![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 13%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
28,659 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting here.
Here are the answers for your references.
Q:
I set up Folder Redirection on Windows Server 2019 and it works perfectly. Now I need to set up something like that: Folder Redirection should works on every domain computer where user singed in, but only on primary computer for this user files from Redirected Folders should be stored offline (locally on ONLY primary computer)
A:
Based on the description, we want folder redirection works on every domain computer where user singed in except on one primary computer.
If we enable “Redirect folders on primary computers only” Under Computer Configuration or User Configuration, navigate to Policies, then Administrative Templates, then System, then Folder Redirection.
And the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. But what we want is that only on primary computer for this user files from Redirected Folders should be stored offline (locally on ONLY primary computer).
So what you just deployed is not what you want.
However, I did a similar experiment in my own environment, folder redirection works on all domain-joined machines except on one primary computer. I hope it can help you.
Here are the steps:
Configure the computer as the primary computer:
These steps as follows are to configure the computer as the primary computer. I have two clients named win and win10. I configure win10 as the primary computer for domain user or domain user group ( in my case it is domain user a1).
- Open Server Manager on a computer with Active Directory Administration Tools installed.
- On the Tools menu, select Active Directory Administration Center. Active Directory Administration Center appears.
- Navigate to the Computers container in the appropriate domain.
- Right-click a computer that you want to designate as a primary computer and then select Properties.
- In the Navigation pane, select Extensions.
- Select the Attribute Editor tab, scroll to distinguishedName, select View, right-click the value listed, select Copy, select OK, and then select Cancel.
- Navigate to the Users container in the appropriate domain, right-click the user to which you want to assign the computer, and then select Properties.
- In the Navigation pane, select Extensions.
- Select the Attribute Editor tab, select msDs-PrimaryComputer and then select Edit. The Multi-valued String Editor dialog box appears.
- Right-click the text box, select Paste, select Add, select OK, and then select OK again.
Create folder and shared it to domain user or domain user group (in my case it is domain user a1):
- I have create a folder named qq on DC named VSTEPY194VM.
- Shared qq folder to everyone or domain user or domain user group.
- The shared path is \VSTEPY194VM\qq and we will use this shared path when configuring folder redirection.
Create GPO with folder redirection:
- I have a domain with DC called jiangsu.lab, I created a new OU in ADUC, named 1, and created a user named a1 in it.
- I configured a GPO named Folder Redirection for this OU named 1 in GPMC.
- Edit the GPO as below:
Settings: Basic - Redirect everyone's folder to the same location
Target folder location: Create a folder for each user under the root path
Root Path: type the full path of the shared folder that the a1 has shared permissions and NTFS permissions.
- I have configured Desktop under folder redirection.
At this step, the folder redirection we configured is successful.
Configure deny Read GPO for primary computer:
After we finish setting the primary computer and folder redirection, we need to set a deny permission for our primary computer (win10 in my environment), so that we can realize that when users log in to the primary computer, folder redirection is not applied.
Because for user configuration, the corresponding users should have Read and Apply group policy permissions. And the computers should have Read permission.
We deny the primary computer to Read GPO, then when the user with folder redirection logs on the primary computer, the folder redirection will not apply on primary computer.
Test the result:
The following are my two clients, logged in as a user A1, picture one is win10 (primary computer). Desktop is still in a1 user profile.
Picture two is another computer (win), Desktop is not in a1 user profile, it is redirected to shared path above (\VSTEPY194VM\qq).
Hope that the above operations can help you achieve the effect you want.
Best Regards,
Daisy Zhou