[Samba] Samba4: Folder Redirection GPO not working with Windows 7

Rowland Penny rpenny at f2s.com
Sun Oct 7 09:14:41 MDT 2012

On 07/10/12 16:02, steve wrote:
> On 07/10/12 12:58, steve wrote:
>> On 07/10/12 10:52, Andrew Bartlett wrote:
>>> On Sun, 2012-10-07 at 10:07 +0200, steve wrote:
>>>> On 06/10/12 17:11, steve wrote:
>>>>> Hi
>>>>> I have folder redirection working fine in XP. I see that W7 has taken
>>>>> the same configuration as I made in XP. Here is a screenshot:
>>>>>    http://dl.dropbox.com/u/45150875/gpo.png
>>>>> Unfortunately, on w7, whilst the roaming profile is correctly set,
>>>>> there
>>>>> is no folder redirection. Nothing appears in the \\hh1\USERS 
>>>>> folder for
>>>>> the user who has logged in.
>>>>> Upon opening the GPO editor as Administrator in W7, I get an error
>>>>> message about AD and sysvol permissions:
>>>>> 'The permissions for this GPO in the SYSVOL folder are inconsistent
>>>>> with
>>>>> those in ctive Directory. (...) To change the SYSVOL permissions to
>>>>> those in Active Directory, click OK.'
>>>>> Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl
>>>>> sysvolreset and restarted the GPO editor. It then opened without the
>>>>> error:) The settings appear exactly as I set them on XP but are not
>>>>> honoured in W7.
>>>>> The share for the redirected folders says it's offline. There is an
>>>>> offline tab where the security tab normally is under the share
>>>>> properties. Relevant?
>>>>> Can anyone help me trace what's wrong?
>>>>> Cheers,
>>>>> Steve
>>>> Further tests show using the windows 'set' command, that the policy is
>>>> only being applied to Administrator. IOW, 'APPDATA' is being 
>>>> redirected
>>>> to the server. Everyone else still has the local Roaming folder for
>>>> appdata.
>>>> I have run gpupdate /force but still no folder redirection for users.
>>>> Thanks,
>>>> Steve
>>> Look for file permission errors in the network trace when accessing the
>>> GPO.
>>> Andrew Bartlett
>> Hi Andrew
>> I did a wireshark of a user called steve2 logging on and off:
>> http://dl.dropbox.com/u/45150875/logon
>> The folder to which the gpo should redirect to, \\hh1\USERS, is
>> mentioned only once, all the other SMB2 traces refer to the steve2.V2
>> profile folder. I have Application Data redirected to \\hh1\USERS
>> 'set' shows APPDATA is still local to the client.
>> The gpo works fine on XP but fails for all users other than
>> Administrator on W7. 'set' for Administrator shows the redirection to
>> the server share at \\hh1\USERS\Administrator\Application Data. For
>> Administrator nothing is written to the share, but I think this is
>> because Administrator does not have a uidNumber nor gidNumber.
>> Any help most gretfuly received.
>> Cheers,
>> Steve
>> This works fine on XP but fails on W7.
> OK
> Getting a bit closer:
> The share \\hh1\USERS is not accessible by users, neither can I set 
> the security on it as Administrator because the security tab has been 
> replaced by 'offline files'. The underlying POSIX share is 
> /home2/USERS and it is 0777, global RW.
> Summary: In W7, users cannot access the share. Question: how can I 
> remove the offline files and get a security tab back?
> THanks,
> Steve
Hi Steve, a quick google finds: 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list