Black belts on Computer Repairs

Call 818 262 5621

Setting up Domain Controller, Active Directory and Folders Redirection.

  1. Install Windows 2003 Server:
    1. Add rule "This is a domain controller." (This will setup Active Directory)
    2. Someplace on your disk create structure as in the image. This is where you'll store everybody's info. Make sure its on the fast data drive and is backed up. You may set this on different server as well. NOTE: If have monsters Outlook files or intent to work on large, 100s mega bite files, you may want to consider using different server for this structure.
    3. Select all folders, and security tab get into advance, uncheck the "Allow inherit... " and click on remove. Then:
      1. Add Domain Admins & System, Grant full control to this folder, subfolders and files.
      2. Add Creator Owner, grant full control to subfolders and files.
      3. Add Domain Users and grant List Folders, Read Attribute, Read Extend Attribute, Create Folders / Append Data, Read Permission, THIS FOLDER ONLY.
    4. Share each of the subfolders. In the share tab:
      1. Get into the Cache and select "Files and folders... ARE NOT AVAILABLE offline."
      2. Get into Permissions, remove everything in it, add "Authenticated Users" and grant full control
    5. Download and install Group Policy Management Consol.
    6. Open Active Directory, Create New Organizational Unit named "Follow Me" under your domain.
    7. Open Group Policy Management consol, make sure you can see the "Follow Me," then create new group policy "Follow Me"
    8. Edit the group, change values as follow:
      1. Computer Configuration:
        1. Windows Settings:
          1. Scripts:
            1. Startup - Set as needed.
            2. Shutdown - Set as needed.
        2. Administrative Templates:
          1. System:
            1. User Profile:
              1. Add the admin...: Enable.
              2. Wait for remote... Enabled.
            2. Script:
              1. Run logon script Synchronously: Enabled.
              2. Max wait time: 30 seconds.
            3. Logon:
              1. Always wait for the... Enabled.
              2. Optionally
                1. Disable Do not process legacy
                2. Disable Do not process run once
                3. Enable Don't Display Getting Started
                4. Disable Run these programs at logon.
          2. Network:
            1. Offline Files:
              1. Allow or Disallow the use of the Offline... Disabled
              2. Prohibit user configuration of... Enabled.
            2. Network Connection
              1. Windows Firewall - set as needed.
          3. Printers
            1. Set as needed.
      2. Users Configuration:
        1. Windows Settings:
          1. Scripts:
            1. Logon - Set as needed.
            2. Logoff - set as needed.
          2. Folders Redirection:
            1. Application Data, Desktop and My Documents, set as follow:
              1. Target: Basic, Redirect everyone to...
              2. Target folder location: Create a folder for each...
              3. Root path: \\DC\AppData, \\DC\DeskDocs accordingly.
            2. Start menu redirecting:
              1. Share the StartMenu
              2. Grant security: System, Admin, Creator Owner: Full. Domain Users: Read & Exceute.
              3. Create Subfolder [anyNameYouWant] under StartMenu.
              4. Then create Programs/Startup subfolders. In the Redirect Start menu
              5. Paste the path to the shared folder \\DC\StartMenu\anyNameYouWant\ to the redirect box.
              6. Create shortcuts in the Programs / Startup folder as needed.
            3. TIP: DO NOT WRITE THE PATH. Open explorer, go to network places, SEE the indicated folders and COPY the path from the address bar. Then paste it. This will insure that the folders are visible, and will avoid mistyping!
        2. Administrative Templates:
          1. Desktop:
            1. Prohibit users from changing My Documents Path: Enabled.
            2. Active Desktop: Desktop's wallpaper.
            3. Active Desktop: Disable "Enabled Active Desktop"
            4. Active Desktop: Enable prohibit changes.
          2. System:
            1. Scripts:
              1. Run Logon script synchronously - Enabled.
              2. Run Logon script visible - Enabled.
              3. Run logoff script visible - Enabled.
          3. Network:
            1. Offline Files
              1. Do not automatically make redirected folders... Enable
          4. Windows Components
            1. Windows Explorer
              1. Turn on classic shell for extra restrictions.
    9. In the Group Policy Management Consol, link the Follow Me policy to the Follow Me organization group.
    10. Open cmd, and run GPUPDATE /FORCE.
    11. Create Follow Me users: Open the Active Directory, and create users in the "Follow Me" Organization Unit. Any user there have the "Follow Me" policy applied upon!
      1. When complete creating users, select all of them, click on Properties, Profile, and in the path indicate \\SERVER\Profiles\%username%. Click Apply and OK.
      2. IMPORTANT - READ considerations about roaming profiles here!
  2. Setting up stations:
    1. Install XP Pro or Vista Ultimate.
    2. In the network setting, MAKE SURE THAT THE DNS POINTS TO THE IP OF THE DC!
    3. Add the computer to the domain.
    4. Login as on of the Follow Me users.
    5. Open even viewer, see if any errors with the Folders Redirection occurred.
  3. Now it is time to take control over the Follow Me group, fine tune it and enjoy the real gain of this entire major effort you've completed. Click here for advanced Group Policy Settings.
  4. More tips about Active Directory here


Privacy  About Us  Contact Us  Work Order Make a payment Links Website Hosting Prices Computer Repair Links

Will make your computer behave!

Copyright (C) Tal Bahir, Inc 2008