BRC - Windows Folder Redirection Guidelines

Written By Tami Sutcliffe (Super Administrator)

Updated at August 31st, 2023

The default permission for Windows folder redirection is to grant the user exclusive rights. 

This means an administrator does not have read access to the redirected folders to back them up.

To set permissions so Axcient BRC can back up the folders, do the following:

1. Create a share folder as the root of all redirected folders on the server hosting the redirected folders. Set the permissions as follows:

  • Share Permissions:
    • Everyone – Full Control
    • Administrators – Full Control
    • System – Full Control
  • NTFS Permissions (in all cases except for note #1 below):
    • Everyone – Read and Execute
    • Administrators – Full Control
    • System – Full Control
  • NTFS Permissions (when note #1 applies):
    • Everyone – Create Folder/Append Data (This Folder Only)
    • Everyone – List Folder/Read Data (This Folder Only)
    • Everyone – Read Attributes (This Folder Only)
    • Everyone – Traverse Folder/Execute File (This Folder Only)
    • CREATOR OWNER – Full Control (Subfolders and Files Only)
    • System – Full Control (This Folder, Subfolders and Files)
    • Domain Admins – Full Control (This Folder, Subfolders and Files)

2. Start the Group Policy Manager (Start > Control Panel > Administration Tools > Group Policy Manager).

3. Create a new Group Policy Object (GPO) called Folder Redirection:

  • Open the tree to the target domain.
  • Right-click on Group Policy Objects and select New.
  • Enter the name Folder Redirection and click OK.

4. Expand the Group Policy Objects folder, right-click on the newly created Folder Redirection entry, and select Edit.

5. The Group Policy Management Editor window appears. Folder Redirection appears at the top of the tree.

6. Expand to User Configration > Polices > Windows Settings > Folder Redirection.

7. Enable folder redirection for a desired target (such as Desktop or Documents):

  • Select the target, right-click, and select Properties to display the properties window for that target.
  • Click the Target tab. In the Setting field, select “Basic – Redirect everyone’s folder to the same location.”
  • In the Root Path field, enter \\server_name\share_name\ where server_name is the name of the server and share_name is the name of the share folder you created in step 1.
  • Click the Settings tab. Uncheck the box next to “Grant the user exclusive rights to My Documents”.
  • When both the Target and Settings tab fields are correct, click the OK button.

8. Repeat step 7 for each desired target (Desktop, Documents, Pictures, and so on).

9. When all settings are configured, link the GPO to the appropriate target (the root level domain, child domain, or any organizational unit):

  • For the root level domain, return to the Group Policy Management window and right-click on the domain. (Adjust accordingly for other targets.)
  • Select “Link an Existing GPO”.
  • A link window appears. Select the newly created Folder Redirection GPO, and click OK.

10. To test that the configuration is correct, reboot the client machine and then log in as a user. If folder redirection is successful, the follow event appears in the application log:

Event ID: 401
Source: Folder Redirection
Description: Successfully redirected My Documents. The folder was redirected from
<original_path> to \\server_name\share_name\user_name\My Documents.


1. Use the step 1-c NTFS permissions when group policy is configured to redirect to a location where the GPO will automatically create the destination folder (user’s individual Application Data, Desktop, or My Documents folder).

2. User configuration settings in Group Policy take effect at the first log in after the policy is saved and replicated to the user’s login service.

3. Computer configuration settings in Group Policy take effect when the machine reboots and logs on to Active Directory. Therefore, you must reboot a terminal server before new computer configuration settings are applied.

4. The following error message indicates the user still has exclusive rights. If you see this message, repeat step 7-d.

Event ID: 101

User: <name>

Computer: <name>

Failed to perform redirection of folder <name>.

The new directories for the redirected folder could not be created.

The folder is configured to be redirected to <path>.

The following error occurred: Access is denied.