This article describes the Folder Redirection feature in Windows.
Windows provides the ability to redirect specific user folders to server locations, using a group policy extension called Folder Redirection.
Many administrators may wish to use folder redirection in such a way that a user's folders are automatically redirected to a newly created folder for each user. This article discusses how to redirect to the new folder location and the minimum NTFS Access Control List (ACL) permissions you need to complete the redirection successfully.
Folder Redirection is a User group policy. This means that a user for whom you configure folder redirection must have a group policy linked to some folder structure where their user object is subordinate, such as a site, domain, or organizational unit.
Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where
To do this, the administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose
Basic or Advanced folder redirection, and you can designate the server file system path to which the folder should be redirected.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.
If you configure Folder Redirection to create new subfolders for each user, that user needs sufficient Share and NTFS ACL permissions to create the subfolder in the appropriate location.
When a user does not have sufficient Share and NTFS ACL permissions, their folder is not redirected and you can view one of the following event messages in the local application event log:
Event ID: 101
Failed to perform redirection of folder foldername. The new directories for the redirected folder could not be created. The folder is configured to be redirected to \\servername\sharename\%username%, the final expanded path was \\servername\sharename\username. The following error occurred:
Access is denied.
Event ID: 101
Failed to perform redirection of the folder application data. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to path. Files were being moved from path to path. The following error occurred: The security descriptor structure is invalid.
For additional information about the permissions that are required for a share that will host redirected folders, click the following article number to view the article in the Microsoft Knowledge Base:
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000