Learning Network Manager Thread, Configuring Offline Files in Technical; Hello
At the start of the month I posted a thread seeking advice on how teacher laptops can be set ...
26th June 2014, 09:03 AM #1
- Rep Power
Configuring Offline Files
At the start of the month I posted a thread seeking advice on how teacher laptops can be set to sync with the domain, i.e they can see their My Documents at home and if they add to it they can then see the files on the school PC's.
Anyway I got myself in a bit of a muddle with exactly what it was that needed doing but having consulted a technician at another school it would appear that the solution is to configure offline files.
Does anybody know how I go about this? I imagine the laptops have to be added to the domain and placed in their own OU so offline files can be configured by group policy? Or is it more to do with settings on the user folders?
Any advice welcome, thank you in advance
26th June 2014, 09:33 AM #2
Do you mean folders and files in their network home folders? If so you can go to the folder you want - My Documents for example, then right click on it and select "always available offline".
It then syncs all the files etc in that folder - which can take a while, and when they get home they will have an "N" drive where the synchronised My Documents folder will be.
I should say that the above works with Windows 7 but I can't comment on other versions. We use it quite a lot to sync the My Settings folder as some programs like Adobe Reader won't work at home if we don't.
26th June 2014, 09:43 AM #3
- Rep Power
That's right its their My Documents that they wish to see but I'm a bit lost as to how they would sign on to the laptop at home and it would sync.
Surely adding a laptop to the domain allows staff to log in as normal for use in school and then when they take it home they have to log in locally?
The laptops are running Windows 7 but I'm trying to set it up from server 2003.
26th June 2014, 09:51 AM #4
If you enable cached logons they use a single logon (no local account needed or used) this allows them to log on to their domain account at home and get the offline files etc/.
26th June 2014, 10:06 AM #5
The sync part happens when they are in school (it uses active sync I think) and should sync when they log off. When they come back into school the sync will run again so that work they have done at home will appear on their network folder
Originally Posted by Bankesy
The sync doesn't happen while they are at home but the My documents folders appears to them as if it would as if they were in school
Can your users log on at home with the same credentials as they do at school?
26th June 2014, 10:11 AM #6
- Rep Power
Currently our laptops have nothing to do with the domain or the network, they are simply stand alone for use at home and users only access the network in school.
That was useful regarding the cached logons, I shall investigate this.
So it is a case of setting each individual user My Documents folder to work offline opposed to using any group policy?
26th June 2014, 11:01 AM #7
local login laptops can do it as well you just have to set it up manually
Originally Posted by Bankesy
1st July 2014, 11:56 AM #8
- Rep Power
If you have seen my other posts in the another section of the forum regarding Windows Deployment Services Error Message you will see it has now been resolved.
That was step 1 in completing the project so we now have an image for staff laptops but as mentioned here they need to sync between home and work.
My idea is to create an OU and join the laptops to the domain but how do I turn the user logins into cached logins?
I take it this is the correct order to do things and once this is working play about with offline files?
1st July 2014, 12:45 PM #9
you need a gpo on the pcs with
computer config\admin templates\system\user profiles\
delete cached copies of roaming profiles disabled
and ideall as well
do not logusers in with a temporary profile enabled
delete user profiles older than a specified number of days on system restart and set to something like 180 days anyone who dosent use pc a for months can get a new copy of their profile from the server
1st July 2014, 05:08 PM #10
Offline files are nice and easy to setup and since Windows XP they have come a long way.
Back in the days of XP, they were not too great as for some reason Microsoft decided there needed to be some exclusions to what exact file types could be synchronized.
To be fair, they had good reason for the filetypes they excluded, its just that XP had a tendency to just moan about it all the time and the user had to suffer with a big red X as an error every time they logged on or off.
In Windows 7 Offline files are really easy to sort out. There are a tonne of policies you can pick and choose from but honestly, you can just do it with one policy.
As soon as you redirect a folder on a Windows network, the most common being the Documents folder, it becomes instantly available offline.
This is because by default all redirected folders are set to be available offline and if you didn't want this to happen you enable the policy that turns this off:
User Configuration > Policies > Administrative Templates > System > Folder Redirections
"Do Not automatically make redirected folders available offline" -> Enable
To be honest, if you just want their documents to be available, then simply apply the redirection policy (which you probably already have) to the documents folder and you'll see the magical "Sync Center" icon appear on their documents drive. Easy.
As for the Syncing, just make sure you allow the users access to the Sync Center bit in the Control panel, if you restrict the control panel then the Canonical name is Microsoft.SyncCenter, just add that to your whitelist.
It does not use ActiveSync that is Microsoft Exchange term and technology and nothing to do with Offline files. Sync Center is what it is and is built into Windows 7, 8 and 8.1.
When they come into the school, it will realise, they did work at home because the copy on the machine is newer than the copy on the server and it does the sync and updates the existing copy.
The Cache is stored is the CSC folder in the Windows directory. Do not attempt to access this directory. It is heavily locked down.
Things to consider
Encryption - Do you want to enable it? Technically speaking there is a copy of potentially sensitive files on that machine, though at the same time you have password protected the machine. (good ole Risk Assessment there)
Domain machines only, will only work with a machine on a domain.
Profile Adjustments and Server Changes - When you cut and paste documents server side, they are classed as newer. So if you do some shuffling and move someones documents about, whatever work they do at home has a high chance of being lost as the server will be like, I'm the newest, sync with me, get rid of all that other stuff. It is genuinely luck sometimes that can prevent this, but if a file is lost, it is lost. I'm not saying it is impossible to get back, but my god it will take a while and a lot of luck.
Awareness, make sure people are aware of how it works. Make sure they know how to sync up. Sometimes they login their machine and don't leave it long enough and it goes wrong.
Alternatively, if they have a laptop and don't turn it on. If they login another machine in the school, they will probably expect it to be in their documents. Since it hasn't uploaded from the laptop to the server yet.. well you can see the issue.
As others have mentioned, Cache profiles do need to be possible. What many don't know is that since 2008R2 they are on by default, you do not need to disable or alter policies, UNLESS you have migrated from 2003 as all clients would be like its off by default and since the policy is not configured on the 2008R2 (or higher) server, i'm going to assume it remains off.
This is why you have a disable, not configured and enable and yet sometimes no configured and enabled is the same, or vice versa.
Tbf unless you really know GPO, that's all irrelevant and another discussion for another time, it is clever and just trust that it is haha.
Hope this helps!
3rd July 2014, 10:22 AM #11
- Rep Power
I do appreciate all of your explanations and help but I do need it put in much simpler terms with regards to the policy setting.
I have an OU with the staff laptops in and other separate OU's listed by room (Room 500) for example which contain any PCs in that room.
I'm a bit lost as to where I should be setting a policy for cached logons and\or offline files. I assume it is based on PC\Laptop and not user?
Apologies if my simplicity is frustrating : )
3rd July 2014, 10:31 AM #12
- Rep Power
Sorry to post again and I suppose this is mostly directed at DEvans: having read what you put there regards Sync Centre I notice that on the domain PCs that Sync Centre does indeed appear to be running.
Looking at my own for example I can see that apparently there have been some recent successful offline synchronisations and when going to 'Manage Offline Files' I can actually see My Documents.
Does this mean I'm much closer to a solution that perhaps first thought?
3rd July 2014, 11:18 AM #13
Offline Files - Explained
Since I am waiting for SIMS Summer Upgrade to deploy and have people moan at me during the day I have the time to write this out. haha.
If you have a fairly new network (2008R2) which was rebuilt and not migrated and your clients are Windows 7 (again not upgraded from Vista/XP) then you will be already very close to having it all setup and ready to go as by default a lot of the polices are already active and on.
I've built dozens of networks from the ground up over the last few years before I took the job i'm in now and have been fortunate to come across these gotchas and common mistakes.
In my network I have:
- Redirected Documents - To their home drive
- Offline Files Enabled and Working for all Machines
- An additional Administratively assigned offline file which is not part of the redirected folders
In my Active Directory (AD) (apologies if this is teaching how to suck eggs, this post can be the benefit of others as well), in the properties of a user you have the profile tab which specifies the location of their home drive.
I have it set to use drive letter P: (P for Personal) and the path to their documents on the server.
This alone will map the P:\ drive for the user in their "My Computer" (which is now just called Computer in Win7+). This will not make it available offline automatically.
The reason being is because when they click Start -> Documents it will take them to their C:\Users\%username%\Documents folder because we have not yet setup the redirection to make that link go to their home folder location (P:\).
So in Group Policy, we setup that redirection. This is a user based policy.
In my environment, in my staff user policy, I have redirection setup:
So under User Configuration -> Policies -> Windows Settings -> Folder Redirection -> *Right click* Documents and choose properties and I have chosen "Redirect to the user's home directory". On the Settings tab, I don't grant them exclusivity, don't move because I dont need to and I have Windows 7+ throughout the environment so we don't need to turn on legacy features.
By simply setting this policy, on the next restart of your client the P:\ drive will now be available offline and the "Sync Center" icon will appear on it.
P drive Sync.png
You can prevent this automatically happening by enabling the policy Do not automatically make specific redirected folders available offline found:
User Configuration -> Policies -> Administrative Templates -> System -> Folder Redirection -> Do not automatically make specific redirected folders available offline.
The reason this is here is because sometimes people don't want to use offline files. In XP environments this was common as XP offlines files were very difficult to manage, not because of the administrator, but because of the limitations built into XP and Server 2003.
Now because sometimes Synchronization doesn't always play ball, even on Windows 7, it is a good idea to allow your users access to the Sync Center area on Control Panel. This is optional, but because offline folders is a user based setting, as an admin you will be prevented by your own restrictions troubleshooting.
So I set the policy in my control panel restrictions to allow this:
User Configuration -> Policies -> Administrative Templates -> Control Panel -> Show Only Specified Control Panel Items -> Add in Microsoft.SyncCenter
For a full list of Windows 7 Canonical Names visit this link: Canonical Names of Control Panel Items (Windows)
Now finally, if you have a migrated environment, it is wise to turn on offline files. By the sounds of things you don't need to do this as you have already seen synchronizations, but for the benefit of others, you need to turn on offline files if in the past you have had them turned off.
Computer Configuration -> Policies -> Administrative Templates -> Network -> Offline Files -> Allow or Disallow use of the Offline Files feature.
Set to Enable.
This is always a good on or off switch you can use if you only want Synchronization on certain machines. So you say if you are a laptop, turn on offline files, if you are a desktop turn it off.
My environment I live the Microsoft Dream and have a 1:1 ratio of laptops to students and 1:1 of desktops/laptops to staff. So I have it all turned on because no computer is shared.
Offline files is good to turn off for shared machines. If a desktop is allocated to an individual, it is good to have on because if the server's go down, they can continue to work from their offline files cache, another safety net for you.
Essentially, for my documents synchronization you are all done from here. There is no need to really play with anything else.
What if what I want sync'd is not in their documents?
This is when you can use the policy Administratively assign Offline Files.
User Configuration -> Policies -> Administrative Templates -> Network -> Offline Files -> Specify Administratively assigned offline files.
Here you can specify a file using a unc path (\\servername\share\file). I use this for a certain file for a certain application. Meaning when offline they can still receive the settings I set server side. Clever stuff, but all optional.
Within this same location is where you can specify if you want to encrypt etc. I'm confident you can read a list, so i'll let you have a ganders there.
I hope this helps you all out with your issues mate and I hope this answers a few questions for those just curious.
Any other questions, by all means, that is what a forum is for.
Last edited by DEvans; 3rd July 2014 at 11:41 AM.
4th July 2014, 09:03 AM #14
- Rep Power
I have taken the time to read your instructions and have no doubt they will prove useful.
I need to get over the initial hurdle of the staff being able to logon to the laptops at home considering they are on the domain, obviously at the moment on the laptop I'm testing it just says it can't logon when at home.
Is the answer to this Steds post above? If so is that policy only being applied to the staff laptop OU?
4th July 2014, 09:32 AM #15
We have the offline files policy applying only to the staff laptops and it works fine. They need to have logged on to the domain at school and then when at home they will get a message saying that they cannot log on to the domain but are being logged on with a temp profile - then they can see their docs and when they get back to school everything syncs both ways.
Make sure you don't have any profile removal set up - there must be a cached profile or they will not be able to log on at home.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)