2003 Group policy trouble

karl

Distinguished
Mar 4, 2001
252
0
18,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello everyone, I am having a nightmare of a job here so if anyone could
help, I would be real grateful.
Here is my problem:

I have 2003 server, and have GP's running fine, this problem refers to my
folder redirection, the problem I am having is for Laptop's that run out of
the office and off the LAN/WAN, users were complaining of problems when
using laptops while away, and when they come back to the office, so I tried
to set them up as follows (I am using multiple OU's but for the sake of test
I created a new OU and applied the policy, I had created 2 security groups,
one containing laptops and the other workstations they are always on the
LAN, I selected the workstation group permission to access the policy (for
the sake of test this test policy only has folder redirection to the server)
I selected read allow and apply allow, and selected the security group
laptop with deny, the reason I do not want to give the ACL user rights, is
because sometimes a user will access their laptop from the LAN, and sometime
they will access a workstation so I want to deny the redirection policy just
for the laptops,

Now this seemed to work, I created a couple of new test users in the OU, if
I log onto a laptop as user1 then no problem id does not redirect the
folder, if I then log onto the workstation as the same user it does, this is
fine, but then if I log the same user back onto the laptop it runs folder
redirection (with some strange stuff)

Now am I doing it all wrong or is there an easier way?

This may seem a long winder explanation, but I have been working on it since
5am and it's now 00:30 and I'm a bit tired!!

Any help on this would be very much appreciated.


Regards

Karl (troubled admin)
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

A few possible hints:

1. Folder Redirection is a User setting, not a Computer setting, so applies
to user accounts, not computer accounts
2. Folder Redirection is somewhat unique in that removing a user from the
scope of a GPO with a Folder Redirection setting does not necessarily revert
the Folder Redirection action to the default (no redirection). This is
documented in the Group Policy Editor's Help, Index, folder redirection -
see the section about half way down titled "Policy removal considerations
with regard to Folder Redirection".
3. what folder are you Redirecting and why? Perhaps there is another way to
accomplish the intended objective without Folder Redirection.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Karl" <doctor_at_soundlink_dot_co-dot-uk> wrote in message
news:eWkbS41fFHA.572@TK2MSFTNGP15.phx.gbl...
> Hello everyone, I am having a nightmare of a job here so if anyone could
> help, I would be real grateful.
> Here is my problem:
>
> I have 2003 server, and have GP's running fine, this problem refers to my
> folder redirection, the problem I am having is for Laptop's that run out
> of the office and off the LAN/WAN, users were complaining of problems when
> using laptops while away, and when they come back to the office, so I
> tried to set them up as follows (I am using multiple OU's but for the sake
> of test I created a new OU and applied the policy, I had created 2
> security groups, one containing laptops and the other workstations they
> are always on the LAN, I selected the workstation group permission to
> access the policy (for the sake of test this test policy only has folder
> redirection to the server) I selected read allow and apply allow, and
> selected the security group laptop with deny, the reason I do not want to
> give the ACL user rights, is because sometimes a user will access their
> laptop from the LAN, and sometime they will access a workstation so I want
> to deny the redirection policy just for the laptops,
>
> Now this seemed to work, I created a couple of new test users in the OU,
> if I log onto a laptop as user1 then no problem id does not redirect the
> folder, if I then log onto the workstation as the same user it does, this
> is fine, but then if I log the same user back onto the laptop it runs
> folder redirection (with some strange stuff)
>
> Now am I doing it all wrong or is there an easier way?
>
> This may seem a long winder explanation, but I have been working on it
> since 5am and it's now 00:30 and I'm a bit tired!!
>
> Any help on this would be very much appreciated.
>
>
> Regards
>
> Karl (troubled admin)
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Yes I know, but what I am trying to do is set up folder redirection
(desktop, application data) for all users unless they are logged onto
certain computers and if they are logged onto these computers then use local
desktop and application data instead.

The reason for this is the certain computers that I don't want folder
redirection are laptops, and they are all different makes and models or I
would look into WMI filters.



"Bruce Sanderson" <bsanders@junk.junk> wrote in message
news:OUW5y6RgFHA.3512@TK2MSFTNGP10.phx.gbl...
>A few possible hints:
>
> 1. Folder Redirection is a User setting, not a Computer setting, so
> applies to user accounts, not computer accounts
> 2. Folder Redirection is somewhat unique in that removing a user from the
> scope of a GPO with a Folder Redirection setting does not necessarily
> revert the Folder Redirection action to the default (no redirection).
> This is documented in the Group Policy Editor's Help, Index, folder
> redirection - see the section about half way down titled "Policy removal
> considerations with regard to Folder Redirection".
> 3. what folder are you Redirecting and why? Perhaps there is another way
> to accomplish the intended objective without Folder Redirection.
>
> --
> Bruce Sanderson MVP Printing
> http://members.shaw.ca/bsanders
>
> It is perfectly useless to know the right answer to the wrong question.
>
>
>
> "Karl" <doctor_at_soundlink_dot_co-dot-uk> wrote in message
> news:eWkbS41fFHA.572@TK2MSFTNGP15.phx.gbl...
>> Hello everyone, I am having a nightmare of a job here so if anyone could
>> help, I would be real grateful.
>> Here is my problem:
>>
>> I have 2003 server, and have GP's running fine, this problem refers to my
>> folder redirection, the problem I am having is for Laptop's that run out
>> of the office and off the LAN/WAN, users were complaining of problems
>> when using laptops while away, and when they come back to the office, so
>> I tried to set them up as follows (I am using multiple OU's but for the
>> sake of test I created a new OU and applied the policy, I had created 2
>> security groups, one containing laptops and the other workstations they
>> are always on the LAN, I selected the workstation group permission to
>> access the policy (for the sake of test this test policy only has folder
>> redirection to the server) I selected read allow and apply allow, and
>> selected the security group laptop with deny, the reason I do not want to
>> give the ACL user rights, is because sometimes a user will access their
>> laptop from the LAN, and sometime they will access a workstation so I
>> want to deny the redirection policy just for the laptops,
>>
>> Now this seemed to work, I created a couple of new test users in the OU,
>> if I log onto a laptop as user1 then no problem id does not redirect the
>> folder, if I then log onto the workstation as the same user it does, this
>> is fine, but then if I log the same user back onto the laptop it runs
>> folder redirection (with some strange stuff)
>>
>> Now am I doing it all wrong or is there an easier way?
>>
>> This may seem a long winder explanation, but I have been working on it
>> since 5am and it's now 00:30 and I'm a bit tired!!
>>
>> Any help on this would be very much appreciated.
>>
>>
>> Regards
>>
>> Karl (troubled admin)
>>
>
>