Group Policy Objects
Offline Files – Force Offline Files On with Conflict Resolution Policies
Scope Tab:
Location: Apply to your Computers OU or the Root domain, or wherever you want these settings to take effect. They will be scoped by the security filtering.
Security Filtering: Remove Authenticated users, Add CONF_Offline Files_On
Details Tab:
GPO Status: User configuration settings disabled (best practice as we’re not using any user configuration settings in this GPO)
Delegation Tab:
Add, Authenticated Users, Read Permission (best practice and now a requirement with KB3163622)
Edit the policy
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Allow or Disallow use of the Offline Files feature: Enabled
Configure Background Sync: Enabled
Configure background sync:
Sync Interval (minutes): 10
Sync Variance (minutes): 5
Maximum Allowed Time Without A Sync (minutes): 30
Blockout Start Time (HHMM): 0
Blockout Duration (minutes): 0
Enable Background Sync for shares in user selected “Work Offline” mode: Enabled
Configure slow-link mode: Enabled
UNC Paths:
\\domain.local\Drives\* : Latency=300
\\server\Users : Latency=300
\\domain.local\Drives\RedirectedFolders : Latency=1
Enable file screens: Enabled
Extensions: <leave empty>
Files not cached: Enabled
Extensions: <leave empty>
Limit disk space used by Offline Files: Enabled
Total size of offline files: 999999
Size of auto-cached files: 999999
Computer Configuration > Preferences > Windows Settings > Registry
\\domain.local\Drives\RedirectedFolders\* (Order: 1)
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key path: Software\Microsoft\Windows\CurrentVersion\NetCache\SyncConflictHandling
Value name: \\domain.local\Drives\RedirectedFolders\*
Value type: REG_EXPAND_SZ
Value data: 1
Common Tab
Stop processing items on this extension if an error occurs on this item: No
Remove this item when it is no longer applied: No
Apply once and do not reapply: No
The possible values for SyncConflictHandling and a description of each value is listed below:
————————-
0 = No resolution. The conflict is unresolved. This allows the conflict to be processed by other handlers in the system.
1 = Keep the local state. This overwrites the remote copy with the local copy’s contents. If the local copy was deleted, this deletes the remote copy on the server.
2 = Keep the remote state. This overwrites the local copy with the remote copy’s contents. If the remote copy was deleted, this deletes the local copy in the Offline Files cache.
3 = Keeps both copies. Note that this resolution is valid only for sync conflict states where both the server and client copies exist and where at least one of the items is a file. This resolution type is not available when one of the items has been deleted or both items are directories.
4 = Retains the state of the latest operation as determined by last-change times of the items in conflict. If the local item was deleted, the time of deletion is used for comparison.
5 = Write an entry to the sync conflict log and perform no further attempts at resolving the conflict. The interactive user will resolve the conflict through Sync Center at a later time.
6 = Do not resolve the conflict. Do not record an entry in the sync conflict log
7 = Cancel the synchronization operation
Offline Files – Force Offline Files Off
Scope Tab:
Location: Apply to your Computers OU or the Root domain, or wherever you want these settings to take effect. They will be scoped by the security filtering.
Security Filtering: Remove Authenticated users, Add CONF_Offline Files_Off
Details Tab:
GPO Status: User configuration settings disabled (best practice as we’re not using any user configuration settings in this GPO)
Delegation Tab:
Add, Authenticated Users, Read Permission (best practice and now a requirement with KB3163622)
Edit the policy
Computer Configuration > Policies > Administrative Templates > Network > Offline Files
Allow or Disallow use of the Offline Files feature: Disabled
Computer Configuration > Preferences > Windows Settings > Registry
FormatDatabase (Order: 1)
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key path: SYSTEM\CurrentControlSet\Services\CSC\Parameters
Value name: FormatDatabase
Value type: REG_DWORD
Value data: 0x1 (1)
Common Tab
Stop processing items on this extension if an error occurs on this item: No
Remove this item when it is no longer applied: No
Apply once and do not reapply: Yes
Redirected Folders (Redirected Folder Users)
Scope Tab:
Location: Apply to your Users OU or the Root domain, or wherever you want these settings to take effect. They will be scoped by the security filtering.
Security Filtering: Remove Authenticated users, Add Redirected Folder Users
Details Tab:
GPO Status: Computer configuration settings disabled (best practice as we’re not using any computer configuration settings in this GPO)
Delegation Tab:
Add, Authenticated Users, Read Permission (best practice and now a requirement with KB3163622)
Edit the policy
User Configuration > Policies > Windows Settings > Folder Redirection
Desktop
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Desktop
Options
Grant user exclusive rights to Desktop: Disabled
Move the contents of Desktop to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsDocuments
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Documents
Options
Grant user exclusive rights to Documents: Disabled
Move the contents of Documents to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsDownloads
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Downloads
Options
Grant user exclusive rights to Downloads: Disabled
Move the contents of Downloads to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsFavorites
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Favorites
Options
Grant user exclusive rights to Favorites: Disabled
Move the contents of Favorites to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsLinks
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Links
Options
Grant user exclusive rights to Links: Disabled
Move the contents of Links to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsMusic
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Music
Options
Grant user exclusive rights to Music: Disabled
Move the contents of Music to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsPictures
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Pictures
Options
Grant user exclusive rights to Pictures: Disabled
Move the contents of Pictures to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contentsVideos
Setting: Basic (Redirect everyone’s folder to the same location)
Path: \\domain.local\Drives\RedirectedFolders\%USERNAME%\Videos
Options
Grant user exclusive rights to Videos: Disabled
Move the contents of Videos to the new location: Enabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems: Disabled
Policy Removal Behavior: Restore contents
Testing and Implementation
Now that you have the Groups, Folder, and GPOs setup, it’s time to add your first user. Add the user directly to the “Redirected Folder Users” group. The next time the user logs in, this policy will take effect and set up the redirected folders structure and move their existing items to the new location.
Add the computer that they log into directly to the “CONF_Offline Files_On” group (after testing, you may nest these groups into other groups if you wish). The next time the policy refreshes on the machine, offline files will be enabled and the automatic conflict resolution policy will be enforced. If you don’t want the computer to use Offline Files, add the computer to the “CONF_Offline Files_Off” group.
If you transition from On to Off, normally the offline files would still remain on the system, however in the Offline Files – Force Offline Files Off GPO, we setup a registry preference to wipe the Client Side Cache database using FormatDatabase. After applying this registry key, a restart is required to actually format the database and remove the files from the system.
Troubleshooting Issues
If you end up having the odd issue here and there, the easiest way to fix it is to rebuild the Client Side Cache (CSC). This will wipe the offline files cache and rebuild it. You shouldn’t have very many issues due to the nature of how this works, but we all know computers occasionally glitch and have issues. To rebuild the CSC, you can execute the command from an elevated command prompt:
REG ADD HKLM\SYSTEM\CurrentControlSet\services\CSC\Parameters /v FormatDatabase /t REG_DWORD /d 1
or
Start RegEdit.exe with elevated permissions
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters
Create new REG_DWORD key with name FormatDatabase with value of 1
or
Copy and paste the following into a “Reset Offline Files.reg” file and then import this into the Windows Registry by using regedit or double clicking on it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCSCParameters]
“FormatDatabase”=dword:00000001
After applying this registry key, a restart is required to actually format the database and remove the files from the system.
