Skip to main content

Can you use a file screen to prevent files from being redirected?

Yes you can. The scenario here is we have set up our clients, through Group Policy, to redirect the desktop to a server. I have also set up a files screen on the shared folder that will host the data. This file screen is configured to block .TXT files. When the user tries to create a .TXT file on their desktop, they are prevented from doing so. Below is the setup procedure to do this.

Step 1: configure the folder to hold the user data.

I created a folder on my server

Next I shared it by right clicking the folder and selecting Properties.

 

image

Click Advanced Sharing.

Click Permissions.

Click Add

In the Enter the object names to select box, type Authenticated Users and click Check Names.

Click OK

image

Click Authenticated Users

Check Full Control.

Click OK

Click OK

Click Close

The folder is not set up for your users to have their desktops redirected to this location.

 

Step 2

We now need to create the Group Policy that will redirect the users desktop to this location.

On your Domain Controller, click Start / Administrator Tools / Group Policy Management

Expand the tree until you expand Group Policy Objects.

Right click Group Policy Objects and click New.

image

Give the GPO a name.  In this example, we will call it DesktopRedirection.  Click OK

Under Group Policy Objects, right click DesktopRedirection and then click Edit.

Expand User Configuration / Windows Settings / Folder Redirection.

Right click Desktop and select Properties.

In the Settings drop down box, select Basic – Redirect everyone’s folder to the same location.

In Target folder location select Create a folder for each user under the root path.

IN Root Path, enter the UNC path to the folder we created earlier.  In this example, it is \\MCT-1\Desktop.

image

Click the Settings tab.

By default, Grant the user exclusive rights to Desktop.  For this example, I unchecked it.

Click OK

image

Close Group Policy Management Editor

In the Group Policy Management window, drag and drop the GPO onto the Organizational Unit that holds your user accounts.  Remember, you cannot link a GPO to the default users container.

This policy is now being applied to your users.

 

Step 3 Install FSRM

On the server that holders the Desktop folder, clickStart \ Administrator Tools \ Server Manager

You need to add the File Server Resource Manager Role service to this server.  If File Services are not installed, click Add Roles and add the File Services role to this computer.

In Server Manager click Roles.

Scroll down until you get to the Role Services section and click Add Role Services

image

Check File Server Resource Manager and then click Next.

Select the drive that you have the Desktop folder on.

Click Next

Click install.

Close the window when completed.

 

Step 4 Set up the file screen

Click Start / Administrator Tools / File Server Resource Manager

Expand File Screen Management

Right click File Screens and select Create File Screen.

In the File screen path, choose the Desktop folder that you created.

In Derive properties from this file screen template (recommended), choose the file screen you want to use.  For our example, we are using a custom file screen.  This screen blocks .TXT files.

image

We are now ready to test the screen

Log into your client as a user who has the Group Policy applied to them.

Attempted to create a .TXT file.  You should receive an error like the one below:

image

If not, make sure your group policies have replicated and this client has downloaded the policy.

Comments

Popular posts from this blog

Adding a Comment to a GPO with PowerShell

As I'm writing this article, I'm also writing a customization for a PowerShell course I'm teaching next week in Phoenix.  This customization deals with Group Policy and PowerShell.  For those of you who attend my classes may already know this, but I sit their and try to ask the questions to myself that others may ask as I present the material.  I finished up my customization a few hours ago and then I realized that I did not add in how to put a comment on a GPO.  This is a feature that many Group Policy Administrators may not be aware of. This past summer I attended a presentation at TechEd on Group Policy.  One organization in the crowd had over 5,000 Group Policies.  In an environment like that, the comment section can be priceless.  I always like to write in the comment section why I created the policy so I know its purpose next week after I've completed 50 other tasks and can't remember what I did 5 minutes ago. In the Group Policy module for PowerShell V3, th

Return duplicate values from a collection with PowerShell

If you have a collection of objects and you want to remove any duplicate items, it is fairly simple. # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   # Remove the duplicate values. $Set1 | Select-Object -Unique 1 2 3 4 5 6 7 What if you want only the duplicate values and nothing else? # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   #Create a second collection with duplicate values removed. $Set2 = $Set1 | Select-Object -Unique   # Return only the duplicate values. ( Compare-Object -ReferenceObject $Set2 -DifferenceObject $Set1 ) . InputObject | Select-Object – Unique 1 2 This works with objects as well as numbers.  The first command creates a collection with 2 duplicates of both 1 and 2.   The second command creates another collection with the duplicates filtered out.  The Compare-Object cmdlet will first find items that are diffe

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.