News, Windows Server Essentials

Windows Server 2012 Essentials Simplifies Folder Redirection and Security Settings Group Policies

01-Dashboard.png

So by now, you’ve probably sat down and experimented a bit with Windows Server 2012 Essentials (either the Beta or the RC). If you’ve used Windows Home Server 2011, then you’ll definitely see a lot of familiar features and functions. Some things have been moved around a bit, and some have been cleaned up. The core functionality is very similar (if not identical) to Windows Home Server 2011.

However, tucked away on the “Devices” tab is a new, overlooked feature that isn’t in Windows Home Server 2011. If you’ve heard the term “Group Policy” before, you know it can be complicated and confusing to use. However, this new option will configure two Group Policy “objects” for you: Security Settings, and Folder Redirection.  But you’ll need Windows 7 Professional, Enterprise or Ultimate, or Windows 8 Pro or Enterprise to be able to take advantage of this feature, as it requires the computer to be joined to the Server 2012 Essential’s domain and only these versions of Windows are able to join a domain.

But why would you want to use this feature? Well, enabling the forced security settings are self-explanatory. However, Folder Redirection can be a lot more useful. The Folder Redirection policy will automatically move the specified domain user’s folders to a separate folder for each user in the “Folder Redirection” shared folder, and makes the contents of the share available offline so you can still access the files while away from your home (or small business).  Since you can use your “domain user” account on any computer joined to the Server 2012 Essential’s domain, these files will be accessible from any of those computers!  I bet you were wondering what that “FolderRedirection” share was for. Now you know.  Also, when each user’s folder is created, it will change the permissions so only that user can access their files, just like the “Users” folder does locally.  Additionally, the Folder Redirection feature makes use of the “Offline Files” feature of Windows to make files available  even when you’re not connected to the network. But it does that by basically copying the files to the drive, so this won’t save you space on systems with small hard drives.

It is worth noting that when you enable Folder Redirection, the first time you try logging into a computer, it will try to move any files already in the user folders on the hard drive over to the network share. And if you disable the feature, during the first log in afterwards on each computer, it will move the files to the User folders on the drive.  Depending on how much data you have that needs to be moved, this can make the login process take a while.

Another small note here, this feature is already available to Windows Small Business Server 2011 Essentials users, in the form of the “Windows 7 Professional Pack” Add-in.  It does the exact same thing, but doesn’t support Windows 8 clients without some tinkering.

Let’s walk through enabling the features here, and I’ll explain them as we go. The first thing you’ll need to do is open the Dashboard for the server, and head over to the “Devices” section. You’ll notice in the bar on the right side, under “Device Tasks” is an “Implement Group Policy” link.

01 Dashboard

That will bring up a Wizard. This immediately lists what it can do. In fact, this wizard will implement two policies for you. First are the Folder Redirection policies. The second is the “Security Settings”, which will force Windows Defender and Windows Firewall to be  enabled for any computer attached to the domain. Windows Update will also be switched on with some settings specified automatically.

02 Wizard Start

The first section is “Folder Redirection”. Here, it lists all of the folders you can have redirected to the server share.

03 Select Folders 1

Listing the folders, we have Contacts, Desktop, My Documents, Downloads, Favorites (IE Favorites), Links (the “Favorites” in Explorer), My Music, My Pictures, Saved Games, Searches, and My Video. You can uncheck any that you don’t want synced (if there is a lot of data that you just don’t need synchronised).

04 Select Folders 2

 

Previous ArticleNext Article
  • merdzd

    Don`t try @ home!

  • merdzd

    Don`t try @ home!

  • Doesn’t folder redirection arguably negate the need to also back up each PC? (I don’t care about backing up the entire drive, including the OS, just keeping user files safe, and it seems like this feature takes care of that).

  • Kentc

    If you, like me, want to use the Windows Phone “My Server” app to access to your files and folder in the folder redirection share, I recommend changing the group policy object (“GPO”) to point to Users%username%

    You do this by editing the GPOby right mouse clicking on the SBS Group Policy Folder Redirection and selecting “Edit…” That’ll open up the group policy editor, where you’ll then need to open up the tree by going under User Configuration | Policies | Windows Settings | Folder Redirection. Right mouse click on the folder (e.g. Desktop) and select “Properties.” Edit the “root path” to \users (where is the name of your server) and click OK. Rinse and repeat for the remaining redirected folder objects. That’s all that is needed, server-side.

    On Windows Clients, if you’d already logged with the folder redirection GPO enabled, the login may take a while to change from <\folder redirection> to \<servernameusers. Sidenote: if offline folders aren't enabled I cannot fathom why this takes so long to complete. If it doesn't and you know you have lots of files, open a CMD prompt ("cmd.exe") as you would opening any other application and type "gpupdate /force" (no quotation marks). This should take a while to complete. In my experience, it will either complete 100%, you'll either see a Y/N question about the user configuration policy being locked (type "Y", ) or the GPO update didn’t complete with some verbiage about why that happened. If the latter, simply restart the PC and then login again.

    I’ve done this many times on all of our PCs for all of our users. It’s certainly possible that logging out, restarting the computer, or some combination of both will correct the GPO by itself. I’m not patient enough for that to happen as I want all of my user data backups to be organized. Now they are under \users and I can use the very nice Windows Phone My Server app!

    • Kentc

      Apparently typing Sidenote and a colon decided to break the rest of the papagraph into quotes. Is that a feature? Anyway, here it is again but hopefully this time without the “” everywhere:

      If offline folders aren’t enabled I cannot fathom why this takes so long to
      complete. If it doesn’t and you know you have lots of files, open a CMD prompt
      (“cmd.exe”) as you would opening any other application and type
      “gpupdate /force” (no quotation marks). This should take a while to
      complete. In my experience, it will either complete 100%, you’ll either see a
      Y/N question about the user configuration policy being locked (type
      “Y”, ) or the GPO update didn’t complete with some
      verbiage about why that happened. If the latter, simply restart the PC and then
      login again.

Subscribe to We Got Served

Get the latest news and reviews from We Got Served in your inbox. Simply add your name and email address below. You can unsubscribe at any time.

x