Problem: Permission Denied Errors When Using Folder Redirection in UCS@school

Knowledge Base Community
, , , , ,
1

Problem

In a UCS@school environment, enabling Folder Redirection consistently failed with the error:

“Permission denied”

At first, this appeared to be a permissions issue on the network share. However, no changes to the share ACLs resolved the problem, and the error persisted.

Investigation

During the troubleshooting process, several important details were uncovered:

  1. Offline Files were enabled by default
    Windows enables Client-Side Caching (Offline Files) unless explicitly disabled.

  2. Local cache directory created at first login
    On a user’s first login, Windows created the following directory:

    C:\Windows\CSC\Namespace\<username>

    This folder stores the user’s Offline Files.

  3. Highly restrictive permissions
    The cache folder is locked down so that only the user has access. Even Domain Admins and the SYSTEM account are denied access.

  4. Conflict with Folder Redirection
    Since UCS@school uses roaming profiles, this cache was populated immediately at the first login. When Folder Redirection was introduced later, the system attempted to move cached data but failed because SYSTEM had no access.

:arrow_right: The root cause was not the network share (target), but the local Offline Files cache (source).

Why this happens

It all comes down to an unfortunate mix of defaults and timing:

  1. Windows turns on Offline Files by default if you don’t explicitly disable them.
  2. UCS@school uses roaming profiles by default, which immediately stores user data on the server.
  3. At the very first login without a Folder Redirection GPO, Windows kicks in Offline Files and drops the data into CSC\Namespace\<username> – a folder locked up tighter than Fort Knox, where even SYSTEM can’t get in.

By the time you try to enable Folder Redirection later, it’s already too late: the data is stuck in the cache, and redirection will fail until it’s cleared out.

Solution

The issue was resolved by preventing Offline Files from interfering with Folder Redirection.

Steps to Consider

  1. Disable Offline Files on Deployment Images

    • If your clients are deployed using a management system (e.g., Filewave, OPSI, Timago, OpenGhosT), ensure that the deployment image has Offline Files disabled via local policy to prevent the creation of restrictive caches.

  2. Apply a GPO to disable Offline Files

    • Create a domain-wide Group Policy Object to disable Offline Files.
    • Ensure this GPO is processed early during startup.

  3. Enable Folder Redirection before user login

    • Configure the Folder Redirection GPO and apply it before any users log in so that redirected folders are created directly on the network share.
3

This topic was automatically closed after 24 hours. New replies are no longer allowed.