Configure IntelliMirror Using Group Policy

Yet another Group Policy object that I use in the "Jameson Datacenter" (a.k.a. my home lab) is one to automatically configure roaming profiles and redirect the Desktop and Documents folders to a server(a.k.a. "IntelliMirror").

Even though I don't have many users in my Active Directory domain -- it's not like I have eight kids, just one -- I still want to keep user data centrally managed on a server that I backup regularly. Besides, I find it really frustrating to have some items on your desktop on one computer, but a different set of desktop items on another computer (or VM).

To automatically configure this in the "Jameson Datacenter", I defined a Group Policy (named Default User Data and Settings Policy) with the following settings:

• User Configuration
  • Policies
    • Windows Settings
      • Folder Redirection
        • AppData(Roaming)
          • Setting: Basic (Redirect everyone's folder to the same location)
            • Path: \\beast\Users$\%USERNAME%\Application Data
          • Options
            • Grant user exclusive rights to AppData(Roaming): Enabled
            • Move the contents of AppData(Roaming) to the new location: Enabled
            • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
            • Policy Removal Behavior: Leave contents
        • Desktop
          • Setting: Basic (Redirect everyone's folder to the same location)
            • Path: \\beast\Users$\%USERNAME%\Desktop
          • Options
            • Grant user exclusive rights to Desktop: Enabled
            • Move the contents of Desktop to the new location: Enabled
            • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
            • Policy Removal Behavior: Leave contents
        • Documents
          • Setting: Basic (Redirect everyone's folder to the same location)
            • Path: \\beast\Users$\%USERNAME%\Documents
          • Options
            • Grant user exclusive rights to Documents: Enabled
            • Move the contents of Documentsto the new location: Enabled
            • Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Enabled
            • Policy Removal Behavior: Leave contents
        • Music
          • Setting: Follow the Documents folder
        • Pictures
          • Setting: Follow the Documents folder
        • Videos
          • Setting: Follow the Documents folder

Note

Those of you that have a very keen eye (and also a photographic memory) might recall that in a previous post, I listed BEAST as a database server (it is currently running SQL Server 2005). Yes, it's true, I'm breaking one of my own cardinal sins by having a SQL Server also serve as a file server. I don't recommend doing this unless, like me, you are trying to go as cheap as possible -- and, even then, only for a lab environment like mine.

In order to allow users access to create their own folders on \\BEAST\Users$, I have configured the following permissions on C:\BackedUp\Users:

• Domain Users
  • Apply onto: This folder only
  • Permissions
    • List Folder / Read Data
    • Create Folders / Append Data
• CREATOR OWNER
  • Apply onto: Subfolders and files only
  • Permissions
    • Full Control

I also created a hidden share for the C:\BackedUp\Users folder and granted Full Control to Authenticated Users (since the NTFS permissions above ultimately determine the level of access for all users).

Thus when a new user logs in for the first time, a corresponding folder is created on the server and all of the user's files are stored on the server.