[Samba] Folder re-direction by Group Policy in a Multiple-Samba server e nvironment

Boswell Andrew Dr (ITCS) s139 A.Boswell at uea.ac.uk
Mon Oct 21 23:43:50 GMT 2002 

This is a serious problem which can affect users of Samba in a Windows 2000
domain in which a Group Policy is applied to user accounts to redirect the
"My Documents" or other folders to a Samba share.  The contents of the users
"My Documents" can become deleted.

Problem description:

1. Background : We are using Samba servers to serve user files in a Windows
2000 domain of some 500 XP desktops, c.20000 user accounts.
   
2. A group policy is applied to redirect the user's "My Documents" folder to

	%LOGONSAMBA%\%USERNAME%\<sub-folder>\My Documents
- the UNC path to the folder once the variables at expanded.

3. The value of %LOGONSAMBA% is the name of a specific Samba server for that
user session and is determined by the logon script given the workstation ip
address.  Currently, there are two Samba servers in our domain which then
mount the users' filestore over NFS from RAID fileservers elsewhere in the
network.

4. When users moved from one workstation to one with a different
%LOGONSAMBA% value, the contents of their redirected @My Documents@ folder
was deleted.  


Solution:

The Group Policy for Folder Redirection, as documented at
 	www.microsoft.com/windows2000/docs/settings.doc,  
has a setting "Move the contents of My Documents to the new location" which
is ticked on by default.  This options appears to be intended occur once
when the GP is first applied in order to copy the contents of any existing
local "My Documents" folder to the redirected location. 

Logging the actions of fdeploy.dll, we have found that it checks the
previous value of the redirected folder in registry key:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders\Personal   
against the one calculated in the logon script.  If it is different, then
the above GP option is executed.  In the Samba situation above, both the
previous location and new location are the same physical location although
the UNC paths are different.  Fdeploy.dll attempts to copy the files, and
then delete them from the "original" location - resulting in the deleted
contents of the folder.  The problem is prevented by removing this Group
Policy option.

More information about the samba mailing list