Migrate7 8.2 User Data Storage Policies

Redirect User Data to Network Shares

One of the most often asked features in recent years has to do with changing where user documents are stored.  One of the best times to make such a change is a system refresh, or migration time.  Migrate7’s team engaged in a pain-staking review of how these policies can be supported in Migrate7.  The result is a feature called “Folder Redirection.”  This feature as far as we know is not found in USMT or other free products.

Using Folder Redirection is as straight-forward as the rest of Migrate7.  This blog entry covers the basics.

We’ll assume you are using a Windows Server 2008 R2 environment  and you want to configure Folder Redirection.  This feature should work on older versions of Windows Server, although the screen shots might be different.

Profile Share Configuration

The following steps are derived from the Microsoft recommendations for a secure folder redirection environment.
  1. Create a folder to store the redirected folders. (i.e. “C:\folder_redirection”)
  2. Share the folder and make it hidden from browsing. You do this by adding a “$” at the end of the share name.fr-ss1.png
  3. Give “Full Control” share permissions to the following groups:fr-ss2.png
    1. SYSTEM
    2. The security group that contains all roaming profiles domain accounts. (i.e. “Folder Redirect”)
    3. Domain Admins
    4. Built-in system admins (Administrators)

  4. Give “Full Control” security permissions to the following groups:

    fr-ss3.png

    1. Domain Admins
    2. SYSTEM
    3. Built-in system admins (Administrators)
  5. The security group that contains all folder redirected domain accounts. (i.e. “Folder Redirect”) will need special permissions to the folder.fr-ss4.png
    1. List folder /read data (Allow)
    2. Create folders / write data (Allow)
    3. The above settings should apply to “This folder only”.
  6. The security group “CREATOR OWNER” will also need special permission to the folder.fr-ss5.png
    1. Full Control (Allow)
    2. The setting should apply to “Subfolders and files only”.

Running Migrate7

When running Migrate7 in an environment that is secured according to the instructions in this document you have to run Migrate7 as a Domain Admin or during logon of a redirected user.

That’s it.  That’s all there is to it.  Your users will never know the difference, and your IT policy experts will smile as they know that storage, backup,disaster recovery, and malware-prevention are easier to carry out on centrally-managed data.

Leave a Reply