Site icon RDR-IT

GPO: Folder Redirection – Advanced Settings

Introduction

In a previous tutorial: GPO: User Folder Redirection, I explained how to redirect user folders using Group Policy in a simple way.

In this article, we are going to have how to set up a folder redirection using the advanced settings.

Advanced settings allow using a policy, to write user folders based on an Active Directory group.

Preparation of the environment

Create the AD groups (group1 and group2) that will be used for the redirection.

Add users who are members of the group:

As you can see, User3 is a member of both Active Directory groups. We will see in the last part, how the redirection is applied.

On a file server, create two folders (group1 and group2) for storing redirected folders.

Share the parent folder.

Make sure at the rights level that users in each group can create a folder in the folder of their respective group.

Creating Group Policy for Folder Redirection

From the Group Policy Management Console, right-click on the OU 1 where the GPO is to be linked and click Create GPO in this area, and link it here 2 .

Name the strategy 1 then click OK 2 to create it.

The created strategy, right click on 1 and click on Edit 2 .

Go to the following location: User Configuration / Policies / Windows Settings / Folder Redirection 1 .

Right click on the folder to be redirected 1 and click on Properties 2 .

Choose the Advanced setting – specify the locations for various user groups 1 .

Click the Add 1 button to configure group-based redirection.

Indicate which group 1 applies the redirection, configure the location of the target folder 2 , specify the UNC path to the folder 3 and click OK 4> >.

Redirection parameters for group1 are added 1 , click Add 2 to configure another group (group2).

Once all the groups configured 1 click on Apply 2 .

Click Yes 1 to close the warning message regarding compatibility with Windows XP prior.

Group Policy is ready

Group Policy Test

In this part we will do several to see how Group Policy is applied.

For each user, we check that the redirection is applied by looking at the properties of the Document folder and checking on the share that the folders are created.

User1 who is a Group1 group member: log on to a client workstation.

Checks:

On the above captures, we can see that the redirection has been applied to the group1 folder.

User2 who is a Group2 group member: log on to a client.

Checks:

As for the user1, we can see that the redirection has been applied according to the group of membership (group2).

User3 as a reminder this one is a member of groups (group1 and group2).

Checks:

On the screenshots below, we can see that the folder has been redirected to the group1 folder. It can be deduced that the redirection is applied to the first group match in the redirection strategy.

To validate the hypothesis above, we will modify the group policy so that the group2 is in first position.

After a gpupdate / force on the user3 user session and after a re-login, the folder redirection is now applied to the group2.

With this test, we can conclude that if a user is a member of several groups where a folder redirection is applied, the group that is prime is the first in the list.

Exit mobile version