Hi everyone, I'm currently deploying a new Windows Server 2008 R2 server with Windows 7 clients and trying to make Folder Redirection work. The way I did this on Windows Server 2003 with Windows XP clients was by using Folder Redirection and sending each user's My Documents folder on their desktop or in the start menu to the user's H drive, which was a mapped drive by login script to \\server\usersHdrive$. I used the \\server\%Username%$ path in the Server 2003 Folder Redirection policy for My Documents. This worked great, as the users's H drive was named after their account name in Active Directory. I'd start with a clean profile on the XP computer and the default profile would have a completely empty My Documents folder [had pre-removed My Music, My Pictures, and My Videos]. I want to implement something similar in Windows 7, but the problem with Windows 7 is I have Documents, My Music, My Pictures, Downloads, Desktop, Saved Games, Searches, Favorites, Contacts, Pens and Pencils, Post-it Notes, Loose-Leaf Papers, White Socks, Black Socks, Wash, Cycle, Dry, and every other folder under the sun [and moon, as most of us are probably working late into the night] imaginable [okay, maybe not that many...]. I've already created my Default Profile and deployed images to a few machines using Sysprep, is it safe for me to just go into each machine's C:\Users\Default folder and remove all the unnecessary folders and just leave AppData and Documents? That would allow me to go the XP route and configure Server 2008 R2 Folder Redirection as Documents>Basic [Redirect everyone's folder to the same location]>\\server\%Username%$ the same way as I did in Windows XP. This should work, right? What I'm trying to avoid is just mapping, say, Documents, Pictures, and Favorites, and then having all these other folders available to the client who logs in, and the client not having a clue which are mapped to a server and which aren't. Then the user goes to another computer, easily pulls up a document they were working on at another computer, looks inside My Music and notices their music isn't there. This just causes confusion for the clients using the network if only certain folders are redirected and other data is left on the last computer the user was on. So if I can remove all those other folders safely from an already made Default profile folder without ruining the profile, that would be awesome. The second option is to have Server 2008 R2 create the folders on the server [Create a folder for each user under the root path]. This seems to be the recommended option. The security settings I've read though don't make it look very clean. I read the following from a book: ---------- Taken from: Windows Server 2008 R2 Unleashed, Copyright 2010 Pearson Education Use fully qualified (UNC) paths or DFS paths for server share locations—For example, use \\Server1.companyabc.com\UserProfiles or \\companyabc.com\UserProfiles\ if DFS shares are deployed. Before folder redirection can be expected to work, share and NTFS permissions must be configured appropriately. For folder redirection to work properly, configure the NTFS as follows: . Configure the share folder to not inherit permissions and remove all existing permissions. . Add the file server’s local Administrators group with Full Control of This Folder, Subfolders, and Files. . Add the Domain Admins domain security group with Full Control of This Folder, Subfolders, and Files. . Add the System account with Full Control of This Folder, Subfolders, and Files. . Add the Creator/Owner with Full Control of Subfolders and Files. . Add the Authenticated Users group with both List Folder/Read Data and Create Folders/Append Data – This Folder Only rights. The Authenticated Users group can be replaced with the desired group, but do not choose the Everyone group as a best practice. ---------- To me, that made it look like any user can connect to the UserProfiles share and start writing data to a new folder or create a new folder. Sure, the user couldn't access other users folders, but the user could see what's there and make endless new folders in the root. Maybe I'm wrong, I'd have to test and see what the user could actually do, but I can just see it now, New Folder, New Folder [1], New Folder [2], copy/pasted constantly in the root of the users folder if anyone found out. What would be ideal is for me to set the target folder location for each item I want redirected [such as Documents, Desktop, Pictures, Music, Downloads, Favorites] in Server 2008 R2 Folder Redirection to "Create a folder for each user under the root path" and use the user's H drive, the same path I used in Server 2003, \\server\%Username%$. This variable, however, isn't allowed in Server 2008 R2 Folder Redirection when using the "Create a folder for each user under the root path". What I thought this would do is a user would log in for the first time with Folder Redirection enabled for Documents and Favorites [for example], and a Documents and Favorites folder would be created in and redirected to \\server\UsersHdrive$\Documents or Favorites. This doesn't seem to be an allowed variable though when using "Create a folder for each user under the root path". So, I know this has been a long post and I do appreciate you reading. Thank you! Does that first method work to delete the unnecessary folders from an already made default profile and redirect only the Documents folder the way I did in XP straight to each users share drive I've created them [which is an exact copy of the user's H drive]. Or should I trust the guide and use those permissions from the book I read and hope users can't create endless folders and view who else has user folders on the network inside the UserProfiles folder? Or would either method work? If so, I think I'll try the first option and just use the Documents folder. But I thought I'd check with the other pro's and Microsoft Support members here first : ) Thanks so much! link470

Hi, I understand that you have concerns for the following two questions: 1. Can we delete unnecessary folders from an already made default profile (deployed images to a few machines using Sysprep) and just leave AppData and Documents? Then, you can redirect only the Documents folder. 2. Can you trust the guide and use those permissions from the book so that users cannot create endless folders and view who else has user folders on the network inside the UserProfiles folder? For the first issue, I have tested it on my side. I delete all the files and folders under C:\Users\Default folder except AppData and Documents with administrator privilege. After that, I restart, log off and log on with a domain user who logs on the computer for the first time. Under C:\Users\newusername, the deleted files under Default folder are back. It seems that your idea cannot work. If you want all user’s profile files saved to a certain location, why not enabling roaming profile? For the second question, please refer to the following article for detailed information: http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx Thanks. NinaThis posting is provided "AS IS" with no warranties, and confers no rights.

Hi Nina, Thanks for your reply. I've been working at this on and off for a few more days and have still not found a good solution for folder redirection on Windows 7 with Server 2008. My latest attempt was to use the same path in the policy as I had done for the My Documents redirection policy on Windows Server 2003 GPO's for Windows XP clients. That is, to use \\server\%Username%$. What I did, was I tried redirecting just the Downloads, Favorites, Documents, and Pictures folders. I made the Downloads Folder Redirection path \\server\%Username%$\Downloads thinking that it would create a Downloads folder in the root of the users H drive [share drive]. This...kind of worked. But with a significant drawback. All the original folders are STILL THERE. So now, when I log into a test user account with the redirection policy applied onto a new domain computer, I view the contents of the user profile folder and I see Contacts, Desktop, and the rest of the default profile folders, and then I see an additional Favorites folder, Downloads folder, My Documents folder, and My Pictures folder. If I right click on one of any of those 4 and check the properties, it's going to the local computer's Users folder for that user just like a standard profile folder would if the computer wasn't on a domain or folder redirection wasn't being used. If I right click the other one and check the properties, it's redirected to a created folder in the users H drive. If I open the users H drive I now see a Downloads, Documents, Pictures, and Favorites folder. That part seems promising. So with that said, the redirection policy worked, but also left every profile folder in place, and didn't even bother redirecting the folders I asked to be redirected, the system just decided it would be more fun to redirect another folder with the exact same name. How do I get around this? Is this a bug? This shouldn't be happening. Even if I had asked Favorites to be redirected to some other path, shouldn't there not be a second Favorites folder [using Favorites as an example] regardless? The policy should be redirecting the Favorites folder, not a second Favorites folder with the same name. I don't want a local Favorites and a roaming favorites, with both looking identical to the average user. Something isn't right.