Technology Toolbox

Your technology Sherpa for the Microsoft platform

Jeremy Jameson - Founder and Principal

Search

Search

Configure IntelliMirror Using Group Policy

Note
This post originally appeared on my MSDN blog:

Since I no longer work for Microsoft, I have copied it here in case that blog ever goes away.

Yet another Group Policy object that I use in the "Jameson Datacenter" (a.k.a. my home lab) is one to automatically configure roaming profiles and redirect the Desktop and Documents folders to a server(a.k.a. "IntelliMirror").

Even though I don't have many users in my Active Directory domain -- it's not like I have eight kids, just one -- I still want to keep user data centrally managed on a server that I backup regularly. Besides, I find it really frustrating to have some items on your desktop on one computer, but a different set of desktop items on another computer (or VM).

To automatically configure this in the "Jameson Datacenter", I defined a Group Policy (named Default User Data and Settings Policy) with the following settings:

  • User Configuration
    • Policies
      • Windows Settings
        • Folder Redirection
          • AppData(Roaming)
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Application Data
            • Options
              • Grant user exclusive rights to AppData(Roaming): Enabled
              • Move the contents of AppData(Roaming) to the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Desktop
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Desktop
            • Options
              • Grant user exclusive rights to Desktop: Enabled
              • Move the contents of Desktop to the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Documents
            • Setting: Basic (Redirect everyone's folder to the same location)
              • Path: \\beast\Users$\%USERNAME%\Documents
            • Options
              • Grant user exclusive rights to Documents: Enabled
              • Move the contents of Documentsto the new location: Enabled
              • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
              • Policy Removal Behavior: Leave contents
          • Music
            • Setting: Follow the Documents folder
          • Pictures
            • Setting: Follow the Documents folder
          • Videos
            • Setting: Follow the Documents folder
Note
Those of you that have a very keen eye (and also a photographic memory) might recall that in a previous post, I listed BEAST as a database server (it is currently running SQL Server 2005). Yes, it's true, I'm breaking one of my own cardinal sins by having a SQL Server also serve as a file server. I don't recommend doing this unless, like me, you are trying to go as cheap as possible -- and, even then, only for a lab environment like mine.

In order to allow users access to create their own folders on \\BEAST\Users$, I have configured the following permissions on C:\BackedUp\Users:

  • Domain Users
    • Apply onto: This folder only
    • Permissions
      • List Folder / Read Data
      • Create Folders / Append Data
  • CREATOR OWNER
    • Apply onto: Subfolders and files only
    • Permissions
      • Full Control

I also created a hidden share for the C:\BackedUp\Users folder and granted Full Control to Authenticated Users (since the NTFS permissions above ultimately determine the level of access for all users).

Thus when a new user logs in for the first time, a corresponding folder is created on the server and all of the user's files are stored on the server.

Comments

No comments posted yet.

Add Comment

Optional, but recommended (especially if you have a Gravatar). Note that your email address will not appear with your comment.
If URL is specified, it will be included as a link with your name.

To prevent spam from being submitted, please select the following fruit: Cherries

Strawberry
Pear
Watermelon
Cherries
Grapes
Apple
 
Please add 6 and 2 and type the answer here: