[Samba] Samba4: Folder Redirection GPO not working with Windows 7

steve steve at steve-ss.com
Sun Oct 7 04:58:18 MDT 2012

On 07/10/12 10:52, Andrew Bartlett wrote:
> On Sun, 2012-10-07 at 10:07 +0200, steve wrote:
>> On 06/10/12 17:11, steve wrote:
>>> Hi
>>> I have folder redirection working fine in XP. I see that W7 has taken
>>> the same configuration as I made in XP. Here is a screenshot:
>>>    http://dl.dropbox.com/u/45150875/gpo.png
>>> Unfortunately, on w7, whilst the roaming profile is correctly set, there
>>> is no folder redirection. Nothing appears in the \\hh1\USERS folder for
>>> the user who has logged in.
>>> Upon opening the GPO editor as Administrator in W7, I get an error
>>> message about AD and sysvol permissions:
>>> 'The permissions for this GPO in the SYSVOL folder are inconsistent with
>>> those in ctive Directory. (...) To change the SYSVOL permissions to
>>> those in Active Directory, click OK.'
>>> Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl
>>> sysvolreset and restarted the GPO editor. It then opened without the
>>> error:) The settings appear exactly as I set them on XP but are not
>>> honoured in W7.
>>> The share for the redirected folders says it's offline. There is an
>>> offline tab where the security tab normally is under the share
>>> properties. Relevant?
>>> Can anyone help me trace what's wrong?
>>> Cheers,
>>> Steve
>> Further tests show using the windows 'set' command, that the policy is
>> only being applied to Administrator. IOW, 'APPDATA' is being redirected
>> to the server. Everyone else still has the local Roaming folder for appdata.
>> I have run gpupdate /force but still no folder redirection for users.
>> Thanks,
>> Steve
> Look for file permission errors in the network trace when accessing the
> GPO.
> Andrew Bartlett
Hi Andrew
I did a wireshark of a user called steve2 logging on and off:

The folder to which the gpo should redirect to, \\hh1\USERS, is 
mentioned only once, all the other SMB2 traces refer to the steve2.V2 
profile folder. I have Application Data redirected to \\hh1\USERS

'set' shows APPDATA is still local to the client.

The gpo works fine on XP but fails for all users other than 
Administrator on W7. 'set' for Administrator shows the redirection to 
the server share at \\hh1\USERS\Administrator\Application Data. For 
Administrator nothing is written to the share, but I think this is 
because Administrator does not have a uidNumber nor gidNumber.

Any help most gretfuly received.

This works fine on XP but fails on W7.

More information about the samba mailing list