What is the issue

So lots of companies have been using redirect folders since the early 2000. But we have come a long way since then. Sure you can have a file server in Cloud or even an SMB share in Azure. But is that really something we want. Think of how you would have done it if you started again from scratch. How many companies would pay lots for disk areas where employees have non company info. That is what we have One Drive for. So I have worked with the removal. So these are some options and solutions I have discussed about this.

Solutions

There are many diffrent ways of solving this issue. Below I have listed a few different methods we can use to handle the issue. Realizing that we we have an issue is the first step. Then how we solve it depends on how fast it you want to get rid of your fileserver and how much you want to burdon your it support staff.

Just removing it

Change the folder redirection policy to just redirect everything to the local computer. If there are issues the entire company will leanr this at the same time. Your servicedesk will not be overjoyed. It’s the fastest way to get rid of the file server. On next logon each user will copy their files to the local userprofile location

Batching the users

The fast solution, depending on your requirements this is what I would recommend. This is the option most companies select. It allows us to select test the procedure and change the speed to allow our servicedesk to keep up.

Simplified instructions:

  • Lets create a group and call it backout_folder_redirected.
  • For your current folder redirection policy go to Delegation -> Advanced
    • Add the newly created group and deny “Apply group policy”.
  • Create a new GPO
    • Update the security filtering:
      • Domain Computers
      • The newly created group (backout_Folder_redirected)
    • For all folder types, change the target folder location to: Redirect to the local userprofile location

Stop with computer replacements

Another less servicedesk intensive way of backing out of the Folder Redirection is just leave them be on your current computer and then not implement it on new computers. This isn’t really computer dependent. If a user profile gets corrupt on a computer the new profile won’t be redirected.

Simplified instructions:

  • Unlink / Remove the current folder redirection policy
  • When a user gets a new computer assist the user to get their documents etc from the file server and put them according to company policy.

The really long race

Let all current users keep their Redirected Folders. New users don’t have it, they are instead asked to use One Drive or other options.

Simplified instructions:

  • Create a group for all current users
  • Change the security filtering of the current folder redirection policy be domain computers and the group you just created.

Just some computers

So this might have some use. Not really sure where, as I would recommend against this. This is a user policy and not a computer policy. So how can we make it work different. Remember when Microsoft did a big GPO change with the security update MS16-072, they forced that both the user and the computer account needed read permission for a GPO to work. So in the case we can use this. We can create a group of all computers where redirection should happen and add that the users we want to the GPO.

Simplified instructions:

  • Create group for the computer where folder redirection should happen
  • Update the security Filtering for the current folder redirection policy:
    • The newly created group
    • Domain Users