Learn Documentation Training Certifications Q&A Code Samples Assessments Shows Events Search  Sign in

Windows Server Get started Failover clustering Management Identity and access Networking Troubleshooting Related products Ｓ

 Filter by title Learn ​/ Windows Server ​/  ﾀ ｹ

Storage
What's new in Storage Deploy Folder Redirection with offline files
Ｔ Data Deduplication Article • 02/15/2023 • 13 minutes to read • 18 contributors ﾂ Feedback
Ｔ DFS Namespaces
Ｔ DFS Replication In this article
Disk Management Prerequisites
Ｔ File Server and SMB Step 1: Create a folder redirection security group
Ｔ File Server Resource Manager Step 2: Create a file share for redirected folders
Folder Redirection and Roaming User Profiles Step 3: Pre-create folders for new users on servers that also host Remote Desktop Services
Ｔ

Folder Redirection and Roaming User Step 4: Create a GPO for Folder Redirection
Profiles Step 5: Configure the Group Policy settings for Folder Redirection and Offline Files
Step 6: Enable the Folder Redirection GPO
Deploy Roaming User Profiles
Step 7: Test Folder Redirection
Deploy Folder Redirection
Appendix A: Checklist for deploying Folder Redirection
Deploy primary computers Change history
Disable Offline Files on folders More information
Enable always offline mode
Enable optimized folder moving Applies to: Windows Server 2022, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows Server
Troubleshoot user profiles 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2.
Ｔ iSCSI
Ｔ ReFS
This article describes the requirements for deploying the Folder Redirection and Offline Files features together, including the
steps that you need to follow to control access to the redirected files.
Ｔ Storage Migration Service
Ｔ Storage Replica
） Important
Ｔ Storage Spaces
Ｔ Storage Spaces Direct Because of the security changes made in MS16-072 ), we updated Step 4: Create a GPO for Folder Redirection of this
Ｔ Work Folders article so that Windows can properly apply the Folder Redirection policy (and not revert redirected folders on affected
client computers).
Storage QoS
Change history for Storage topics
For a list of recent changes to this article, see Change history.

Prerequisites
Administration requirements
To administer Folder Redirection, you must be signed in as a member of the Domain Administrators security group, the
Enterprise Administrators security group, or the Group Policy Creator Owners security group.
A computer must be available that has Group Policy Management and Active Directory Administration Center installed.

File server requirements

The file server is the computer that hosts the redirected folders.

Interoperability with Remote Desktop Services

Your remote access configuration affects how you configure the file server, file shares, and policies. If your file server also hosts
Remote Desktop Services, there are a few deployment steps that differ:

You don't have to create a security group for folder redirection users.
You have to configure different permissions on the file share that hosts the redirected folders.
You have to pre-create folders for new users, and set specific permissions on those folders.

） Important

Most of the procedures in the rest of this section apply to both configurations. The procedures or steps that are specific to
one configuration or the other are labeled as such.

Restricting access
 Download PDF
Apply the following changes to the file server, as appropriate for your configuration:
 All configurations. Make sure that only required IT administrators have administrative access to the file server. The
procedure in the next step configures access for the individual file shares.
Servers that do not also host Remote Desktop Services. Disable the Remote Desktop Services service (termserv) on
your file server if it's not also hosting Remote Desktop Services.

 Filter by title Interoperability with other storage features

Storage
To make sure that Folder Redirection and Offline Files interact correctly with other storage features, check the following
What's new in Storage configurations.
Ｔ Data Deduplication
Ｔ DFS Namespaces
If the file share uses DFS Namespaces, the DFS folders (links) must have a single target to prevent users from making
conflicting edits on different servers.
Ｔ DFS Replication
If the file share uses DFS Replication to replicate the contents with another server, users must be able to access only the
Disk Management source server to prevent users from making conflicting edits on different servers.
Ｔ File Server and SMB When using a clustered file share, disable continuous availability on the file share to avoid performance issues with Folder
Ｔ File Server Resource Manager Redirection and Offline Files. Additionally, Offline Files might not transition to offline mode for 3-6 minutes after a user
Folder Redirection and Roaming User Profiles loses access to a continuously available file share, which could frustrate users who aren’t yet using the Always Offline
Ｔ

Folder Redirection and Roaming User mode of Offline Files.

Profiles
Deploy Roaming User Profiles
Deploy Folder Redirection
Deploy primary computers
Disable Offline Files on folders
Enable always offline mode
Enable optimized folder moving
Troubleshoot user profiles
Ｔ iSCSI
Ｔ ReFS
Ｔ Storage Migration Service
Ｔ Storage Replica
Ｔ Storage Spaces
Ｔ Storage Spaces Direct
Ｔ Work Folders
Storage QoS
Change history for Storage topics
Client requirements
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server
2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
Client computers must be joined to the Active Directory Domain Services (AD DS) domain that you are managing.
Client computers must run x64-based or x86-based processors. Folder Redirection is not supported on PCs powered by
ARM processors.
７ Note
Some newer features in Folder Redirection have additional client computer and Active Directory schema requirements. For
more info, see Deploy primary computers, Disable Offline Files on folders, Enable Always Offline mode, and Enable
optimized folder moving.
Step 1: Create a folder redirection security group
If you are running Remote Desktop Services on the file server, skip this step and instead assign permissions to the users when
you pre-create folders for new users.

This procedure creates a security group that contains all users to which you want to apply Folder Redirection policy settings.
1. On a computer that has Active Directory Administration Center installed, open Server Manager.

2. Select Tools > Active Directory Administration Center. Active Directory Administration Center appears.
3. Right-click the appropriate domain or OU, and then select New > Group.

4. In the Create Group window, in the Group section, specify the following settings:

In Group name, enter the name of the security group, for example: Folder Redirection Users.
In Group scope, select Security > Global.

5. In the Members section, select Add. The Select Users, Contacts, Computers, Service Accounts or Groups dialog box
appears.

6. Enter the names of the users or groups to which you want to deploy Folder Redirection, select OK, and then select OK
again.

Step 2: Create a file share for redirected folders

If you do not already have a file share for redirected folders, use the following procedure to create a file share on a server that
runs Windows Server 2012 or a later version.

７ Note

Some functionality might differ or be unavailable if you create the file share on a server that runs a different version of
Windows Server.

1. In the Server Manager navigation pane, select File and Storage Services > Shares to display the Shares page.

2. In the Shares page, select Tasks > New Share. The New Share Wizard appears.
 Download PDF 3. On the Select Profile page, do one of the following:
 If you have File Server Resource Manager installed and are using folder management properties, select SMB Share -
Advanced.
If you do not have File Server Resource Manager installed or you are not using folder management properties,
select SMB Share – Quick.
4. On the Share Location page, select the server and volume on which you want to create the share.
 Filter by title
5. On the Share Name page, type a name for the share (for example, Users$) in the Share name box.
Storage
What's new in Storage
 Tip
Ｔ Data Deduplication
Ｔ DFS Namespaces When you create the share, hide the share by putting a $ after the share name. This change hides the share from
Ｔ DFS Replication casual browsers.
Disk Management
Ｔ File Server and SMB 6. On the Other Settings page, clear the Enable continuous availability checkbox, if present. Optionally, select the Enable
Ｔ File Server Resource Manager access-based enumeration and Encrypt data access checkboxes.
Folder Redirection and Roaming User Profiles 7. On the Permissions page, select Customize permissions to open the Advanced Security Settings dialog box.
Ｔ

Folder Redirection and Roaming User

Profiles
8. Select Disable inheritance, and then select Convert inherited permissions into explicit permission on this object.
Deploy Roaming User Profiles 9. Set the permissions as described in the following tables and figures.
Deploy Folder Redirection
Deploy primary computers ） Important
Disable Offline Files on folders
The permissions that you use depend on your remote access configuration, so make sure that you use the correct
Enable always offline mode
table.
Enable optimized folder moving
Troubleshoot user profiles Permissions for file servers without Remote Desktop Services:
Ｔ iSCSI
Ｔ ReFS User Account Permission Applies to
Ｔ Storage Migration Service System Full Control This folder,
Ｔ Storage Replica subfolders, and files
Ｔ Storage Spaces Administrators Full Control This folder only
Ｔ Storage Spaces Direct
Creator/Owner Full Control Subfolders and files
Ｔ Work Folders only
Storage QoS
Security group of users who need to put data on the share List folder/read data1 This folder only
Change history for Storage topics (Folder Redirection Users) Create folders/append data1
Read attributes1
Read extended attributes1
Read permissions1
Traverse folder/execute file1

Other groups and accounts None (Remove any accounts that this
table does not list)

1 Advanced permissions

Permissions for file servers with Remote Desktop Services

 Download PDF User Account or Role Permission Applies to
 System Full Control This folder, subfolders, and files

Administrators Full Control This folder, subfolders, and files

Creator/Owner Full Control Subfolders and files only

Other groups and accounts None (remove any other accounts from the access control list)
 Filter by title

Storage
What's new in Storage
Ｔ Data Deduplication
Ｔ DFS Namespaces
Ｔ DFS Replication
Disk Management
Ｔ File Server and SMB
Ｔ File Server Resource Manager
Folder Redirection and Roaming User Profiles
Ｔ

Folder Redirection and Roaming User

Profiles
Deploy Roaming User Profiles
Deploy Folder Redirection
Deploy primary computers
Disable Offline Files on folders 10. If you chose the SMB Share - Advanced profile earlier in this procedure, follow these additional steps:
Enable always offline mode On the Management Properties page, select the User Files Folder Usage value.
Enable optimized folder moving Optionally, select a quota to apply to users of the share.
Troubleshoot user profiles
11. On the Confirmation page, select Create.
Ｔ iSCSI
ReFS
Step 3: Pre-create folders for new users on servers that
Ｔ

Ｔ Storage Migration Service

Ｔ

Ｔ
Storage Replica
Storage Spaces
also host Remote Desktop Services
Ｔ Storage Spaces Direct If the file server also hosts Remote Desktop Services, use the following procedure to pre-create folders for new users and
Ｔ Work Folders assign the appropriate permissions to the folders.
Storage QoS 1. In the file share that you created in the previous procedure, navigate to the file share's root folder.
Change history for Storage topics
2. Create a new folder. You can use one of the following methods:

Right-click the root folder, and then select New > Folder. For the name of the folder, enter the user name of the new
user.
Alternatively, to use Windows PowerShell to create the new folder, open a PowerShell Command Prompt window
and run the following cmdlet:

New-Item -Path 'c:\shares\frdeploy\<newuser>' -ItemType Directory

７ Note

In this command, <newuser> represents the user name of the new user.

3. Right-click the new folder, and then select Properties > Security > Advanced > Owner. Verify that the folder owner is
the Administrators group.

4. Set the permissions as described in the following table and figure. Remove permissions for any groups and accounts that
are not listed here.

User Account Permission Applies to

System  Full control This folder, subfolders, and files

Administrators Full Control This folder, subfolders, and files

Creator/Owner Full Control Subfolders and files only

newuser1 Full Control This folder, subfolders, and files

Other groups and accounts None (remove any other accounts from the access control list)

1 newuser represents the user name of the new user's account.

 Download PDF
 Filter by title

Storage
What's new in Storage
Ｔ Data Deduplication
Ｔ DFS Namespaces
Ｔ DFS Replication
Disk Management
Ｔ File Server and SMB
Ｔ File Server Resource Manager
Folder Redirection and Roaming User Profiles
Ｔ

Step 4: Create a GPO for Folder Redirection

Folder Redirection and Roaming User
Profiles
Deploy Roaming User Profiles
Deploy Folder Redirection
Deploy primary computers
Disable Offline Files on folders
Enable always offline mode
Enable optimized folder moving
Troubleshoot user profiles
Ｔ iSCSI
Ｔ ReFS
Ｔ Storage Migration Service
Ｔ Storage Replica
Ｔ Storage Spaces
Ｔ Storage Spaces Direct
Ｔ Work Folders
Storage QoS
Change history for Storage topics
If you do not already have a Group Policy object (GPO) that manages the Folder Redirection and Offline Files functionality, use
the following procedure to create one.
1. On a computer that has Group Policy Management installed, open Server Manager.
2. Select Tools > Group Policy Management.
3. In Group Policy Management, right-click the domain or OU in which you want to set up Folder Redirection, and then select
Create a GPO in this domain, and Link it here.
4. In the New GPO dialog box, enter a name for the GPO (for example, Folder Redirection Settings), and then select OK.
5. Right-click the newly created GPO, and then clear the Link Enabled checkbox. This change prevents the GPO from being
applied until you finish configuring it.
6. Select the GPO. Select Scope > Security Filtering > Authenticated Users, and then select Remove to prevent the GPO
from being applied to everyone.
7. In the Security Filtering section, select Add.
8. In the Select User, Computer, or Group dialog box, do one of the following, depending on your configuration:
File servers without Remote Desktop Services. Enter the name of the security group that you created in Step 1:
Create a folder redirection security group (for example, Folder Redirection Users), and then select OK.
File servers with Remote Desktop Services. Enter the user name that you used for the user folder in Step 3: Pre-
create folders for new users on servers that also host Remote Desktop Services and then select OK.

9. Select Delegation > Add, and then enter Authenticated Users. Select OK, and then select OK again to accept the default
Read permission.

） Important

This step is necessary because of security changes made in MS16-072 , you now must give the Authenticated Users
group delegated Read permissions to the Folder Redirection GPO - otherwise the GPO won't get applied to users, or
if it's already applied, the GPO is removed, redirecting folders back to the local PC. For more info, see Deploying
Group Policy Security Update MS16-072 .

Step 5: Configure the Group Policy settings for Folder

Redirection and Offline Files
After you create a GPO for Folder Redirection settings, follow these steps to edit the Group Policy settings that enable and
configure Folder Redirection.

７ Note

By default, the Offline Files feature is enabled for redirected folders on Windows client computers, and disabled on
Windows Server computers. Users can enable this feature, or you can use Group Policy to control it. The policy is Allow or
disallow use of the Offline Files feature.

For information about some of the other Offline Files Group Policy settings, see Enable Advanced Offline Files
Functionality, and Configuring Group Policy for Offline Files.
 Download PDF
 1. In Group Policy Management, right-click the GPO you created (for example, Folder Redirection Settings), and then select
Edit.
2. In the Group Policy Management Editor window, navigate to User Configuration > Policies > Windows Settings >
Folder Redirection.

 Filter by title 3. Right-click a folder that you want to redirect (for example, Documents), and then select Properties.
Storage 4. In the Properties dialog box, from the Setting box, select Basic - Redirect everyone’s folder to the same location.
What's new in Storage
Ｔ Data Deduplication ７ Note
Ｔ DFS Namespaces
To apply Folder Redirection to client computers that run Windows XP or Windows Server 2003, select the Settings
DFS Replication
tab and then select the Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and
Ｔ

Disk Management Windows Server 2003 operating systems checkbox.

Ｔ File Server and SMB
Ｔ File Server Resource Manager 5. In the Target folder location section, select Create a folder for each user under the root path and then in the Root
Folder Redirection and Roaming User Profiles Path box, enter the path to the file share that stores the redirected folders, for example:
Ｔ

Folder Redirection and Roaming User \\ fs1.corp.contoso.com \ users$ .

Profiles
6. (Optional) Select the Settings tab, and in the Policy Removal section, select Redirect the folder back to the local
Deploy Roaming User Profiles
userprofile location when the policy is removed (this setting can help make Folder Redirection behave more
Deploy Folder Redirection predictably for administrators and users).
Deploy primary computers
Disable Offline Files on folders 7. Select OK, and then select Yes in the Warning dialog box.
Enable always offline mode
Enable optimized folder moving Step 6: Enable the Folder Redirection GPO
Troubleshoot user profiles
After you finish configuring the Folder Redirection Group Policy settings, the next step is to enable the GPO. This change allows
Ｔ iSCSI
the GPO to be applied to affected users.
Ｔ ReFS
Ｔ Storage Migration Service
 Tip
Ｔ Storage Replica
Ｔ Storage Spaces If you plan to implement primary computer support or other policy settings, do so now, before you enable the GPO. This
Ｔ Storage Spaces Direct prevents user data from being copied to non-primary computers before primary computer support is enabled.
Ｔ Work Folders
Storage QoS 1. Open Group Policy Management.
2. Right-click the GPO that you created, and then select Link Enabled. A checkbox appears next to the menu item.
Change history for Storage topics

Step 7: Test Folder Redirection

To test Folder Redirection, sign in to a computer by using a user account that is configured to use redirected folders. Then
confirm that the folders and profiles are redirected.

1. Sign in to a primary computer (if you enabled primary computer support) by using a user account for which you have
enabled Folder Redirection.

2. If the user has previously signed in to the computer, open an elevated command prompt, and then type the following
command to ensure that the latest Group Policy settings are applied to the client computer:

gpupdate /force

3. Open File Explorer.

4. Right-click a redirected folder (for example, the My Documents folder in the Documents library), and then select
Properties.

5. Select the Location tab, and confirm that the path displays the file share that you specified instead of a local path.

Appendix A: Checklist for deploying Folder Redirection

Complete Task or item

Prepare domain and other prerequisites

- Join computers to domain

- Create user accounts

- Check file server prerequisites and compatibility with other services

 Download PDF - Does the file server also host Remote Desktop Services?
 - Restrict access to the file server

Step 1: Create a folder redirection security group

- Group name:

- Members:
 Filter by title
Step 2: Create a file share for redirected folders
Storage
- File share name:
What's new in Storage
Ｔ Data Deduplication Step 3: Pre-create folders for new users on servers that also host Remote Desktop Services
Ｔ DFS Namespaces Step 4: Create a GPO for Folder Redirection
Ｔ DFS Replication - GPO name:
Disk Management
Step 5: Configure the Group Policy settings for Folder Redirection and Offline Files
Ｔ File Server and SMB
Ｔ File Server Resource Manager - Redirected folders:
Folder Redirection and Roaming User Profiles - Windows 2000, Windows XP, and Windows Server 2003 support enabled?
Ｔ

Folder Redirection and Roaming User

- Offline Files enabled? (enabled by default on Windows client computers)
Profiles
Deploy Roaming User Profiles - Always Offline Mode enabled?
Deploy Folder Redirection - Background file synchronization enabled?
Deploy primary computers
- Optimized Move of redirected folders enabled?
Disable Offline Files on folders
Enable always offline mode (Optional) Enable primary computer support:

Enable optimized folder moving - Computer-based or User-based?

Troubleshoot user profiles - Designate primary computers for users
Ｔ iSCSI
- Location of user and primary computer mappings:
Ｔ ReFS
Ｔ Storage Migration Service - (Optional) Enable primary computer support for Folder Redirection
Ｔ Storage Replica - (Optional) Enable primary computer support for Roaming User Profiles
Ｔ Storage Spaces
Step 6: Enable the Folder Redirection GPO
Ｔ Storage Spaces Direct
Ｔ Work Folders Step 7: Test Folder Redirection

Storage QoS
Change history for Storage topics
Change history
The following table summarizes some of the most important changes to this topic.

Date Description Reason

March Added instructions for different configurations. Changes required to improve access
9, 2021 control in different configurations.

January Added a step to Create a GPO for Folder Redirection to delegate Read permission to Customer feedback.
18, Authenticated Users, which is now required because of a Group Policy security update.
2017

More information
Folder Redirection, Offline Files, and Roaming User Profiles
Deploy Primary Computers for Folder Redirection and Roaming User Profiles
Enable Advanced Offline Files Functionality
Microsoft's Support Statement Around Replicated User Profile Data
Sideload Apps with DISM
Troubleshooting packaging, deployment, and query of Windows Runtime-based apps

Recommended content
Deploying Roaming User Profiles
Learn more about: Deploying Roaming User Profiles

Folder Redirection, Offline Files, and Roaming User Profiles overview

An overview of Folder Redirection, Offline Files, and Roaming User Profiles technologies.

 Download PDF Folder redirection doesn't work correctly - Windows Client

 Discusses a problem in which folder redirection does not work correctly after you restart a Windows Server 2008-based computer or a
Windows Vista-based computer. A workaround is provided.

Create security-enhanced redirected folder - Windows Server

Describes how to dynamically create security-enhanced redirected folders or home folders.
 Filter by title

Storage Show more Ｓ

What's new in Storage
Ｔ Data Deduplication Feedback
Ｔ DFS Namespaces
Ｔ DFS Replication
Submit and view feedback for
Disk Management
Ｔ File Server and SMB This product ６ This page
Ｔ File Server Resource Manager
Folder Redirection and Roaming User Profiles ６ View all page feedback
Ｔ

Folder Redirection and Roaming User

Profiles
Deploy Roaming User Profiles
Deploy Folder Redirection
 English (United computers
Deploy primary States) ０ Theme
Disable Offline Files on folders
Previous Versions Blog Contribute Privacy Terms of Use Trademarks © Microsoft 2023
Enable always offline mode
Enable optimized folder moving
Troubleshoot user profiles
Ｔ iSCSI
Ｔ ReFS
Ｔ Storage Migration Service
Ｔ Storage Replica
Ｔ Storage Spaces
Ｔ Storage Spaces Direct
Ｔ Work Folders
Storage QoS
Change history for Storage topics

 Download PDF