Folder Redirection Policy and Windows Server Backup Feature

Introduction

This is the third article in the Windows Server Configuration Article Series. In the first section of this article, I configure the folder redirection policy and backup this folder to a different drive on the same server in the second section. In the real-world scenario, we primarily backup for network storage, which is located in different locations, even though in this demonstration I backup folders to different drives on the same server. It is a good practice to protect the data from catastrophe, and it adds an extra layer of security. We discuss each configuration under a short introduction, feature details, implementation process, lab observation, challenge and experience, and conclusion. A brief introduction, feature details, the implementation process, lab observations, challenges and experiences, and a conclusion are covered for each configuration.

previous part of this series — Click here >>

File Redirection Policy

Introduction

To redirect the domain users’ My Documents folders, we employ a folder redirection policy. Folder Redirection is a policy in Windows Server that allows administrators to redirect the path of certain folders for users within a domain. This feature is particularly useful for centralizing user data, enhancing data security, and simplifying user management. In this lab, I redirect the document folders of student users to folders on the server disk partition.

Feature Details

Functionality -

Folder Redirection redirects the path of specific user folders, such as documents, desktops, downloads, and more, from their local devices to a network location. In this lab, I only redirect the My Documents folder of student user accounts to the E drive located on the server.

Importance -

• Centralized Data Storage - This enables the central storage of user data on network shares, improving data management and backup processes.
• User Experience - Allows users to access their data seamlessly, regardless of the device they log into within the domain.
• Data Security - Enhances data security by storing critical user data on secure network locations rather than local devices.

Potential Benefits -

• Reduced Data Loss Risk — Centralized data storage reduces the risk of data loss on individual devices, ensuring that important files are backed up and accessible.
• Simplified User Management— Administrators can manage user data more efficiently by implementing consistent folder redirection policies across the network.

Implementation Process

Use 50 GB of the remaining free space on the AD server to set up a new drive to store all the shared drives and My Documents folders of the users. I created a partition for this. Creating a new disk partition is not essential for this policy. But I create a new partition because then we can easily manage redirect data separate from other server data. Go to Disk Management, and then right-click and select Shrink Volume. Then allot 50GB to the new partition. After creating a new partition, right-click and select a new simple volume and name it ‘E’.

Then Create a new folder called “My Document Folder” and share it with the student group. Before sharing, you should add Student_group and grant read and write permission to Student_group.

Then copy the Network Path.

Open the Group Policy Management Console (GPMC) in the server manager by navigating Tools > Group Policy Management. Then Create a new group policy object by right-clicking and selecting New for Create New Policy. In this case, create a new group policy object called “Folder Redirection Policy”.

Configure Folder Redirection settings under User Configuration > Policies > Windows Settings > Folder Redirection.

Specify the target folder that we want to redirect to the network location. In this demonstration, the document folder is selected to redirect to the E drive on the server.

Right-click and select properties. Add the setting to “Basic — Redirect everyone’s folder to the same location” and paste the network path that we copied in the previous step of the share folder to the root path. Click the Apply button and then the OK button.

Link the GPO to the desired organizational unit (OU) containing user accounts. In this case, I added this policy to the Student OU. Right-click on Student OU and select Link existing GPO and link folder redirection policy.

Before checking the functionality of this policy, we should update group policies on client PCs. Go to the Command Prompt and enter the “gpupdate/ force” command on the client PC where you used a student user account to sign in.

It asks us to log off and log on again. After logon again, we can see a folder redirection symbol has been added to the document folder on the client PC. Through this observation, we can confirm that our folder redirection policy has been successfully implemented. When we add a file to the document folder, it will be redirected to the server folder in disk partition ‘E’. We can put a file there and use this policy now.

Lab Observations

• When we enable this feature, we should not be concerned about maintaining folders for separate users. It will automatically handle the policy for itself. No one can access another user’s folder.
• In my user experience, I do not observe if there’s any noticeable difference in the speed of accessing redirected folders compared to local folders. I did this demonstration with the virtual machines. In the real-world scenario, there might be some latency at times as the result of network issues such as network traffic. In the real-world scenario, we should not redirect folders to the same domain controller server because it might cause unintendent traffic to the domain controller and result in considerable latency to access the folder. I also want to mention that it is not a drawback of the policy itself and can be caused by other network configurations and resources.
• In real-world cases, we should check if users experience a consistent view of their folders and files when logging in from different devices within the domain.
• Assess the ease of backup and recovery for redirected folders. Verify whether centralizing data improves backup processes and facilitates quick recovery in case of data loss.

Challenges and Solutions

1. It is good practice to set a limit to the storage quota for the document folder in the shared location. We can easily implement that by using the shared storage console on the server. We can configure a storage quota limit to maintain each user’s folder. We can customize this limitation as per our requirements. There are two main methods we use. We can use one of them.

• We can configure it to pop up a warning message and let us store excess data in that shared folder.
• We can configure it to not allow us to exceed the limit and thoroughly maintain the limitation.

2. In cases of policy removal, the files must stay in the shared location. We fulfill this requirement by using a shared storage console on the server. Don’t delete data while removing the rule, which can be enabled here.

3. Some users can experience temporary disruptions during the migration process, necessitating careful planning and communication to minimize the impact.

4. ensuring proper permissions on the network share for redirected folders.

Conclusion

Folder Redirection Policy is a valuable feature in Windows Server, providing centralized data storage, enhancing data security, and simplifying user management. Its implementation can lead to improved data accessibility, reduced data loss risks, and a more streamlined user experience, making it a crucial component for effective server management in a Windows Server environment. Latency issues and some potential issues may occur when you misconfigure this policy or configure it without considering its effect on the system in different situations, such as bufferover flow. But almost every one of these drawbacks can be completely solved by using other additional features correctly on the Windows server. But networking issues in the systems, like the limitation of bandwidth, can cause latencies while accessing shared storage.

Windows Server Backup Feature

Introduction

The Windows Server Backup feature in Windows Server is a built-in tool that allows administrators to perform backup and recovery tasks on Windows Server operating systems. It provides a reliable and efficient way to protect important data and system configurations against loss or corruption. We can schedule backups and protect the entire server or specific volumes. The Windows Server Backup feature is a comprehensive solution designed to address the challenges associated with potential data loss, system failures, or unforeseen disasters. By allowing administrators to create full server backups, including system states, applications, and user data, this feature becomes a linchpin in the strategic approach to data protection. It goes beyond mere file-level backups, providing the capability to restore entire systems to a previous state, minimizing downtime, and ensuring continuity in the face of disruptions.

Feature Details

Functionality -

Windows Server Backup enables administrators to create full server backups, including system state, files, and applications. It supports backup scheduling, recovery options, and bare-metal recovery, allowing for complete restoration in case of system failure.

• Backup Creation - Windows Server Backup allows for the creation of full server backups, capturing critical data, system state, and other components.
• Backup Scheduling - Administrators can configure backup schedules to ensure regular and automated backups, reducing the risk of data loss.
• Customizable Backup Options - The feature offers flexibility in choosing backup destinations, including external drives and network locations, or dedicated backup storage.

Importance -

The importance of Windows Server Backup lies in its role in ensuring data integrity and system availability. It safeguards against data loss, facilitates disaster recovery, and supports compliance with data protection policies.

• Data Protection — Windows Server Backup plays a vital role in protecting critical data, ensuring its availability for recovery purposes.
• Disaster Recovery — In the event of system failures or unforeseen issues, the ability to restore from backups is crucial for minimizing downtime.
• System State Backup — Capturing system state information allows for the recovery of essential system configurations and settings.

Potential Benefits -

• Reliability- Windows Server Backup provides a reliable backup solution that is integrated into the Windows Server operating system.
• Ease of Use- Its user-friendly interface simplifies backup and recovery tasks, making it accessible for administrators with varying levels of expertise.
• Cost-Effective- As a built-in feature, it eliminates the need for third-party backup solutions, potentially reducing costs.
• Integration with VSS- It leverages the Volume Shadow Copy Service (VSS) for creating consistent and application-aware backups.

Implementation Process

In this demonstration, I backup the folder on the server to a different drive on the same server. But in real-world scenarios, we mostly backup data to network storage in different locations. It is a good practice to protect the data from catastrophe, and it adds an extra layer of security.

First, add the Windows Server Backup feature from Manage > Add Roles and Features. Navigate to the “Select features” window and check “Windows Server Backup.” Click through the installation process and wait for the feature to be installed.

Once installation is complete, open “Windows Server Backup” from the Administrative Tools menu.

Then right-click on Local Backup and select Backup Schedule.

It asks us to select the desired configuration type. In this case, we do not want a full server backup. So if we choose custom configuration, then we can configure specific volumes or files for backup rather than a full server. In the majority of real-world scenarios, we are also required to backup only specific important folders or volumes on the server.

Then add the folders you want to backup. If desired, we have the capability to pick particular drives or files from the server. In this case, I backed up “MyDocumentFolder” on drive E, so I selected it.

Then configure how often you want to run a backup. In here, we set times when we want to execute the backup process. In my case, I backup once a day at 9 p.m. According to your requirement, if you can run the function more than once a day, then we should add more than one time to the schedule time list. In real-world situations, we typically set the time around midnight in order to reduce issues and network traffic by avoiding peak organizational work hours.

If we have a dedicated hard disk for backups, then we can select “Back up a hard disk that is dedicated for backups,” which is the recommand option in the Windows OS.

In this demonstration, I used a folder in a separate disk partition on the same server, so I can also select the “Back up to a volume” option. Then we do not require a dedicated entire disk for backups; rather, we can use free space on any disk. But I do not select this option; now I go with the third option.

As I mentioned earlier, in the real world, backups are usually performed on separate dedicated hardware in a different location. Then we select “Back up to a shared network folder”. In this demonstration, I want to back up data in a folder on another drive on the same server. But I chose the third option. It is also applicable in my case. I hope I should choose it because it is most similar in real-world cases.

Now we hold this configuration for a moment and create a “Backup Folder” folder on drive C, where I want to keep backups, and I right-clicked to select properties. Then share it with everyone and give read / write permissions.

Copy the network path. In my case, the network path is “\\FCT-DC1\My Document Folder”.

Now come back to the backup configuration window. Paste the network path into Location input box. In this location, backups will be saved. Access control is already set as inherit, so everybody who has access to the specified remote share folder (we named it “Backup Folder”) can also access the backups.

Provide the Administrator account’s credentials.

Finally, we can check and confirm our configurations and click the Finish button.

The configuration is now complete. Then the backup process is automatically done once a day at 9:00 p.m. For testing purposes, we can manually add one backup. Right-click on Local Backup and select Backup once.

We can verify the configuration through the backup window. We can see backup items, destination items, and backup time correctly configured. Also, we can see the next backup time and previous backup details.

After the first backup, we can see the “WindowsImageBackup” folder created in the backup folder on the C drive.

Lab Observations

During the implementation, the Windows Server Backup feature demonstrated a straightforward installation process. The user interface was intuitive, allowing for easy configuration of backup settings and schedules. According to my observations, the Windows backup system is easy to configure and use because it is built into the Windows Server OS.

Challenges and Solutions

Limited customization options in terms of backup frequency and retention may be considered a drawback for environments with specific backup policies. It has limited control over the backup process and allocates resources for backup operations.

We can consider implementing one or a combination of the following solutions,

• Volume Shadow Copy Service (VSS) Customization — Windows Server Backup relies on the Volume Shadow Copy Service (VSS) for creating backups. You can explore advanced configurations and settings related to VSS to tailor backup operations according to your needs. This may involve adjusting VSS settings through the registry or group policy to achieve the desired backup frequencies and retention policies. Recovery options provided flexibility, and the bare-metal recovery feature worked efficiently in restoring the entire system.
• Third-Party Backup Solutions - Utilize third-party backup software that offers more advanced features and customization options tailored to your specific backup policies. There are numerous third-party solutions available in the market that provide enhanced control over backup frequencies, retention policies, and resource allocation.
• Hybrid Approach - Implement a hybrid backup approach by combining Windows Server Backup with other backup solutions or cloud-based backup services. For example, you can use Windows Server Backup for basic system backups while utilizing a cloud backup service for critical data or implementing a disk-to-disk backup strategy for additional redundancy.

Conclusion

In conclusion, the Windows Server Backup feature is a valuable tool for administrators, providing a robust and integrated solution for data protection and system recovery. Its ease of use, cost effectiveness, and integration with VSS make it a significant asset in maintaining the reliability and availability of Windows Server environments. Administrators should leverage this built-in capability to enhance their overall server management and ensure the resilience of their IT infrastructure.

The backup feature and folder redirection policy that we covered are critical for safeguarding and integrating control over the organizational environment. In my upcoming artcle, I intend to go over yet another crucial Windows Server feature.

Next part of this series — Click here >>