Home / Server / Server Maintenance / How to Set Up Folder Redirection on Windows Server

How to Set Up Folder Redirection on Windows Server

Table of Contents

Folder redirection with Group Policy moves user folders — Desktop, Documents, Pictures, and others — from the local PC to a network share on a server. Users access their files transparently, but the data is stored centrally, backed up from the server, and available from any domain-joined machine. This guide covers how to set up folder redirection on Windows Server.

Why Use Folder Redirection

Without folder redirection, every user’s Documents folder lives only on their local PC. If the PC fails, the data is gone. With folder redirection:

  • Files are stored on the server and backed up as part of server backup
  • Users can log into any domain machine and access their files
  • IT can manage storage quotas centrally
  • Data remains accessible while a failed PC is being repaired or replaced

Folder redirection works best combined with Offline Files — a Windows feature that caches a local copy of the redirected folders, so users can still work when disconnected from the network (on a laptop away from the office, for example).

Step 1: Create the File Share on the Server

Create a shared folder to host the redirected data. Each user gets their own subfolder within it:

# Create the root folder
New-Item -Path "D:\UserFolders" -ItemType Directory

# Create the share
New-SmbShare -Name "UserFolders$" -Path "D:\UserFolders" -FullAccess "CONTOSO\Domain Admins" -ChangeAccess "CONTOSO\Domain Users"

The share name ends with $ to make it hidden — users do not need to see or know the share path directly.

Step 2: Set NTFS Permissions Correctly

Folder redirection requires specific NTFS permissions on the root folder. The user should only have access to their own subfolder, not others’:

  1. Right-click D:\UserFolders → Properties → Security → Advanced
  2. Disable permission inheritance
  3. Set permissions as follows:
    • SYSTEM: Full Control, This folder, subfolders and files
    • Domain Admins: Full Control, This folder, subfolders and files
    • Creator Owner: Full Control, Subfolders and files only (not this folder)
    • Authenticated Users: List folder / read data, Create folders / append data — This folder only

This configuration (sometimes called ABE — Access-Based Enumeration friendly setup) ensures users can create their own subfolder but cannot read each other’s folders.

Step 3: Enable Access-Based Enumeration on the Share

Set-SmbShare -Name "UserFolders$" -FolderEnumerationMode AccessBased

With ABE enabled, users browsing the share only see their own subfolder — not an intimidating list of every user’s name.

Step 4: Configure Folder Redirection in Group Policy

  1. Open Group Policy Management and create a new GPO linked to the OU containing your users (not computers)
  2. Edit the GPO and navigate to: User Configuration → Policies → Windows Settings → Folder Redirection
  3. Right-click Documents → Properties
  4. Set the Setting to Basic — Redirect everyone’s folder to the same location
  5. Under Root Path, enter: \\SERVERNAME\UserFolders$
  6. Leave the path as \\SERVERNAME\UserFolders$\%username%\Documents — the %username% variable creates a per-user subfolder automatically
  7. Under the Settings tab, configure:
    • Tick Grant the user exclusive rights to Documents — this sets the correct NTFS permissions on the user’s subfolder automatically
    • Tick Move the contents of Documents to the new location — migrates existing local files to the server on first apply
  8. Repeat for Desktop, Pictures, and any other folders you want to redirect

Test the Configuration

Log on as a test user on a domain-joined PC and run gpupdate /force, then log off and back on. Check that:

  • The Documents folder path has changed to the UNC path or a mapped drive
  • The server has created a subfolder for the user under D:\UserFolders
  • Files created in Documents are visible on the server in the user’s subfolder

Offline Files — Working Disconnected

To enable Offline Files so laptop users can work without a network connection, configure the following in the same GPO:

Computer Configuration → Administrative Templates → Network → Offline Files:

  • Allow or Disallow use of the Offline Files feature — Enabled
  • Synchronize all offline files when logging on — Enabled
  • Synchronize all offline files before logging off — Enabled

Users’ redirected folders are then cached locally and sync when they reconnect to the network.

Storage Quotas on Redirected Folders

Without quotas, redirected folders grow without limit and can fill the server. Apply quotas using the File Server Resource Manager (FSRM) role:

Install-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools

# Create a 5GB hard quota on the UserFolders share
New-FsrmQuota -Path "D:\UserFolders" -Template "5 GB Limit" -Confirm:$false

Sign Up For Daily Newsletter

Stay updated with our weekly newsletter. Subscribe now to never miss an update!

[mc4wp_form]

Leave a Reply

Your email address will not be published. Required fields are marked *