Managing Files and Folders

The Microsoft Windows XP Professional operating system helps you, as an administrator, to better control how files and folders are used, and makes it easier for users to work with files and folders. By using Group Policy, Folder Redirection, and Offline Files, you can centrally manage the use of files and folders. You can regulate the extent to which users can modify files and folders, back up user data automatically, and give users access to their files even when not connected to the network.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see https://www.microsoft.com/mspress/books/6795.asp.

Bb457104.3squares(en-us,TechNet.10).gif

On This Page

Related Information
Overview of Managing Files and Folders
Managing Documents with Folder Redirection
Using Offline Files
Sharing Files and Folders
Searching for Files, Folders, and Network Resources
Troubleshooting Files and Folders Management
Additional Resources

  • For an overview of managing desktops by using IntelliMirror management technologies, see Chapter 5, “Managing Desktops.”

  • For more information about managing files for mobile users, see Chapter 7, “Supporting Mobile Users.”

Overview of Managing Files and Folders

Your ability to manage files and folders differs depending upon whether the Active Directory directory service is available. Organizations that use Active Directory can use Group Policy settings, Folder Redirection, and Offline Files to help centrally manage files and folders. In network environments that do not use Active Directory, you can achieve some of the same functionality by using other options such as local Group Policy, System Policy, and Windows XP Professional features on client computers.

If you are managing Windows XP Professional client computers in an Active Directory environment, you can use Group Policy to implement IntelliMirror™ management using Folder Redirection and Offline Files.

Group Policy

Group Policy is the administrator’s primary tool for defining and controlling programs, network resources, and the operating system. Using Group Policy, you define a configuration that is subsequently applied on all specified client computers. Group Policy lets you create as many different client configurations as needed for different kinds of users in your organization. For more information about using Group Policy, see Chapter 5, “Managing Desktops.”

Folder Redirection

By using Folder Redirection, you can redirect folders such as My Documents to network servers. Users can then access their files from any network location, and the files can be automatically backed up during routine server backups.

Offline Files and Synchronization Manager

Using Offline Files, you can make redirected user folders available offline so that users can continue working even when they are not connected to the network. Offline Files can also be used to make other files and folders that reside on the network available offline. When users reconnect, updated local copies of files can be synchronized with copies on file servers by using Synchronization Manager.

IntelliMirror

Realizing the full benefit of IntelliMirror components in an Active Directory environment takes careful planning. If your organization has implemented or is planning to implement Active Directory and you want to deploy IntelliMirror, many resources are available to help with planning and implementation. For more information about implementing data management technologies on an Active Directory–based network, see the Deployment Planning Guide of the Microsoft Windows 2000 Server Resource Kit and the Change and Configuration Management Deployment Guide link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

Managing Documents with Folder Redirection

Folder redirection is a component of IntelliMirror that allows administrators to redirect the path of the following folders to a new location: My Documents (and its subfolders My Pictures, My Music, and My Videos), Application Data, Desktop, and Start Menu. These folders are located by default in each user’s profile on the local computer. The most commonly redirected folders are those that contain large amounts of user data—My Documents and its subfolders. Although it is not a recommended practice to store large amounts of data on the Desktop, users in some organizations do, and the Desktop folder can be redirected as well.

The new location can be another folder on the local computer or a directory on a network share. Users work with documents on a server as though the documents were stored on the local drive.

There are benefits to redirecting any folder, but redirecting the My Documents folder can be particularly advantageous:

  • No matter which computer on the network the user logs on to, the user’s documents are always available.

  • You can use Group Policy to set disk quotas and limit the amount of space taken up by users’ folders.

  • You can back up data stored on a shared network server as part of routine system administration. This is safer and requires no action on the part of the user.

  • User data can be redirected to a hard disk on the user’s local computer other than the disk where the operating system files are located. This protects the user’s data if the operating system must be reinstalled.

Combining Folder Redirection with roaming user profiles

You can also combine Folder Redirection and roaming user profiles to decrease logon and logoff times for roaming and mobile users. A common scenario is to redirect the My Documents and My Pictures folders, and allow the Application Data, Desktop, and Start Menu folders to roam with the profile. In addition to improved availability and backup benefits from having the data on the network, users also realize performance gains when using low-speed network connections and in subsequent logon sessions. Not all the data in the user profile is transferred to the desktop each time the user logs on—only the data that user accesses during a session. Because only some of the users’ documents are copied, performance is improved when the users’ profiles are copied from the server.

When you combine the use of Folder Redirection and roaming user profiles, you can also provide fast computer replacement. If a user’s computer needs to be replaced, the user’s data can quickly be copied from the server locations to a replacement computer.

Previously, administrators who wanted to redirect folders to the network had to edit the registry or use System Policy. These methods can still be used if you are not in an Active Directory environment. For more information about registry entries that affect folder redirection, see “Folder Redirection Registry Keys” later in this chapter.

Selecting Folders for Redirection

The following folders are located by default in the user’s profile, and roam by default with a roaming user profile, but you can use Folder Redirection to redirect them to another location instead.

My Documents

My Documents is the folder where users normally save their documents. Common dialog boxes in Windows XP Professional point to the My Documents folder by default, so there is a greater tendency for a user to save files there. It is a good practice to train users to save all their documents to this folder, and you can also enable a Group Policy setting to prevent them from saving files in other locations. Because My Documents is often too large to roam without creating excessive network traffic, it should generally be redirected.

My Pictures

A subfolder of My Documents, this is the default location for pictures and images in Windows XP Professional. If My Documents is redirected, My Pictures is also redirected by default. It is recommended that you accept the default setting and allow My Pictures to follow the My Documents folder.

My Music

A subfolder of My Documents, this is the default location for music files. If My Documents is redirected, My Music is also redirected by default.

My Videos

A subfolder of My Documents, this is the default location for video files. If My Documents is redirected, My Videos is also redirected by default.

Application Data

This folder stores application state data, such as toolbar settings, custom dictionaries, and other non-registry-based settings. Application vendors decide what each application stores here. Because many applications incorrectly determine that the application data is local, redirecting it can cause inconsistent results. For this reason, it is recommended that you allow Application Data to roam with the profile. However, there are three situations in which redirecting Application Data might be advantageous:

  • To reduce the size of the profile, thereby decreasing logon time, on multiuser computers where you have enabled a Group Policy setting to delete cached profiles. This gives users access to their Application Data as needed, but without having to download several possibly large files every time they log on.

  • To reduce the size of the profile, thereby decreasing initial logon time, in situations where keeping initial logon time short is a priority.

  • For Terminal Services clients where you have enabled a Group Policy setting to delete cached profiles.

Desktop

The Desktop folder contains items such as shortcuts and folders that are placed there for quick access. Although the Desktop is usually allowed to roam with the profile, there are two situations in which it might be advantageous to redirect the Desktop folder instead:

  • To reduce the size of the profile in organizations where users store large numbers of files, rather than shortcuts, on their desktops. Because any folder that is redirected is also automatically available offline, users can still access data in their redirected folders even if they lose their connection to the server.

  • To mandate a common Desktop for a group of users. Some organizations want to configure computers to use a common look and feel. By redirecting a group of users to a read-only copy of the desktop, you can ensure that all users share the same desktop, with the same desktop items. However, Group Policy and default user profiles provide better ways to accomplish this goal.

Start Menu

The Start Menu folder contains program groups and shortcuts to programs. Start menu redirection is treated differently from other redirected folders. The contents of the user’s local Start menu are not copied to the redirected location. Instead, users are directed to a standard Start menu the administrator has previously created and stored on a server. It is not generally recommended to use Folder Redirection to redirect the Start menu folder; use Group Policy to control what appears on the Start menu. Redirecting the Start menu can be advantageous in the following situations:

  • Mixed operating system environments. For example, for Microsoft Windows NT version 4.0–based client computers, you can define a path for a redirected Start menu by using System Policy. You can then use Folder Redirection to define a path for Windows XP Professional–based clients to the same location.

  • Kiosk-type environments, to redirect to a read-only version of the Start menu. Redirect it only in environments where software deployment features are not being used.

Tools for Configuring Folder Redirection

Folder Redirection configuration options vary, depending on whether you have an Active Directory environment. In an Active Directory environment, you can use Group Policy to apply different configurations to different user groups; for example, you can redirect Marketing users’ folders to a server in the Marketing department, and redirect Engineering users’ My Documents folder to their existing home directories. In non–Active Directory environments, you have other options, such as using System Policy, as described later in this chapter; you cannot, however, configure folder redirection by using a local Group Policy object (LGPO).

Active Directory Environments

In an environment with Active Directory, you configure Folder Redirection by using the Group Policy Microsoft Management Console (MMC) snap-in. The Group Policy settings for redirecting My Documents and other user profile folders are found under User Configuration\Windows Settings\Folder Redirection. For details about implementing this component, see “Applying Change and Configuration Management” in the Deployment Planning Guide of the Microsoft Windows 2000 Server Resource Kit.

Other Server Environments

In Windows server environments without Active Directory and in other server environments, you can redirect folders to a local or network location by using the following methods:

  • In Windows NT 4.0 environments, you can use System Policy.

  • Administrators or users can also redirect the My Documents folder by changing the Target folder location on the My Documents Properties page.

Using Offline Files

Offline Files provides access to network files and folders from a local disk when the network is unavailable. This feature is particularly useful when access to information is critical, when network connections are unstable, or when using mobile computers.

Offline Files gives mobile users access to their files when they are not connected to the network and ensures that they are always working with the most current version of the files. These benefits are also useful to onsite workers who might temporarily lose network connectivity as a result of server maintenance or technical problems. For more information about issues relating to offline files on mobile computers, such as synchronizing over a slow link and preventing synchronization when running on battery power, see Chapter 7, “Supporting Mobile Users.”

Offline Files can be paired with Folder Redirection for higher data reliability. For example, if a folder is redirected, the contents of that folder are stored on a server drive. In Windows XP Professional, by default any redirected folders are automatically made available offline. This default behavior can be changed by enabling the Group Policy setting Do not automatically make redirected folders available offline. The folder is then accessible on the user’s computer in case of network inaccessibility and from any computer to which the user logs on.

In an Active Directory environment, Group Policy settings control the Offline Files feature. For details about Group Policy settings that manage Offline Files, see “Group Policy Settings That Affect Offline Files” later in this chapter and Group Policy Help.

Implementing Offline Files

An Active Directory environment is not necessary to use Offline Files. You can make files available from any computer that supports server message block (SMB)–based File and Printer Sharing, including computers running Microsoft Windows 95, Microsoft Windows 98, Windows NT 4.0, and Windows 2000. Offline Files is not available on Novell NetWare networks or when Windows 2000 is running Terminal Services (except in single-user mode).

Files specified for offline use are cached in a database on the hard disk of the local computer. If the network resource becomes unavailable, a message appears in the notification area. Changes made to the file while offline are saved locally, and then synchronized when the network resource becomes available again.

Before you can make files or folders on a computer available offline, you need to set up the computer to use Offline Files.

To set up a computer to use Offline Files
  1. Open My Computer.

  2. On the Tools menu, click Folder Options.

  3. On the Offline Files tab, select the Enable Offline Files check box if it is not already selected.

  4. Select Synchronize all offline files before logging off to enable a full synchronization. Leave this option unselected for a quick synchronization.

On the Offline Files tab, you can also set the reminder balloon options, designate the amount of disk space to use for offline files, place a shortcut to the Offline Files folder on the desktop, and encrypt the offline files local cache. Note that if an option is controlled by a Group Policy setting, it cannot be changed on the Offline Files tab of the local computer.

Offline Files Database

Offline files and related information are stored in a database in the system folder (systemroot\CSC) on the local computer.

Note Another term for Offline Files is client-side caching (CSC).

The CSC directory contains all offline files that are requested by any user on the computer. The database mimics the network resource while it is offline so that files are accessed as though the network resource is still available. File permissions and system permissions on the files are preserved. For example, a Microsoft Word document created by Bob, given a password, and saved to a share on which only Bob has Full Control cannot be opened from the CSC directory by Alice, because she has neither the share permissions to open the file nor the password required to open the file in Microsoft Word. You can also maintain the security of sensitive files by using Encrypting File System (EFS) to encrypt the Offline Files cache.

The Offline Files folder shows the files that are stored in the database. To open or view the files directly in the CSC folder, you must log on as a member of the Administrators group.

Note In a file allocation table (FAT) file system or a FAT file system converted to NTFS, users might be able to read information that is cached in the systemroot\CSC directory. This includes offline files that are requested by another user on the same computer.

It is very important not to delete files directly from the CSC directory. For information about how to delete files see “Deleting Files and Folders” later in this chapter.

Making Files Available Offline

Files are cached either automatically or manually to the computer that requests them. Automatic caching occurs when a specific file in a folder is opened, but only if the server indicates that the contents of the share must be automatically cached. Automatically cached files are marked as Temporarily Available Offline in the Offline Files folder because they can be removed from the cache as the cache fills up. There is no guarantee that an automatically cached file will be available when offline.

Files are manually cached when a computer specifically requests, or pins, a particular file or folder on the network to be made available offline. You pin a file or folder by selecting the file or folder and, on the File menu, selecting Make Available Offline. Manually cached files are marked as Always available offline in the Offline Files folder.

In Windows 2000 and Windows XP Professional, the Manual Caching for Documents setting is enabled by default when a folder is shared. To change the setting so that documents in the shared folder are automatically cached, right-click the folder, click Properties, click the Sharing tab, and then click Caching. In the Settings box, select Automatic Caching of Documents. You can also disable caching.

Note You can manually pin files and folders that are configured for automatic caching.

By default, the following file types are not cached:

*.slm; *.mdb; *.ldb; *.mdw; *.mde; *.pst; *.db?

You can override the default settings by using the Files not cached Group Policy setting. Any file types that you specify in the Group Policy setting override the default settings. For example, if you specify that only .txt files cannot be cached, all other file types are available for caching.

The default cache size for automatically cached offline files is 10 percent of the total disk space of the hard disk. You can change the default by specifying a value between 0 and 100 percent on the Offline Files tab of the Folder Options dialog box. This setting does not affect the cache for files that are manually cached by the user or for files pinned by the administrator by using the Group Policy setting Computer Configuration\ or User Configuration\Administrative Templates\Network\Offline Files\ Administratively assigned offline files. You can store up to 2 gigabytes (GB) of automatically cached files per computer if that much space is available; for manually cached files, you are limited only by the amount of available disk space on the drive containing the cache.

Note If the network resource is online, renaming files in the Offline Files folder takes effect immediately on the network resource.

Encrypting Offline Files

Windows XP Professional provides Encrypting File System (EFS) support for Offline Files. The local cache of Offline Files can be encrypted if the cache directory resides on an NTFS volume. When the cache is encrypted, the local copy of a cached file is automatically encrypted.

Tip This capability is particularly useful for securing data on mobile computers.

To select this option, in the Folder Options dialog box, click the Offline Files tab, and then select the Encrypt Offline files to secure data check box. You must be a member of the Administrators group to perform this function.

You can also use Group Policy to apply this option to groups of users. In the Group Policy snap-in, enable the Encrypt the Offline Files cache setting. If the setting is configured by using Group Policy, it cannot be overridden on the Offline Files tab on the local computer.

Reconnecting to the Network Resource

A network share automatically becomes available after being offline when three conditions are all met:

  • No offline files from that network share are open on the user’s computer.

  • No offline files from that network share contain changes that must be synchronized.

  • The network connection is not a slow link.

If these conditions are met, a user can open a file and automatically begin working on that file on the network share. The changes the user makes are saved both to the file on the network share and to the file that is cached in the Offline Files folder.

If any of these conditions is not met and a user opens a file on the network share, the user continues working offline even though the network share is available. Any changes that the user makes are saved only to the local version of the file, which must then be synchronized with the network share.

Synchronizing Files

When using Offline Files, users can synchronize some or all network resources by using Synchronization Manager. For example, users can set certain shares to be synchronized every time they log on or log off the network. Synchronization Manager quickly scans the system, and if it detects changes, the resources are automatically updated. Only the resources that have changed are updated, which speeds up the synchronization process.

Administrators can use Group Policy to specify that all offline files on a particular computer are automatically synchronized when users log off, when users log on, or when a computer enters a suspend state.

How Synchronization Works

Offline files can be synchronized with the server copies of the files in the following circumstances:

  • When the user manually forces synchronization

  • During the logon or logoff process, as specified in Synchronization Manager

  • At intervals when the computer is idle, as specified in Synchronization Manager

  • At scheduled times, as specified in Synchronization Manager

When synchronizing offline files, you can select quick synchronization or full synchronization. The full synchronization option synchronizes every file in the local cache with the network share. The quick synchronization option verifies only that all files in the cache are complete; it does not verify that they are up-to-date.

For example if you have an autocached share containing a 10-MB file named Example.doc, when the client opens Example.doc for the first time, a directory structure is created for the file in the client database, and the file is marked as incomplete. At this point, a directory entry with the file properties exists on the client, and Example.doc is a 0-byte length file. Example.doc is then read from the server in increments. If the application is closed before the entire file is read, the file is saved in an incomplete manner in the local cache. Incomplete files are not available offline. Quick synchronization marks such files as complete.

By default, full synchronization is performed when the user logs off. If the Group Policy setting Synchronize all offline files before logging off is disabled, the system automatically performs a quick synchronization.

For synchronization to work, the network resources must be online or available for reconnection. How synchronization is run affects how offline changes are sent to the network resource and how new versions of cached files are downloaded. Table 6-1 describes what kind of synchronization occurs when each method is used.

Table 6-1 Synchronization Options and File-Caching Behavior

Synchronization Settings and Functions

Send offline changes to the network resource?

Receive cached files from the network resource?

Automatically synchronize the selected items when I log on to my computer is enabled

Yes

No

Synchronize all offline files before logging off is enabled

Yes

Fully

Synchronize all offline files before logging off is disabled

No

Partially

Synchronize the selected items while my computer is idle is enabled

Yes

Partially

Scheduled by using Synchronization Manager

Yes

Fully

Clicking Synchronize from the Start menu or on the Tools menu

Yes

Fully

Clicking Synchronize on the File menu

Yes

Fully

Clicking Make Available Offline on the File menu

No

Partially

Clicking the Offline Files icon in the notification area of the task bar

Yes

No

If the network resource version of a file and the locally cached version of the file are different, you can view each file and the date and time that the files were saved, and then select one of the following options in the Resolve file conflicts dialog box:

  • Keep both versions.

    Saves the version that resides on the local computer to the network as filename(username vX).doc, where filename is the name of the file, username is the user name, and X is the version number.

  • Keep only the version on my computer.

    Replaces the network version.

  • Keep only the network version.

    Replaces the version on My Computer.

Configuring Synchronization

Use the following procedure to set up synchronization.

To set up synchronization
  1. Click Start, click All Programs, click Accessories, and then click Synchronize.

  2. Click Setup.

  3. Use the Logon/Logoff, On Idle, and Scheduled tabs to configure options.

You can also initiate synchronization from the My Documents folder. After you have set up files for synchronization, Synchronize appears on the Start menu.

Note Synchronization works only for the user who is currently logged on.

Deleting Files and Folders

You can use two methods to safely remove offline files from the cache without affecting network files or folders. You can delete selected files from the Offline Files folder, or you can delete all files associated with a particular network share by using the Delete Files feature from the Offline Files property page. Do not directly delete or move any files from the systemroot\CSC folder.

Deleting Files from the Offline Files Folder

You can open the Offline Files Folder and delete files directly from the list of offline files. Deleting a file this way removes it from the cache regardless of whether it was manually or automatically cached.

Note Deleting files and folders from the cache does not delete the network copy of the file or folder.

If an offline folder is manually cached and you delete any or all offline files in the folder, the folder remains pinned. All files in the folder are cached the next time a full synchronization occurs.

To delete files from the cache using the Offline Files Folder
  1. Click a folder, and then on the Tools menu, click Folder Options.

  2. On the Offline Files tab, click View Files.

  3. Click the files you want to delete, and then on the File menu, click Delete.

In this view of the Offline Files folder, you can see which files are automatically cached (temporarily available offline) and which are manually cached (always available offline). If you delete manually cached folders this way, the folders and files in them are no longer pinned. You need to pin the files or folders to make them available offline again.

To delete files from the cache on a network share
  1. Click a shared network folder, and then on the Tools menu, click Folder Options.

  2. On the Offline Files tab, click Delete Files.

  3. In the Confirm File Delete dialog box, select the shared folders containing the offline files you want to delete.

  4. Click Delete only the temporary offline versions if you want to delete files that were automatically cached. Click Delete both the temporary offline versions and the versions that are always available offline if you want to delete files that were automatically cached and files that were manually cached (pinned).

Files are also deleted from the cache whenever an offline file is deleted by using a normal user path, such as Windows Explorer, My Computer, the Run dialog box, or the command prompt. When users verify that they want to delete a file, the file is removed from the cache. This is not an effective way to clean up the cache because it also deletes files in the shared network folder. However, the files are deleted immediately only if the associated network share is online. If the share is offline, the local copy is deleted and the Synchronization Conflict notification is displayed during the next interactive synchronization.

Reinitializing the Cache

During normal operation, you delete cached files by using the procedure shown in “Deleting Files from the Offline Files Folder” earlier in this chapter. However, if normal methods of deleting files are unsuccessful, you might need to reinitialize. Reinitializing deletes all offline files in the folder and resets the Offline Files database. If any files in the cache are changed and not synchronized with the network versions, the changes are lost when the cache is reinitialized. You must restart the computer to complete the reinitialization.

To reinitialize the Offline Files cache
  1. Click a folder, and then on the Tools menu, click Folder Options.

  2. Click the Offline Files tab.

  3. Press CTRL+SHIFT, and then click Delete Files.

  4. Restart the computer.

    Caution You cannot undo the effects of reinitialization. After the cache is reinitialized, all offline files are permanently removed from the computer.

Group Policy Settings That Affect Offline Files

You can use Group Policy settings to control the functioning of Offline Files. In an Active Directory environment, you can apply these settings to groups of users by applying a GPO to a site, domain, or organizational unit. In a non–Active Directory environment, you can configure these settings in the LGPO, which is found on each client computer.

Note that many of the following settings can also be configured by the user by using the My Computer interface, as described in “Implementing Offline Files” earlier in this chapter. Generally, if you apply a GPO but leave a setting as Not Configured, the user can configure it by using Offline Files in Folder Options. If you either enable or disable the setting, the user cannot change it.

For more information about using Group Policy with Windows 2000 Server, see “Group Policy” and “Introduction to Desktop Management” in the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit. For additional information on planning a managed environment using Group Policy in Windows Server 2003, see the Designing a Managed Environment volume of the Microsoft Windows Server 2003 Deployment Kit.

The Group Policy settings for Offline Files are found in two locations in the Group Policy snap-in: Computer Configuration\Administrative Templates\Network\ Offline Files for computer-based settings, and User Configuration\Administrative Templates\Network\Offline Files for user-based settings. Some settings are available for Computer Configuration only, while some are available for both User Configuration and Computer Configuration. If the same setting is configured for both Computer Configuration and User Configuration, the Computer Configuration setting takes precedence.

For more information about a setting, click the Explain tab associated with each Group Policy setting. Table 6-2 shows Group Policy settings for Offline Files.

Table 6-2 Group Policy Settings for Offline Files

Group Policy Setting

Description

Allow or Disallow use of the Offline Files feature

Determines whether Offline Files is enabled. Offline Files is enabled by default on Windows XP Professional–based client computers and is disabled by default on servers.

Default cache size

Limits percentage of a computer’s disk space that can be used to store automatically cached offline files.

Does not affect disk space available for manually cached offline files.

Files not cached

Allows you to exclude certain types of files from automatic and manual caching for offline use.

At logoff, delete local copy of user’s offline files

Deletes local copies of the user’s offline files when the user logs off.

Caution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.

Encrypt the Offline Files cache

Determines whether offline files are encrypted in the cache on the local computer. Encrypting the offline cache enhances security on the local computer.

Prohibit user configuration of Offline Files

Prevents users from enabling, disabling, or changing the configuration of Offline Files. Administrators can configure other settings as they require, and then enable this setting to prevent users from making any changes, thus locking in a standard configuration.

Synchronize all offline files before logging off

Determines whether offline files are fully synchronized when users log off.

Synchronize all offline files when logging on

Determines whether offline files are fully synchronized when users log on.

Synchronize all offline files before a suspend

Determines whether offline files are fully synchronized before a computer (such as a portable computer) enters suspend mode.

Action on server disconnect

Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.

Nondefault server disconnect actions

Determines how computers respond when they are disconnected from particular Offline Files servers. Administrators can enter the name of each server and specify whether users can work offline when disconnected from that server.

Remove Make Available Offline

Prevents users from making network files and folders available offline.

Removes the Make Available Offline option from the File menu and from all shortcut menus in Windows Explorer. Does not prevent the system from saving local copies of files that reside on network shares designated for automatic caching.

Prevent use of Offline Files folder

Disables the View Files button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Does not prevent users from working offline or from saving local copies of files available offline. Does not prevent them from using other programs, such as Windows Explorer, to view their offline files.

Administratively assigned offline files

Allows the administrator to specify files and folders available offline to users of the computer. To assign a file or folder, click Show and then click Add. In the Type the name of the item to be added box, type the fully qualified UNC path.

Do not automatically make redirected folders available offline

By default, local folders that are redirected are automatically made available offline. This setting allows the administrator to override the default behavior. This policy setting can be configured on a per-computer basis only.

Prohibit “Make Available Offline” for these files and folders

Allows the administrator to specify files or folders that you do not want available offline. To assign a file or folder, click Show and then click Add. In the Type the name of the item to be added box, type the fully qualified UNC path.

Subfolders always available offline

Makes subfolders available offline whenever their parent folder is made available offline.

Turn off reminder balloons

Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. This setting hides or displays reminder balloons.

Reminder balloon frequency

Determines how often reminder balloon updates appear (in minutes).

Initial reminder balloon lifetime

Determines how long the first reminder balloon for a network status change is displayed (in seconds).

Reminder balloon lifetime

Determines how long updated reminder balloons are displayed.

Event logging level

Determines which events the Offline Files feature records in the Event Log.

Configure slow link speed

Configures the threshold value at which the Offline Files component considers a network connection to be slow, to prevent excessive synchronization traffic.

Sharing Files and Folders

In Windows XP Professional, members of the Administrators, Power Users, and Server Operators groups can share folders. Other users who have been granted the Create Permanent Shared Objects user right can also share folders. If a folder resides on an NTFS volume, you must have at least Read permission to share the folder.

When you share a folder, keep the following in mind:

  • You can share only folders, not files.

  • Shared folders are relevant only to users who need to access data over the network. Sharing a folder and assigning shared folder permissions has no effect on users who are locally logged on to a computer.

  • When you copy a shared folder, the original shared folder is still shared, but the copy is not shared.

  • When you move a shared folder, the folder is no longer shared.

  • If you have a mixed environment, use 8.3 format share names so that older client operating systems can recognize them.

To share a folder

  1. Right-click the folder you want to share, and then click Properties.

  2. In the folder properties dialog box, click the Sharing tab.

  3. Click Share this folder, and then in Share name, type the name you want users to see when they browse for this folder on the network. If you append the name with the $ symbol, the folder is shared, but the folder does not appear when users browse for it across the network.

  4. In Comment, type a description for the shared folder. This description is visible to users who browse across the network.

  5. In User limit, make any changes you want. The default setting is Maximum allowed, which corresponds to the number of client access licenses you have purchased. You can also designate a user limit by clicking Allow, typing the number of users next to Users, and then clicking OK.

    Warning By default, shared folder permissions are set so that the Full Control permission is assigned to the Everyone group. You can change the default shared folder permissions by clicking Permissions in the folder properties dialog box. Note that this behavior changed in Windows XP Service Pack 1 and later, where the default shared folder permissions are Read permission for the Everyone group. This change does not apply, however, to sharing files using the net share command or using Simple File Sharing. See article 328065 in the Microsoft Knowledge Base at https://support.microsoft.com/kb/328065 for more information.

You can also share a folder from the command line by using the net share command. For more information about sharing a folder, including information about using the net share command, see Windows 2000 Server Help.

Configuring Shared Folder Permissions

Shared folder permissions determine who can gain access to resources on remote computers. When a folder is shared, users can connect to the folder over the network and gain access to its contents. Shared folder permissions allow you to control which users or groups can gain access to the contents of a shared folder.

Shared folders and NTFS permissions

Shared folder permissions are different from NTFS permissions. NTFS permissions use access control lists (ACLs) to limit access to resources and can be assigned only to resources on an NTFS volume. In addition, NTFS permissions can be assigned to both files and folders. Shared folder permissions do not use access control lists and can therefore be used on a volume that is formatted with any file system, including FAT, FAT32, or NTFS. In addition, shared folder permissions can be assigned only to folders. For more information about NTFS permissions, see Chapter 13, “Working with File Systems.”

Administrative shares

In addition to folders you designate as shared, Windows XP Professional also creates several shared folders by default when you start a computer or when you stop and then start the Server service. These shared folders, called the administrative shares, are shared for administrative purposes and allow users to access administrative resources remotely. Some of the administrative shares cannot be configured, and access is restricted to users who have administrative rights. The administrative shares include folders such as the systemroot folder (ADMIN$), the root folder of every drive (C$, D$, and so on), the printer driver folder (PRINT$), and the IPC$ share used for temporary connections between network programs using named pipes.

Setting shared folder permissions

Shared folder permissions can be set only by members of the Administrators, Power Users, or Server Operators groups. Users who have been granted the Create Permanent Shared Objects user right can also assign shared folder permissions. If a folder resides on an NTFS volume, you must have at least Read permission to assign shared folder permissions.

There are three types of shared folder permissions: Read (the most restrictive), Change, and Full Control (the least restrictive). Table 6-3 describes each of these permissions.

Table 6-3 Shared Folder Permissions

Permission

Description

Read

Users can display folder and file names, display file data and attributes, run program files and scripts, and change folders within the shared folder.

Change

Users can create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files, and perform all tasks permitted by the Read permission.

Full Control

Users can change file permissions (on NTFS volumes only), take ownership of files (on NTFS volumes only), and perform all tasks permitted by the Change permission that aren’t otherwise prohibited by the underlying NTFS file system permissions.

You can allow or deny shared folder permissions to individual users or groups. From an administrative standpoint, it is usually most efficient to assign permissions to a group rather than to individual users. Also, deny permissions only when it is necessary to override permissions that are otherwise applied. Denied permissions take precedence over any permissions that you otherwise allow for user accounts and groups. For example, it might be necessary to deny permissions to a specific user who belongs to a group that has been granted permissions.

When you assign shared folder permissions, keep the following in mind:

  • Shared folder permissions do not restrict access to users who are locally logged on to a computer where the shared folder is located. Shared folder permissions apply only to users who connect to the folder across the network.

  • To restrict access to a folder, use shared folder permissions or NTFS permissions, but not both. The best practice is to share a folder so that the Everyone group has Full Control, and then restrict access to the folder by using NTFS permissions.

  • If shared folder permissions are configured for a folder and NTFS permissions are configured for the folder and its contents, the most restrictive permissions apply.

  • When you assign a shared folder permission to a user and that user is a member of a group to which you assigned a different permission, the user’s effective permissions are the combination of the user and group permissions. For example, if a user has Read permission and is a member of a group with Change permission, the user’s effective permission is Change, which includes Read.

To configure shared folder permissions
  1. Right-click the folder for which you want to configure shared folder permissions, and then click Properties.

  2. In the folder properties dialog box, click the Sharing tab, and then click Permissions.

  3. In the Permissions for dialog box, click Add.

  4. In the Select Users, Computers, or Groups dialog box, click Object Types, click the Users check box, and then click OK.

  5. Under Enter the object names to select, type the name of the group or user for which you want to set shared folder permissions, and then click OK.

  6. In the Permissions for dialog box, in the Group or user names box, click the group or user for which you want to set shared folder permissions.

  7. In the Permissions for dialog box, allow or deny permissions, and then click OK.

Simple Sharing and ForceGuest

When a Windows XP Professional–based computer is not joined to a domain, the simple sharing model is fundamentally different than the model used in previous versions of Windows. By default, all users logging on to such computers over the network are forced to use the Guest account; this is called ForceGuest.

How ForceGuest Works

On computers running Windows 95, Windows 98, and Windows Me, you can specify read-only and full-control share passwords: any user connecting to a share can enter the appropriate password and get the specified level of access. However, this share-level password model is insecure, because share passwords are passed in plaintext and can be intercepted by someone with physical access to the network.

On computers running Windows 2000 and not joined to a domain, identical user accounts with matching passwords must be created on two computers (to enable transparent sharing) or the user must type a user name and password when connecting. Windows 2000 also requires that you grant permissions to the user account on the computer hosting a share to the share and to the files and directories being shared or that you enable the Guest account. However, using the Guest account can cause broader than intended access to the share, because the Everyone group (which allows Guest access) is widely used in the default system permissions.

By default, on computers running Windows XP Professional and not joined to a domain, all incoming network connections are forced to use the Guest account. This means that an incoming connection, even if a user name and password is provided, has only Guest-level access to the share. Because of this, either the Guest user account or the Everyone group (the only group to which the Guest account belongs) must have permissions on the share and on the directories and files that are shared. It also means that, in contrast to Windows 2000, you do not need to configure matching user accounts on computers to share files. Because Windows XP Professional supports Anonymous connections, and because it severely limits the use of the Everyone group in file system permissions, granting the Everyone group access to shared folders does not present the security problem that it does on Windows 2000–based computers.

ForceGuest is enabled by default, but it can be disabled on Windows XP Professional by disabling the local security policy Network Access: Force Network Logons using Local Accounts to Authenticate as Guest. By contrast, on Windows XP Professional–based computers joined to a domain, the default sharing and security settings are the same as in Windows 2000. Likewise, if the ForceGuest policy setting on a Windows XP Professional–based computer not joined to a domain is disabled, the computer behaves as in Windows 2000.

Sharing Files and Folders Using the Simple Sharing User Interface

To simplify configuring sharing and to reduce the possibility of misconfiguration, Windows XP Professional uses the simple sharing User Interface (UI). The simple sharing UI appears if ForceGuest is turned on; the traditional sharing and security tabs are shown if ForceGuest is turned off.

On computers running Windows XP Professional that are not joined to a domain, ForceGuest is turned on by default. To access the traditional sharing and security tabs and manage permissions manually on these computers, go to Windows Explorer or My Computer, click the Tools menu, click Folder Options, click the View tab, and then clear the Use simple file sharing (Recommended) check box. Note that changes made manually cannot be undone by using the simple sharing UI, and although you might make what appears to be a reasonable change to permissions, the resultant permissions might not work as expected if ForceGuest is subsequently turned on.

By using the simple sharing UI, you can create or remove a share and set permissions on the share. When simple sharing is in effect, appropriate permissions are automatically set on shared files and folders. The following permissions are added when you use the simple sharing UI:

  • Share permissions

  • File permissions

  • Allow others to change my files

  • Don’t allow others to change my files

When the Guest-only security model is used, the Sharing tab has only three options:

  • Share this folder on the network.

    Grants the Everyone group Read permissions on the folder and its contents.

  • Share name.

    This is the name of the share on the network.

  • Allow other users to change my files.

    Grants the Everyone group Full Control permissions on folders and Change permissions on files.

Sharing the Root Directory of a Drive

You can create a share at the root of the system drive, but simple sharing does not adjust the file permissions on such shares. On a share created at the root, the simple sharing UI is displayed in the property sheet, and Sharing is added to the shortcut menu on the system drive icon in Windows Explorer. There are two important reasons why it is recommended that you not share the root directory of the system drive:

  • By default, the Everyone group is granted only Read permissions on the root of the system drive, so sharing the root of the system drive is not sufficient for most remote administration tasks.

  • Sharing the root of the system drive is not secure—it essentially grants anyone who can connect to the computer access to system configuration information. For maximum security, it is recommended that you share folders only within your user profile, and share only information that you specifically want others to access.

Shared Documents Folder

The Shared Documents folder in My Documents is new in Windows XP Professional. This folder appears when two or more user accounts are created on the local computer. Files can be shared among multiple users of the same computer. In a network environment, files can be copied or moved to a folder on another computer.

By default, the Shared Documents folder is automatically shared and made accessible to all other computers on the network.

Searching for Files, Folders, and Network Resources

Searching for files, folders, and network resources is easier in Windows XP Professional than in Windows 2000 Professional. You can perform a search from the Start menu, My Computer, My Documents, or My Network Places. As in Windows 2000 Professional, from My Network Places you can connect to shared folders, a Web folder, or an FTP site.

In Windows XP Professional, using Windows Explorer is similar to using a Web browser. Forward and Back buttons, a History folder, an Address bar, custom views, and the Search Assistant are available in Windows Explorer windows and in all windows accessed by using My Computer, My Network Places, My Documents, and the Search command on the Start menu.

When you use Windows XP Professional in an Active Directory domain, you can search the Active Directory directory service by specifying attributes for the resource you want. For example, you can search for printers capable of printing double-sided pages. For more information about searching in an Active Directory domain, see “Searching for Network Resources in an Active Directory Environment” later in this chapter.

Finding Files and Folders

Windows XP Professional offers a number of ways to find files or folders. Each method provides access to the History folder, Search Companion, and Indexing Service on the local computer.

Users can search for files and folders in the following ways:

  • On the Start menu, point to Search, and then click Pictures, Music or Video, or Documents (word processing, spreadsheet, and so on), or All Files and Folders, or Printers, Computers or People.

  • Open Windows Explorer.

  • Open My Documents, My Computer, or My Network Places.

Using the History Folder and History View

The Windows XP Professional History folder integrates Web links and network shares so that users have access to their navigation history no matter where they view the History folder. Users can sort the History folder by the following categories: By Date, By Site, By Most Visited, or By Order Visited Today.

You can also select the History view from the toolbar in Windows Explorer, which tracks the history of all Web sites and documents opened. In this view, you can sort by location or by date used, or search the history list, using option buttons.

Connecting to Network Shares

Windows XP Professional allows you to map drives directly to shared subfolders on the network. In previous versions of Windows, you mapped drives to \\servername\sharename. In Windows XP Professional, you can map drives to \\servername\sharename\subfoldername.

You can use the Add Network Place Wizard to connect to frequently accessed network resources. Mapped network drives do not appear in My Network Places; to view mapped drives, use My Computer or Windows Explorer.

Using Indexing Service

Indexing Service extracts information from documents on the local hard disk drive and shared drives, and organizes it in a way that makes it quick and easy to access that information by using the Search Assistant, the Indexing Service query form, or a Web browser. The information can include text contained in a document (its contents), and information about the document (its properties), such as the author’s name. Indexing Service automatically stores all the index information either in the system catalog or in the Web catalog.

After the index is created, users can search, or query, the index for documents that contain specified words or properties. For example, a user might run a query for all documents containing the word product or run a query for all Microsoft Office documents written by a specific author. Indexing Service returns a list of all documents that meet the search criteria.

To enable Indexing Service on a local computer
  1. Click Start, and then click Search.

  2. Click the Change preferences link and then click With Indexing Service (for faster local searches).

  3. Click Yes, enable Indexing Service.

Indexing Service is designed to run continuously and requires little maintenance. After it is set up, all operations are automatic, including index creation, index updating, and crash recovery in the event of a power failure.

Searching for Network Resources in an Active Directory Environment

When a Windows XP Professional–based computer is connected to an Active Directory domain, users can search the directory for resources such as computers, people, and shared folders, providing that the resource is published in Active Directory.

Active Directory contains objects, and each object is assigned specific attributes. For example, if a printer can print double-sided pages, the Active Directory administrator might specify that attribute for the printer object in Active Directory. If a user searches for printers that can print double-sided pages, the search returns all printers with that attribute. If the administrator chooses not to assign that attribute to the printer, even if it is capable of that function, the printer cannot be found by searching only for that attribute.

To help users locate resources quickly, create custom Active Directory searches and save them as query directory search (.qds) files. You can then distribute the .qds files to the workgroups or organizational units that need them.

Warning To search using Active Directory, your computer must be part of a Windows 2000 Server or Windows Server 2003 Active Directory domain.

For more information about Active Directory, see the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit. For additional information, see the Designing and Deploying Directory and Security Services volume of the Microsoft Windows Server 2003 Deployment Kit.

Searching for Computers

In Windows XP Professional, as in earlier versions of Windows, users can search for computers by using NetBIOS. In an Active Directory environment, users can also search for computers by using Active Directory. It is important to understand the difference between the two methods.

In a NetBIOS search, if the computer the user is searching for is logged on to the network, the user can connect to it and view its shared folders.

To search for computers using NetBIOS
  1. Click Start, point to Search, and then click Printers, Computers, or People.

  2. Click the A computer on the network link.

  3. Type the full name of the computer you are searching for, and click Search.

In an Active Directory network search, computers in the directory are represented by objects. Users can locate an object even when it is disconnected from the network. When a user double-clicks the icon representing a computer found by using an Active Directory search, only the properties for that computer are displayed. Users cannot locate the actual computer and its available shares by using an Active Directory search. To access shares in an Active Directory domain, the shares must be published, and the user must know the name of the share.

To search for computers by using Active Directory
  1. In My Network Places, double-click Entire Network.

  2. Click the Search Active Directory link.

  3. In the Find box, click Computers.

  4. Type the full name (or a portion of the name) of the computer you want to find, and click Find Now.

    Note You might need to specify an object in the In box.

Searching for Shared Files and Folders

For users to access files and folders in an Active Directory domain, the Active Directory administrator must first publish them. Folders that are shared but not published do not appear in the Search Results window. If a user searches for a computer by using an Active Directory search, no shared folders that might reside on that computer are accessible or visible. To view and access shared files and folders, the user must run a NetBIOS search.

While users can use the Search Assistant in Active Directory to locate shared folders, they must specify the exact folder name. Users cannot browse a list of shared folders. To find a shared folder in Active Directory, follow these steps:

  1. In My Network Places, double-click Entire Network.

  2. Click the Search Active Directory link.

  3. In the Find box, click Shared Folders.

  4. Type the full name (or a portion of the name) of the shared folder you want to find, and click Find Now.

    Note You might need to specify an object in the In box.

Troubleshooting Files and Folders Management

This section presents some common situations that might arise when managing files and folders and the most likely causes for these problems.

Folder Redirection Registry Keys

To help troubleshoot problems with Folder Redirection, you can view the registry settings to determine whether folders are redirected and see the path to the redirected location.

Caution Do not edit the registry unless you have no alternative. The Registry Editor bypasses standard safeguards, allowing settings that can damage your system or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at https://www.microsoft.com/reskit.

To view redirected folder information in the registry
  1. In the Run dialog box, type regedit.exe, and then click OK.

  2. Navigate to the registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Explorer\User Shell Folders

If a folder has not been redirected, the Data value will be the default location in the user profile, as shown in Table 6-4.

Table 6-4 Registry Keys for Redirected Folders

Registry Key Name

Type

Data

AppData

REG_EXPAND_SZ

%USERPROFILE%\Application Data

Desktop

REG_EXPAND_SZ

%USERPROFILE%\Desktop

Personal

REG_EXPAND_SZ

%USERPROFILE%\My Documents

My Pictures

REG_EXPAND_SZ

%USERPROFILE%\My Documents\My Pictures

Start Menu

REG_EXPAND_SZ

%USERPROFILE%\Start Menu

If a folder has been redirected, the Data value will be the redirected path.

Folders Are Not Redirected

Using Group Policy, you configure a user managed by a Group Policy object to have the user’s My Documents folder redirected to the server share \\ServerName\MyDocs\Username. When the user logs on to the network, the My Documents folder is not redirected to this server.

Possible causes
  • The client computer is running Windows NT 4.0, Windows 95, or Windows 98.

  • Group Policy is not applied.

  • The network share is unavailable and Offline Files is not enabled.

  • The user does not have sufficient access rights to the share on which you have redirected the folder.

  • There is a disk quota that has been exceeded on the target folder.

  • You use a mapped drive for the target path rather than a UNC path.

Diagnostic tests

To help determine the cause of the problem use the following tests.

  • Operating System.

    Confirm that the client computer is running Windows XP Professional or Windows 2000 Professional. Group Policy does not work on earlier versions of the Windows operating system.

  • Group Policy.

    Run Gpresult.exe in verbose mode to check whether the correct GPOs containing Folder Redirection configuration information are applied and that the expected folders are redirected.

    At the command line, type: gpresult /v

    This displays the Group Policy setting applied to the current computer for the currently logged-on user. The following output illustrates the results of this command. If similar results are not present, no Group Policy is applied for Folder Redirection.

    **Note:**Some parts of the code snippet have been displayed in multiple lines only for better readability.These should be entered in a single line.

    The user received “Folder Redirection” settings 
    

from these Group Policy objects:     EU-RedirectedDesktop-Marketing         Revision Number:    16         Unique Name:     {C19SADC-A8E8-11D2-9BEB-00A024070A22}         Domain Name:    ntdev.reskit.com         Source:        Domain     EU-FolderRedirection-Building26         Revision Number:    11         Unique Name:             {FBEE2508-BCAA-11D2-B3EE-00C04FA3787A}         Domain Name:    ntdev.reskit.com         Source:        Domain     Desktop is redirected to \policy1\desktop%username%     My Documents is redirected to  \policy1\mydocs1%username%     My Pictures is redirected to  \policy1\mydocs1%username%\My Pictures

  • Network Connectivity.

    Ping the server by its IP address to test base-level IP connectivity; ping the server by name to test Domain Name System (DNS) name resolution.

    If the server that contains the redirected folders is offline and Offline Files is disabled, users cannot access their data. For more information about how to enable Offline Files, see “Implementing Offline Files” earlier in this chapter.

    If the server that contains the redirected folders is offline and Offline Files is enabled, users should have access to their data if those files were accessed when the users were previously online. If these files and folders are not available, see “Files Available When Online Are Not Available When Offline” later in this chapter.

  • Insufficient Access Rights.

    Verify that the user has enough file security to access folders to which his or her data is redirected. You should assign a user Full Control security access on the access control lists (ACLs) of the root of the share where he or she redirects data.

  • Disk Quota.

    Check whether there is a disk quota enabled on the volume that contains the redirected folder. If there is a quota enabled, make sure that this quota is not exceeded. If it is exceeded, increase the quota or have the user delete files.

  • Mapped Drive.

    Check the folder redirection target in the applicable GPO. If it is a mapped drive, change it to the UNC path for the share location. Folder redirection is processed before drive mappings, so mapped drives are not recognized by the folder redirection component.

Folder Redirection Is Successful but Files and Folders Are Unavailable

Using Group Policy, you configure a user managed by a Group Policy object to have his or her My Documents folder redirected to the server share \\ServerName\MyDocs\Username. When the user logs on, the folders are successfully redirected, but are not available to the user on this redirected share.

Possible causes
  • The network share is unavailable, and Offline Files is not enabled or the items are not available in the local cache.

  • The user does not have sufficient access rights to the share on which you have redirected the folder.

  • When using applications, open and save operations have hard-coded locations and do not use the redirected path.

Diagnostic tests

To help determine the cause of the problem use the following tests.

  • Network Connectivity.

    Ping the server by its IP address to test base-level IP connectivity; ping the server by name to test DNS name resolution.

    If the server that contains redirected folders is offline, and Offline Files is disabled, users cannot access their data. For more information about how to enable Offline Files, see “Implementing Offline Files” earlier in this chapter.

    If the server that contains the redirected folders is offline, and Offline Files is enabled, users should have access to their data if those files were accessed when the users were previously online. If these files and folders are not available, see “Files Available When Online Are Not Available When Offline” later in this chapter.

  • Insufficient Access Rights.

    Verify that the user has enough file security to access folders to which his or her data is redirected. You should assign a user Full Control security access on the access control lists (ACLs) of the root of the share where he or she will redirect data. At a minimum, the user should have Read and Write access if he or she is saving and retrieving documents.

  • Applications Using Hard-Coded Paths.

    Check the applications that the user is using. Older applications might not be able to recognize the redirected folders.

Offline Files Do Not Synchronize

A user cannot synchronize certain files or folders.

Possible causes
  • Files with the file name extensions .mdb, .ldb, .mdw, .mde, and .db are not synchronized by default.

  • You have configured a Group Policy setting to specify additional file name extensions that cannot be synchronized.

  • Network connection problems prevent accessing the files the user wants synchronized.

  • Insufficient disk space exists on the client computer to synchronize files.

  • The user does not have Read or Write permissions on files he or she wants synchronized.

Diagnostic tests

To help determine the cause of the problem use the following tests.

  • Extensions Not Synchronized.

    Check the file name extensions of the files that were not synchronized to confirm that they are not on the list of files to exclude.

    Check whether you have applied any Group Policy settings that restrict other extensions from being synchronized.

    Check the following Group Policy setting:

    Computer Configuration\Administrative Templates\Network\Offline Files\Files not cached

    Using this Group Policy setting, you can designate additional file name extensions that cannot be synchronized. You can check this on your client by running the Gpresult.exe tool and looking for the following in the output:

    KeyName:    Software\Policies\Microsoft\Windows\NetCache
    

ValueName:    ExcludeExtensions ValueType:    REG_SZ Value:        *.xls

Any file name extensions listed in the **Value** line are not synchronized. In this example, any files with the extension .xls are not synchronized. The user cannot override this Group Policy setting.
  • Network Connectivity.

    Ping the server by its IP address to test base-level IP connectivity; ping the server by name to test DNS name resolution.

    Use the net view \\servername command to view the server and its shared resources. You should be able to see the share name that stores the files. This also confirms that the user has rights to access the share.

  • Insufficient Disk Space.

    Check the amount of free disk space on the client to make sure there is sufficient disk space to synchronize the missing files.

  • Insufficient Access Rights.

    Check user permissions on the unsynchronized files.

User Cannot Make Files and Folders Available Offline

The user right-clicks a file or folder to make it available for offline use, but Make Available Offline does not appear.

Possible causes
  • The file or folder selected is actually a local file or folder and not on a network file share.

  • The user is trying to make his or her redirected My Documents folder available offline but does not have access to the file share.

  • Offline Files is not enabled, or a Group Policy setting was applied to disable Offline Files.

  • User is in a multiconcurrent user environment, such as Terminal Services or Fast User Switching. These environments are not compatible with Offline Files.

Diagnostic tests

To help determine the cause of the problem use the following tests.

  • Local File or Folder.

    Validate that the file or folder is on a network file share and not a local share.

  • Insufficient Access to My Documents File Share.

    If the Make Available Offline option appears when you right-click a file or folder but not when you right-click a redirected My Documents folder, you should check that the My Documents folder is actually redirected successfully and is not local. Then verify that the user has appropriate file security to read and write to the location where the My Documents folder is redirected.

  • Offline Files Not Enabled.

    Check whether Offline Files is enabled.

To verify that Offline Files is enabled
  1. Click My Computer.

  2. Click Tools, and then select Folder Options.

  3. Click the Offline Files tab.

  4. Select the Enable Offline Files check box.

    If this procedure does not enable Offline Files, there might be a Group Policy setting that prevents Offline Files from being enabled. The Group Policy setting that controls this is:

    Computer Configuration\Administrative Templates\Network\Offline Files\Allow or Disallow use of the Offline Files feature

    To see if this Group Policy setting is applied, run Gpresult.exe in verbose mode on the client computer. Compare the output of this tool to the following sample:

    KeyName: Software\Policies\Microsoft\Windows\NetCache
    

ValueName: Enabled ValueType: REG_SZ Value:

If the output of Gpresult.exe on your client looks like the example, this Group Policy setting is applied and Offline Files is disabled. You must change this Group Policy setting to enable Offline Files.

**Note** When the Group Policy setting Enable Offline Files is configured with a setting of Disable, the Offline Files feature is disabled.

Files Available When Online Are Not Available When Offline

Documents and programs that are accessible when connected to the network are not synchronized with the local cache for offline use.

Possible causes
  • The files reside on a computer that is not running Windows XP Professional or Windows 2000 Professional. Computers running previous versions of Windows do not support automatic caching of files and folders.

  • Offline files are not enabled on the local computer.

  • Allow caching of files in this shared folder is not enabled on the file share where the documents are being accessed or Allow caching of files in this shared folder is enabled but is not set to Automatic Caching.

Diagnostic tests

To help determine the cause of the problem use the following tests.

  • Windows Version.

    Check whether the server containing the file share is running Windows 2000 Server or Windows Server 2003. Check that the client is running Windows XP Professional or Windows 2000 Professional.

  • Offline Files Not Enabled.

    Navigate to a network file share, right-click a file or folder, and then check whether there is a Make Available Offline shortcut menu.

  • Caching Not Enabled or Not Automatic.

Use the following procedure to check caching settings on the file share.

To check the configuration of the file share
  1. On the file server containing the file share, click My Computer.

  2. Navigate to the folder that is shared, right-click the folder, and then select Properties.

  3. Click the Sharing tab, and then click Caching.

  4. Make sure the Allow caching of files in this shared folder check box is selected.

  5. In the box, select one of the following:

    • Automatic Caching for Documents if this share contains documents.

    • Automatic Caching for Programs if this share contains application files.

Additional Resources

These resources contain additional information related to this chapter.

  • The Designing a Managed Environment book in the Microsoft Windows Server 2003 Deployment Kit, for information about deploying Group Policy

  • The Deployment Guide of the Microsoft Windows 2000 Server Resource Kit, for information about deploying Group Policy and Active Directory

  • The Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit, for more information about implementing and troubleshooting IntelliMirror technologies

  • The Change and Configuration Management Guide link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources, for information about deploying IntelliMirror

  • The Designing a Managed Environment volume of the Microsoft Windows Server 2003 Deployment Kit

  • The Designing and Deploying Directory and Security Services volume of the Microsoft Windows Server 2003 Deployment Kit

  • The “Group Policy Settings Reference for Windows XP Professional Service Pack 2” spreadsheet, which is available from the Microsoft Download Center (https://www.microsoft.com/downloads)

  • Group Policy Help, for information about Group Policy

  • “IntelliMirror” in Windows XP Professional Help and Support Center, for information about user data management, software installation and maintenance, user settings management, and Remote Installation Services (RIS)