1. You should setup a DFS Namespace. This step is not necessary but is the recommended way. You can still use this guide if you wish to use just \\server\share, however the best practice is using DFS.
  2. On the Properties of the DFS Namespace, in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, check off Enable access-based enumeration for this namespace
  3. Create a new Namespace Folder for RedirectedFolders that is SEPARATE from anything else (folder off the root DFS Namespace)
  4. Add the target location for the RedirectedFolders
  5. On the properties of the RedirectedFolders folder in the Referrals tab, set the Cache duration to 1 second. On the Advanced tab, make sure the dot is beside Use inherited permission from the local file system.

Side Note on DFS:

DFS is a phenomenal service that you should take advantage of. Not only is it site-aware through AD Sites & Services (for calculating what server is closest to the user, thereby faster access), but it allows for replication between servers, redundancy with multiple DFS Namespace servers, but most of all, it condenses all of your file shares from all of your servers into 1 special folder that takes on a domain-wide path. This allows for the adding and subtracting of servers, moving data between servers, and keeping a distributed and replicated store of your files such that your users never need to worry about what server to access, what server the data is physically on, or if there is a change in server share locations. All of that is done behind the scenes by you and your users just have the appearance of a single location to find all of their files, making it super easy to find what they are looking for.

Groups, File and Folder Shares & NTFS Permissions

Create the groups in Active Directory first:

Global Security Groups:

Redirected Folder Users
Members: Those users who you want to add to this policy. Start with it being empty and then when everything is done, we’ll add users in here.

CONF_Offline Files_On
Members: All computer objects you wish to add that will store offline files. Start with it being empty and then when everything is done, we’ll add computer objects in here.

CONF_Offline Files_Off
Members: All computer objects you wish to add that will NOT store offline files. This will be for shared systems where you don’t want to store multiple sets of offline files.

Domain Local Security Groups:

ACL_RedirectedFolders_Read
Description: \\domain.local\Drives\RedirectedFolders [Read]
Notes: \\domain.local\Drives\RedirectedFolders [Read]
ACL_RedirectedFolders_Modify
Description: \\domain.local\Drives\RedirectedFolders [Modify]
Notes: \\domain.local\Drives\RedirectedFolders [Modify]
ACL_RedirectedFolders_Full
Description: \\domain.local\Drives\RedirectedFolders [Full]
Notes: \\domain.local\Drives\RedirectedFolders [Full]
Members: File Admins
ACL_RedirectedFolders_CreateFolders
Description: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Notes: \\domain.local\Drives\RedirectedFolders [CreateFolders]
Members: Redirected Folder Users
ACL_RedirectedFolders_ListFolderContents
Description: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Notes: \\domain.local\Drives\RedirectedFolders [ListFolderContents]
Members: Redirected Folder Users

Permissions

Share Permissions on \\domain.local\Drives\RedirectedFolders
Everyone: Full Control (Best practice is to give Full Control to everyone and control permissions through NTFS Permissions)

NTFS Permissions on \\domain.local\Drives\RedirectedFolders

SYSTEM: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_CreateFolders: ONLY Create Folders / append data, Applies to: “This folder only.”
ACL_RedirectedFolders_Read: Read & execute, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Modify: Modify, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_Full: Full Control, Applies to: “This folder, subfolders and files.”
ACL_RedirectedFolders_ListFolderContents: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions, Applies to: “This folder only.”
CREATOR OWNER: Full Control, Applies to: “Subfolders and files only.”

Create the GPOs in Part 2

Share the Post

About the Author

Adam J. Marshall

Related Posts

Role Based Access Security
How to Setup, Manage, and Maintain WSUS: Part 6 – Selecting your Test Systems & The Approvals Process
What do I do when I run out of space on a WSUS Server?
Read More
Save Time With Easy WSUS Cleanup
How to Setup, Manage, and Maintain WSUS: Part 5 – Linking your GPOs – Inheritance is your friend!
Dual Scan – Making Sense of Why So Many Admins Have Issues
Client Machines Not Reporting to WSUS Properly?
PowerShell: Why should I learn it? Where do I start?