folder redirection Archives

Deploying Windows Server 2012 Primary Computer Setting

Richard Green on 26th November 2013

For companies (or homes) using roaming profiles and folder redirection, Microsoft gave you are great new feature in Windows Server 2012 called Primary Computer. This feature hasn’t been talked about that much although it really should have been. The Primary Computer feature allows you to define the primary computer for a user in Active Directory on a user object. Once applied to a user account it prevents the distribution of their roaming profile on non-primary devices and for folder redirection, disables the ability to sync the folders with Offline Files for non-primary devices.

So What is the Benefit

This is ideal for several reasons. Firstly, it helps to reduce profile corruption for roaming profile users when roaming between machines which may be running different versions of Windows or different architectures. Also for roaming profile users, it greatly improves logon and logoff times for non-primary devices. If a user is logging on to a kiosk computer for example, they don’t need their roaming profile and they probably just want to access a service or application quickly so why wait for it? For users of folder redirection, this means that the user is able to access their files when the computer is on the network and can access the file share resource which hosts those redirected folders, but they are non cached using Offline Files. For the business, this is a great security benefit as it means that somebody logging on to a temporary machine isn’t going to be caching all of those files, files which they could potentially leave on the train or in an aeroplane overhead locker. For laptops which typically have small hard disk capacities this is useful for both roaming profile and folder redirection scenarios as it means that you aren’t pulling down potentially gigabytes of data to the local machine clogging up the disk.

Implementing Primary Devices Using Active Directory Administration Center

First, launch the Active Directory Administrative Center and navigate your OU structure to find the computer object for the computer that you want to make primary for a given user, or if you already know the machine name, use the search feature to locate it.

From the computer account object, scroll down to the bottom of the view and select the Attribute Editor tab. Scroll through the list of attributes to find the distinguishedName attribute and select the View button to show the full DN.

On the String Attribute Editor, right click the pre-highlighted text and select the Copy option from the context menu. Cancel out of the Attribute Editor and cancel out of the computer object view.

With the DN of the computer now in the clipboard, find the user that you want to make this the primary computer for either by searching or again, navigating your OU structure.

On the user account, do as we did with the computer account a moment ago, scroll down and select the Attribute Editor tab. Scroll through the list of attributes until you locate the msDS-PrimaryComputer attribute then click the Edit button. Right-click in Value to Add box and select Paste from the context menu to paste in the DN of the computer then select the Add button.

Click OK to close the Multi-Valued String Editor dialog then click OK to exit out of the user account properties. Your work here is done.

Implementing Primary Devices Using PowerShell

Out of the box, there is actually no neat way of implementing Primary Devices using PowerShell. To do it, we have to plug a few Cmdlets together. Firstly, get the attributes for the computer and store them in an object. $Computer = Get-ADComputer Computer1 (where Computer1 is the name of the computer). Next, we map the computer that we just stored in the $Computer object to the user. Set-ADUser User1 -Add @{‘msDS-PrimaryComputer’ = “$Computer”} (where User1 is the name of the user). With those two Cmdlets out of the way, the partnership between the user and the computer should now be done, but we can verify this with the following Cmdlet. Get-ADUser User1 -Properties msDS-PrimaryComputer

Configuring Folder Redirection and Roaming Profiles

Now that we’ve setup Primary Computer attributes for some users, it would probably be a good idea if our Group Policy settings for Roaming Profile and Folder Redirection actually honoured these settings and only transferred out the data to the users’ primary computers. The setting for Folder Redirection is available as both a User Setting and a Computer Setting in Group Policy whereas the Roaming Profile setting is only available as a Computer Setting. Because of the fact you can’t apply both of these policy settings from a single policy if you decide to use user targeting, my advice is to apply this as a computer policy. It makes good sense to keep these two settings together as it means you can see that you are applying the Primary Computer setting to both roaming profiles and folder redirection in one view and it means you can give your Group Policy Object a meaningful name like Primary Computer Roaming Settings or the like.

From the Group Policy Management Console, navigate to the Computer Configuration > Administrative Templates > System. From the System node, you will find the Folder Redirection and User Profiles nodes.

Inside the Folder Redirection node, enable the Redirect folders on primary computers only policy setting. Inside the User Profiles node, enable the Download roaming profiles on primary computers only setting.

Windows Server 2012 Essentials Folder Redirection on Windows 8.1

Richard Green on 15th November 2013

As all good IT Pros have done, I’ve upgraded my home client computers from Windows 8 to Windows 8.1. You have upgraded your machines to Windows 8.1 right?

As I frequently proclaim and preach on here, I run Windows Server 2012 Essentials on my home network, acting as my DNS Server, DHCP Server in addition to the out of the box features that you can get from Windows Server 2012 Essentials like roaming profiles, folder redirection, automated computer backups and network file sharing (all of which I use).

When I was building out a test environment this week to practice how I might migrate from Windows Server 2012 Essentials to Windows Server 2012 R2 Essentials without the benefit of a second server with 19TB of available storage to hand (how many homes do have 19TB of storage let alone a spare 19TB) I was experiencing an issue.

As part of my testing, I built a Windows 8.1 Pro virtual machine to simulate a desktop or laptop client computer. I built a Windows Server 2012 Essentials server as a second virtual machine on which I recreated my group policy settings and a mock up of my Storage Pool and Storage Spaces on my production server. After installing the Windows Server 2012 Essentials Connector on the Windows 8.1 client and logging in for the first time as a user configured to use roaming profile and folder redirection, I noticed that the roaming profile was working but the folder redirection was not.

I spent a while pouring through event logs on the client wondering why folder redirection wasn’t working, looking at GPMC (Group Policy Management Console) wondering if I’d done something silly like moved a link on a GPO preventing it from working until the penny dropped. Windows Server 2012 Essentials applies a WMI Filter named SBS Group Policy WMI Filter to the SBS Group Policy Folder Redirection GPO which is created when you implement Group Policy via the Server Dashboard.

This WMI Filter is setup as SELECT * FROM Win32_OperatingSystem WHERE (Version LIKE “6.1%” or Version LIKE “6.2%”) AND ProductType = “1”. For those who are now also dropping the penny or those who can’t make head nor tail of a WMI Filter, Windows 8.1 increments the operating system version number from 6.2 (Windows 8) to 6.3 (Windows 8.1), therefore the GPO isn’t applying to any of the Windows 8.1 machines on my network because this filter limits the scope of the Group Policy Object to explicitly Windows 7 and Windows 8 operating systems.

The solution to making this work is pretty simple in that we just need to update the WMI Filter so that it includes Windows 8.1 as we know that basic features like roaming profiles and folder redirection are going to work so I’m not worried about something breaking here.

I’ve decided to change my WMI Filter to include operating systems greater than or equal to Windows 7 rather than add another or statement to include Windows 8.1 For me, the WMI Filter now reads SELECT * FROM Win32_OperatingSystem WHERE (Version >= “6.1%”) AND ProductType = “1”.

After making the changes and running a gpupdate command on a Windows 8.1 client computer, the group policy magically springs back into life and things start working. Firstly, I’m amazed that I haven’t noticed this being a problem on my home clients which I guess is a testament to my gigabit throughout home network pushing the files directly back to the server rather than caching them locally with Offline Folders first. Secondly, I’m surprised that this hasn’t been updated with a patch or update to Windows Server 2012 Essentials but perhaps this is a cattle prod for customers to upgrade to Windows Server 2012 R2 Essentials?