Yet another Group Policy object that I use in the "Jameson Datacenter" (a.k.a. my home lab) is one to automatically configure roaming profiles and redirect the Desktop and Documents folders to a server(a.k.a. "IntelliMirror").

Even though I don't have many users in my Active Directory domain -- it's not like I have eight kids, just one -- I still want to keep user data centrally managed on a server that I backup regularly. Besides, I find it really frustrating to have some items on your desktop on one computer, but a different set of desktop items on another computer (or VM).

To automatically configure this in the "Jameson Datacenter", I defined a Group Policy (named Default User Data and Settings Policy) with the following settings:

  • User Configuration
    • Policies
      • Windows Settings
        • Folder Redirection
          • AppData(Roaming)
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Application Data
            • Options
              • Grant user exclusive rights to AppData(Roaming): Enabled
              • Move the contents of AppData(Roaming) to the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Desktop
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Desktop
            • Options
              • Grant user exclusive rights to Desktop: Enabled
              • Move the contents of Desktop to the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Documents
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Documents
            • Options
              • Grant user exclusive rights to Documents: Enabled
              • Move the contents of Documentsto the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Music
            • Setting: Follow the Documents folder
          • Pictures
            • Setting: Follow the Documents folder
          • Videos
            • Setting: Follow the Documents folder
Note
Those of you that have a very keen eye (and also a photographic memory) might recall that in a previous post, I listed BEAST as a database server (it is currently running SQL Server 2005). Yes, it's true, I'm breaking one of my own cardinal sins by having a SQL Server also serve as a file server. I don't recommend doing this unless, like me, you are trying to go as cheap as possible -- and, even then, only for a lab environment like mine.

In order to allow users access to create their own folders on \\BEAST\Users$, I have configured the following permissions on C:\BackedUp\Users:

  • Domain Users
    • Apply onto: This folder only
    • Permissions
      • List Folder / Read Data
      • Create Folders / Append Data
  • CREATOR OWNER
    • Apply onto: Subfolders and files only
    • Permissions
      • Full Control

I also created a hidden share for the C:\BackedUp\Users folder and granted Full Control to Authenticated Users (since the NTFS permissions above ultimately determine the level of access for all users).

Thus when a new user logs in for the first time, a corresponding folder is created on the server and all of the user's files are stored on the server.