Folder Redirection - Win7 on a 2K3 network

Discussion in 'Software' started by zebulebu, Oct 15, 2010.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    ...how broken is this?

    What an asbolute frickin nightmare!

    Have cancelled our Win 7 rollout after discovering that the home directory, folder redirection and offline file sync processes we have used since well before I started here are utterly broken in Win 7 (not just the name changes, but permissions problems after creating new user accounts in the time honoured \\share\<%username% manner, multiple directories called 'Documents' created under the home folders directory for new users and nothing working properly when attempting to redirect existing users' folders after migrating some of them as a test.)

    This is exactly the sort of sh1t that MS consistently gets badly, badly wrong - there was NOTHING wrong with the old way - NOTHING AT ALL. Why oh why oh why 'fix' something that isn't broken?
     
    Certifications: A few
    WIP: None - f*** 'em
  2. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Oh Aye, Oh Aye.

    Another thing you'll maybe notice is the fact that a domain admin or anyone else cannot get access to the folders, and taking away permissions so they can, ****s a lot of stuff up. Yaaay.
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  3. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yep, found that out already. B***ards :x :x :x
     
    Certifications: A few
    WIP: None - f*** 'em
  4. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    This is only true if you have selected "Give user exclusive access to Desktop/Documents/etc". in Group Policy object where redirection is configured.

    We have successfully rolled out Folder Redirection with mixed clients XP, Vista and Win 7. We're very pleased with it and we're experiencing no problems what so ever (finally).

    We had a lot of problems with Vista clients at start where Vista was crashing during initial sync and half the files were getting Access denied on sync even though permissions were ok.
    We had to manually move files back to workstation. Delete user folder on network share and try again. Pain in the a$$.

    Can't comment on your issues Zeb as I've never used folder redirection on 2003 and ours was fresh deployment. (edit: on 2008 R2 domain)
     
    Last edited: Oct 15, 2010
    WIP: Uhmm... not sure
  5. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Yikes... I didn't know this... I haven't put a Win7 box on a domain yet. :blink Thanks for the heads-up!
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  6. madman045

    madman045 Kilobyte Poster

    272
    3
    49
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  7. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yep - been through a load of pain with it. What's killing us thus far is the problems when we migrate users, rather than creating new ones. It's just been shelved because we haven't got the time or inclination to devote any time to it.

    EDIT - I should point out that I'm familiar with using the RSAT to manage Win7 policies on a 2K3 network, it's not the implementation of the policies that are causing me grief, it's the fact that unless you start with a vanilla lot of profiles, everything gets broken.
     
    Last edited: Oct 15, 2010
    Certifications: A few
    WIP: None - f*** 'em
  8. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    We found this out the hard way, we've deployed 2 rooms of Windows 7 for the begining of September, while we were having the permission issue, everyone could still log on. Then all of a sudden two weeks ago, no one could log onto the Windows 7 machines.

    Literally spent all day yesterday stripping downeach GPO, until we found that it was a combination of NTFS permissions, the "Give user exclusive access to..." issue and the redirected app data folder.

    Sorted it out today and did a couple of tests on live users, seems to work now :)

    -ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  9. simonp83

    simonp83 Kilobyte Poster

    254
    4
    32
    Seems strange that people would be rolling out Windows 7 on a 2003 domain, whenever we've rolled out Windows 7, the only server options even considered were Server 2008 or Server 2008 r2
     
    Certifications: A+, MCP, MCDST, MCTS, MCITP
    WIP: 70-291
  10. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Not much different to the way I found out haha. It doesn't do well in explaining what exactly that message means, and whilst it may appear obvious now, at the time I didn't really think much of it because I though admin rights were pretty standard :D
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  11. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    Zeb us to we had the same issues... in fact it was worse when we have a user who moves from windows 7 to XP workstation with a roaming profile. To get around this we setup their favorites and desktop items go to their documents drive (on our file server).

    Also another thing we had constant issues with is the "My Documents" folder not being mapped to their home folder (Folder redirection) which is on our file server... This would affect a number of users but not everyone. Upon troubleshooting I found out that HomeGroup along with GPO permissions not setup would make this a headache for an admin to manage.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  12. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Really? I've never rolled out a new server infrastructure prior to upgrading or rolling out at least a few new client o/ses. Bear in mind that I'm talking about global multi-forest organisations here - maybe its different in the SME environment (though, truth be told, I've worked in dozens of those as well, including during times when MS releases a new desktop O/S).

    No - I really think this is just a case of MS being stupid enough to try to 'dumb down' Windows to make it look and behave like a mac, and dropping the ball on some major functionality of the underlying O/S
     
    Certifications: A few
    WIP: None - f*** 'em
  13. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    I guess it's different organisation to organisation. My last place that I worked for (in IT) was a multi-site/multi-domain organisation, spanning across the East-Midlands and we'd only upgrade our server infrastructure every other version (so from NT4 -> 2k3 and they are still on that). At my place (muti-domain/single-site), we current make sure we upgrade our server infrastructure prior to upgrading or rolling out the latest client OS.

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  14. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    I have question for you guys when you try to connect to the Print Server on the Windows 2003 Server, there is no option for additional drivers for Vista/7 so on a Windows 7 client machine configuring to connect to the network printer did you have put the drivers on network share and double click the setup to install the drivers manually and then setup to connect to printer? How did you do it?
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  15. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    I take it all back. What a nightmare!
    I'm going to try few more things tomorrow and if this doesn't help I will try to recreate it in test environment and use Technet sub support call.

    Generally it works perfect for all new users set up. For everyone else it's random. Some users get redirected folders right after adding them to group which GPO is applied but for some it comes back with event 502 "This function is not supported on this system" and it won't sync until you recreate user local profie.

    I've noticed that the biggest problem is to do the initial sync automatically (forced via GPO). If I copy contents of redirected folders to other location, recreate profile, let it sync and copy data back it works fine.
     
    Last edited: Oct 26, 2010
    WIP: Uhmm... not sure
  16. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    I can feel your pain guys. I was tasked with providing a recommended practices documentation on mixed environments (XP/7) for a very large client of ours (+100k users).

    The deal with all of this is that 7 has changed some of the rules, and whilst it works a little better if implementing all of it in a 2008/R2 environment via new RUP/FR GPO policies, the way that 7 (and Vista) implements the new V2 profiles and folders which used to be under "My Documents", but now at the root of the username folder, requires a radical re-thinking of how this should be deployed within an organization.

    Simply put, if you don't do your homework, it all ends up in tears (frustrating, I know).

    There are some considerations such as using the 'older' method of imposing XP like rules even on 7 machines in mixed environments, and the use of V2 profile folders mitigates mangling of profiles for users moving between XP and 7 machines, but if you don't know all the tricks in the book, it gets very hairy. And to get the real deal on the info, you need to do quite a lot of digging.

    I'd love to be able to share the document I wrote, but unfortunately I cannot share this intellectual property as it was specifically written for this customer :( (and it's a pretty nice, long document too)

    What I can share are some useful links:
    - Managing Roaming User Data Deployment Guide (it's for Vista, but 7 is quite similar)
    http://go.microsoft.com/fwlink/?LinkId=73760
    - Configuring and Troubleshooting Certificate Services Client–Credential Roaming
    http://technet.microsoft.com/en-us/library/cc700821.aspx
    - Folder Redirection Overview:
    http://technet.microsoft.com/en-us/library/cc778976(WS.10).aspx
    - Security Considerations when considering Folder Redirection:
    http://technet.microsoft.com/en-us/library/cc775853(WS.10).aspx
    - Best Practices for Folder Redirection:
    http://technet.microsoft.com/en-us/library/cc784630(WS.10).aspx
    - File Server Capacity Tool
    http://go.microsoft.com/fwlink/?LinkId=166651
    - Implementing an End-User Data Centralization Solution
    http://go.microsoft.com/fwlink/?LinkId=198432
    - Implementing an End-User Data Centralization Solution
    http://go.microsoft.com/fwlink/?LinkId=198432
    - Managing Roaming User Data Deployment Guide
    http://go.microsoft.com/fwlink/?LinkId=198433
    - Windows Administration Resource Kit: Productivity Solutions for IT Professionals
    http://go.microsoft.com/fwlink/?LinkId=198434
    - IPD for Windows Optimized Desktop Scenarios
    http://technet.microsoft.com/en-us/library/dd334417.aspx
    - IPD for File Services
    http://technet.microsoft.com/en-us/library/ee256001.aspx
    - IPD for Active Directory Domain Services
    http://technet.microsoft.com/en-us/library/cc268216.aspx

    Some of the above may be of use, good luck.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  17. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    Vista and Windows 7 work differently when it comes to profiles, folder redirection and roaming profiles. To be honest you'd be better off sticking with a mandatory profile when using Vista or Win 7 on a domain.

    Two years ago I found out when one of the network engineers upgraded he's XP OS laptop to Vista Ultimate and complained he's roaming profile would stick. Well the rest was history as he had to stick with mandatory profile.

    I suppose Win 7 and Vista are bringing in tight security into the OS hence, the above is now being seen as an issue. However, as Shinigami mentioned it all boils down to prior research and planning.
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  18. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    WTF? Why on Earth would you say that?
     
    Certifications: A few
    WIP: None - f*** 'em
  19. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Mandatory profiles have absolutely NOTHING to do with this issue. Your sentence is entirely incorrect.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  20. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Can you not just change the name to Contoso on the document? :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.