Thursday, June 8, 2017

windows server 2012 r2 - Why won't Group Policy File Redirection settings apply?


Related to How can I disable the 'Installing Apps' screen?


I recently set up a new domain, everything runs as it should but however certain Group Policy settings won't sync. One of these settings is Folder Redirection.


Other stuff for ADDC & Group Policy works, such as:



  • Signing onto domain computers with domain users

  • Domain network policies

  • Security policies (such as requiring Ctrl + Alt + Del to sign in)


I definitely have done the Group Policy Object properly as most Group Policy settings are synced onto domain clients.


I have set the Folder Redirection by User Configuration > Policies > Windows Settings > Folder Redirection


Each folder is located on a shared network drive that backs up automatically to cloud services. I've verified that users are in the Domain Users group.


enter image description here


enter image description here


Users are also able to fully access their allocated storage areas manually by browsing to the location on the network drive, so there's nothing wrong with the folder permissions. Forcing a Group Policy update via gpupdate.exe /force will not get this to work either.


What am I doing wrong?


All clients are on Windows 8.1 Professional & the server's running Windows Server 2012 R2 Datacenter.


The OU the GPO only applies to domain computers (which at the moment, there's only two and the naming structure isn't well-formed, but that's going to change):


enter image description here


Answer



This is a common gotcha for new GP admins: Say you make a GPO and link it to an OU. When you make changes in the GPO's "User Configuration" section those changes will only apply to the users in the OU it's linked to. If you make changes to the "Computer Configuration" section, those changes will only be applied to computers in the OU it's linked to.


What you've shown us here are User Configuration settings, so the GPO needs to be applied to a container (OU or otherwise) that contains the USERS you want this to apply to.


Similarly, if you're going to use Security Filtering in this case, you need to target user accounts to allow/deny access to, not (just) computer accounts.


Hope that helps. :)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...