RE: redirected-redirected folders

Cliff: Here is the back and forth of it--Let me know what it is that you
don"t understand and I will try to clarify!!!!!





Bitbob: I have a client that has somehow managed to redirect his redirected
folders
so that they are pointed to another users folder on the server when he logs
out. The SBS server denies access to these files so his logout sycronization
always reports errors and stops when it encounters them. I have gone into the
local workstation and checked the files and folders the syncronization
applies to and they all point to the correct redirected folders and files. In
desperation I have copied them to other media and deleted the local copies
but the logout syncronization still errors out trying to crosslink these
files that are no longer on the local workstation. Is this process refering
to a file on the SBS server that still crosslinks those files? The user that
is having this problem is also set up with a roaming profile. Is this problem
related to his roaming profile?

Brandy: am sorry but I do not have a clear image what exact issue you are
experiencing. In order to supplement your description, I need your help to
gather the following information:

1. Just to double confirm, from your description, it seems that you have
enabled the Roaming Profile, Folder Redirection and synchronize Offline
Files. Am I right?

2. Please explain in detail "somehow managed to redirect his redirected
folders so that they are pointed to another users folder on the server when
he logs out".

a. What is the "redirected folders"? My Documents folder or the other
folders?
b. How does the client "somehow managed to redirect his redirected
folders"? Please fully describe the steps so we can better understand your
scenario.
c. Where does the customer redirect the redirected folders? To the SBS
Server or client workstation?

3. You mentioned "his logout sycronization always reports errors". What is
the full error message? Please type the error message word by word the
Newsgroup.

4. On the server and the problematic client workstation, run "eventvwr"
(without quotation marks), check whether there are any errors. If yes,
double click it, click the Copy button and paste the full content to the
Newsgroup.

5. On the problematic client workstation, open a command window, type
"gpresult /v >c:\gp.txt" (without quotation marks), go to c drive, get the
gp.txt file and send it to me (v-branee@xxxxxxxxxxxxx).

Please take your to gather the information for further research. I am
looking forward to hearing from you!

bitbob: 1. Yes all are enabled
2. I don't know how the user managed to do this and was presented with the
problem after it occured and the user has no idea what caused it.
3. The reported error is as follows and I think it answers questions 2-b-c.
User1 is logging off and gets this message which is repeated several time for
different files but always the same message with different folders in user2s
redirected data.
"Offline files(\\SBS server\users-my documents-redirect on SBS server):
access to 'samplemusic.ink' is denied om \\SBS server\users-my document
redirect \user2\my documents\my music"
4. There are no event loggings of errors in the timeframe when this problem
first occured.
5.I will send the file shortly.

Brandy:1. Robert, I am sorry but from your reply, I am still not very clear
what
exact issue you are experiencing. In your reply, you mentioned "I don't
know how the user managed to do this and was presented with the problem
after it occured and the user has no idea what caused it." I need to know:

a. Who is the "User" managed to do this? User1 or User2?
b. I suggest that you contact this "User" for detailed steps how he or she
managed to do this, and what exact goal he or she wants to achieve so we
can help to do so.

2. Who is User1 and who is User2?

a. I assume User1 is jadesh, am I right?
b. Also, I assume the problematic client workstation is MAIN, am I right?

3. If you temporarily disable the offline files on the problematic client
workstation, will User1 still encounter error message when he trying to log
off?

4. Ask User1 to log on the problematic client workstation, right click "My
Documents", Properties, Target bar, which is the target folder location?
Brandee:1. In your latest reply, you mentioned "The problem is now showing 8
files
that cause errors, an increase over the original 4 that showed up". I need
to know:

a. Did you meet any error messages after you disable the offline files?
b. If yes, please capture screen shots for each of the error messages and
send them to the Newsgroup.

2. Please explain in detail "Jadesh indicated that when the users logged in
after the Antispam install the Antispam program intercepted the application
of the user shell elements and asked if the change from user2 to jadesh
shell should be allowed."

Does Jadesh encounter any error messages? If yes, what are they? Where does
Jadesh meet these error messages?

3. Please explain in detail "This continued to happen anytime a new user
logged on with the corresponding user shell change from their roaming
profile". What changes did user make, please?

Bitbob:Brandy: 1. As I indicated when offline files are turned off there are
no error
messages!

2. here is a chronological listing of occurrences



a. user 1 is logged in and using workstation

b. user 1 logs off without incident

c. user2/jadesh logged on and before she could start using the machine
the Antispam window pops up and asks if they want to allow change from user 1
shell elements to jadesh shell elements [ yes or no ]!!!

d. This continued happening each time the different users logged on
---Antispam would pop up and ask if they wished to allow a change from the
last users shell elements to their shell elements [yes or no]!!!!

e. I arrived on the scene and disabled the parts of Antispam that dealt
with shell elements and the popup window stopped!!!!

f. However now jadesh had the logoff offline file synchronization
error message anytime she logs off!!

g. All I want to do is get rid of the error messages at her logoff by
disabling whatever is calling for her data to be synchronized with user2’s
data--- and no it would be rather counterproductive to allow her data to be
synchronized with user 2’s data so I will not give offline synchronization
security clearance to do so!!!!!

3. Jadesh encounters no other error messages aside from those that occur at
logoff during synchronization- a sample of which I have already supplied you
with.

4. Again the users were making no changes to their various shell elements!!!
All they were doing was logging on and off the workstation.!!!!!


Brandy:Hi Robert,

Thanks for your update! I am jenny and I am backup of Brandy for she is now
taking leave. I will continue work with you. I am sorry for inconvenience
for that.

The offline files and roaming profile indeed has some conflicts. Please
consider the following when implementing roaming profiles:

1. Do not use Offline Folder caching on roaming user profile shared
directories.

It is important to turn off Offline Folder caching for shared directories
where roaming user profiles are stored. If you do not turn off Offline
Folder caching for a user''s profile, you might experience synchronization
problems when both Offline Folders and roaming user profiles try to
synchronize the files in a user''s profile. This does not affect your
ability to use Offline Folders with redirected folders such as My
Documents.

2. Do not use Encrypted File System (EFS) on files in a roaming user
profile.

The Encrypted File System (EFS) is not compatible with roaming user
profiles. If you encrypt profile folders or files in the user profile using
EFS, the user''s profile will not roam.

3. Do not set disk quotas too low for users with roaming user profiles.

If a user''s disk quotas are set too low, roaming user profile
synchronization might fail. Make sure enough disk space is allocated to
allow the system to create a temporary duplicate copy of a user''s profile.
The temporary profile is created in the user''s context as part of the
synchronization process, so it debits the user''s quota.

4. When creating a roaming profile shared directory, limit access to only
those users that need access.

- Because a users roaming profile can contain personal information such as
confidential documents and EFS certificates, care should be taken to
protect access to the shared directory. Restrict access to the shared
directory to only those users that need access. You can also create a
security group for users that have profiles on a particular shared
directory, and limit access to only those users.

- Only give users the minimum amount of permissions needed.

- When creating the shared directory, hide it by putting a $ after the
share name. This hides the shared directory from casual browsers, and it
will not be visible in My Network Places.

5. Use at least Windows 2000 servers to host user roaming profile shared
directories.

Because a users roaming profile contains personal information which is
copied to and from a client computer, and the server hosting the roaming
profile, it is important to ensure that data is protected as it travels
over the network. Potential threats to the privacy and integrity of a
user''s data come from intercepting the data as it passes over the network,
tampering with the data as it passes over the network, and spoofing the
server hosting the user''s data. Features such as Kerberos, IPSec, and
Server Message Block (SMB) signing included in Windows 2000 and the Windows
Server 2003 family can help to secure a user''s data.

6. Always use the NTFS file system for volumes holding user''s data.

Configure servers hosting roaming profiles to use the NTFS File System.
Unlike FAT, NTFS supports Discretionary access control lists (DACLs) and
system access control lists (SACLs), which control who can perform
operations on a file and what events will trigger logging of actions
performed on a file.

After verifying above settings, please see if the issue be fixed.

Bitbob:Jenny Are you saying that offline file sychronization should be
turned off on
the workstations if I am using folder redirect and roaming profiles????? The
folders that contain the roaming profiles are on the server where offline
files are not activated. All of the other conditions you have indicated have
been met on the server and workstations!!! If I turn off offline
synchronization the problem will not occur but I must make sure that
redirected folders and roaming profiles will correctly write data to the
server at user logoff with that function defeated on the workstation.

Jenny:1. What is the exact error message you received? Can you help me
collect a
screen shot when reproduced the issue?
2. Enable UserENV log on both workstations and send the log files to me.

Use Registry Editor to add the following registry value (or modify it, if
the value already exists):

Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]

Value: UserEnvDebugLevel
Value Type: REG_DWORD
Value Data: 10002 (Hex)

After you make this change, restart the computer. The log file is written
to the %SystemRoot%\Debug\UserMode\Userenv.log file.

221833 How to Enable User Environment Debug Logging in Retail Builds of
Windows
http://support.microsoft.com/?id=221833

3. Save the texts of the application and system logs for analyze:

To save a text copy of Application /System log:

A. Open Event Viewer: Start -> All Programs -> Administrative Tools ->
Event Viewer.
B. Right-click on Application/System log and select "Save Log File As?".

Please compress log files and mail it to mailbox: junzhan@xxxxxxxxxxxxx

I appreciate your time! Additionally I will be out of office from 28th Jan
to 5th Feb with limited internet access. The email response will be
delayed. For Microsoft newsgroup user, please do not hesitate to contact my
backup engineer, Cliff Zhang at junzhan@xxxxxxxxxxxxx, and he will be glad
to be of assistance. I am sorry for bring you inconvenience.

Bitbob:Jenny: First would you please answer my question!!!!!! Second the
error code
was posted in the message dated 1/23 in point #3.
Third I will try to follow you instructions the next time I have access to
the clients single workstation There is only one causing this whole issue as
indicated in previous notes!!!!!! Thanks for your help


"Bitbob" wrote:

> Jenny: First would you please answer my question!!!!!! Second the error code
> was posted in the message dated 1/23 in point #3.
> Third I will try to follow you instructions the next time I have access to
> the clients single workstation There is only one causing this whole issue as
> indicated in previous notes!!!!!! Thanks for your help
>
> ""Jenny wu [MSFT]"" wrote:
>
> > I am sorry for mistake post another issue response here.
> >
> > Have a nice day!
> >
> > Sincerely,
> >
> > Jenny Wu
> > Microsoft CSS Online Newsgroup Support
> >
> >
.