A month ago, I took another job. One awesome benefit is that I get to build an environment without any pre-existing baggage. This has led to some unexpected solutions to problems we all have. For example, how to image a machine, how updates should apply, or how users should store documents. It is this last one that interests me most and the one I am hoping to get some feedback on.
What Makes for Good Document Access
First, I want to avoid drive mappings. Personally, I am prefer links for UNC access. Even though GPP Drive Mappings has been improved in Windows 8.1, I use this distribution method for links. In terms of general storage, I am wanting a technology that allows the following:
- Not dependent on a single server
- Fluid use for Windows Users – no unnecessary setup or odd storage procedures
- Native to a Windows environment and free/cheap
- Does not negatively affect user logons to a noticeable perception
- Easily accessible externally and accessible across device types
In the past, I would have immediately turned to Folder Redirection and pointed my users to a DFS share. This would have satisfied points 1 and 2. Folder Redirection can significantly impact user logons, especially on a user’s initial logon. This performance hit can be greatly reduced by pairing Folder Redirection with Offline Files (Windows 7+). When Offline Files are enabled, local documents do not need to be copied up before a user is logged in. Folder Redirection is built-in to XP+ machines. With Windows 7+ machines, you can redirect every important local profile folder.
Remote document access with folder redirection can be a bit trickier. I’ve seen two common methods used:
- Direct File Access through OWA 2007/2010
- Use of the msIIS-FTP Active Directory attributes.
The first method no longer works on Exchange 2013+. The second method works but can be a bit cumbersome to setup (and doesn’t allow access outside of the home directory). If anyone has another remote access method for redirected folder, I would be very interesting in knowing about it.
Using OneDrive for Business for File Storage
The limitations above has led me to another potential solution. Because I work in education and have free access to Office 365, my users can use OneDrive for Business for document storage (currently 1TB per user). For education, this service meets all of the requirements above. When paired with ADFS, users are even automatically signed into their Office365 account. The downside to this setup is the complexity, user adoption, and potential syncing issues.
Over the next few months, I will be posting a walkthrough or two on migrating to OneDrive for Business, how to avoid common problems, and some ways to make the move easier on your users. If you have already made the move, get in touch with me by leaving a comment below. I would love to hear your thoughts on the service.
I have also struggled with some of the same issues. I still am using folder redirection but your article on DFS has changed my approach. I moved my users over to OneDrive and here are a few of the issues that I have had.
1: Staff members have invalid characters that prevent a sync
2: They tried to use their personal MS account
3: User training, this one falls on me
The addition to the groups option in OneDrive is a very intriguing option and one that we are testing in the IT department. Amy one in the group gets access to a shared OneDrive storage, calendar, and message board.
Did you move all of your users to OneDrive or are you using folder redirection with DFS still?
How is the groups option working for you right now?
I would be looking to use Business OneDrive in a corporate environment to negate the need to have users data stored on company files servers, as in my experience this can take up a lot of space. I would still have a physical drive mapping for shared departmental data, but for personal/business files held in ‘My documents’ they should be held locally on the machine and replicated to OneDrive (also including Internet Favorites if possible). That way when a user logs into a new machine with an O365 account they already have all their files/favorites. I assume this can be done with folder redirection and GPO, although I’ve not yet attempted to do it. Be interested to know if anyone has?
This is what I originally set out to do. It was a pain. I would have random sync failures in a small test environment that made me doubt a large scale rollout.
The main thing to realize with OneDrive for Business, ODB, is it is meant to be the users personal “drive”, I’d really say a replacement for My Documents, that is how I am using and trying to reeducate our end-user on. It really isn’t meant to be a mass sharing source. Microsoft really wants to push all that to Team Sites which is the biggest learning experience we have had since migrating off of Google. Google Drive was like the Wild West when it came sharing. 🙂
The only syncing issues I have had with OneDrive for Business is when users have files buried deep in folders or funky names. Also as a side effect of migrating Google sharing permissions we have seen some issues where users had issues because they have thousands of documents shared to them and again ODB isn’t tailored for that kind of sharing. Hindsight we should not have migrated the share permission from Google but forced people to reshare everything.
One more little gotcha is you also have to make sure no backup software is running say like Carbonite. It can cause some issues with ODB as well as Outlook.
We use an open source project Pydio, formerly AjaXplorer. This allows us to put the content within our own cloud and present it via a browser and/or mobile apps. Using a little bit of php we can auto provision the home drive in Active Directory and the back end storage array directory permissions.
Why not Work Folders?
Judging by the 100s of others who have tried to use OneNote for Business you are in for a world of pain.
My problem with work folders is the Windows 7 domain join requirement. I have no idea why Microsoft did not make work folders more accessible. If I had to guess, someone in the Office department vetoed it…
For a relatively similar project I looked at “HTTP Commander”, then the project was abandoned for other reasons.
That is a pretty interesting solution – why did you abandon it? It looks like the FTP solution as well (which do work).
Will be awesome to see how this goes, I will be following the same path in a couple months..
Thanks Jamie! Hopefully, everyone can learn from my mistakes!
Im sorry but I totally disagree with this. I would not want Microsoft keeping copies of all my docs on the cloud.
Plus with me working in the education sector in the UK, I know for a fact that we wouldn’t be able to have all our docs on the cloud due to child safety and your also forgetting that not everyone might be on a unlimited internet plan.
Also I don’t understand if your using one drive just for home drives why would this be any better than offline files?
May i suggest using direct access (microsofts transparent VPN) we use it at the moment. So mapped drives for shared documents (or links whatever your pref) offline files for users home drive, and direct access for the shared drives when offsite.
Sorry if I seem like I’m stomping all over your idea, I’m just playing devils advocate 😀
With Direct Access wouldn’t you still have to rely on drive mappings, something Joseph mentioned he was trying to avoid.
No he could use the links folder instead, myself I use it with drive mappings as a lot of the software we use requires drive mappings (thank your lucky stars you don’t have to deal with the rubbish software british primary schools have to deal with!)
That’s why Microsoft gives us a dozen ways of doing this – because none are completely perfect in every situation.
Direct Access is slick but I am looking for a way to allow non-domain machines to easily access documents.
Feedback is definitely what I want!
I really think ODB would be the way to go, especially if you are already a Microsoft shop which you could tie into other services like Intune and RMS.
All great points Jamie! I certainly trust Microsoft over user managed services.
Also I think I would trust Microsoft more so than anyone else in the cloud business right now. If you are ready to go to the cloud don’t automatically disqualify Microsoft without doing some research. They are really bringing more to the table than what I see others offering. Plus you can add on top of the O365 subscription with Azure AD Premium for identity management and RMS for document security features. Nobody I am aware of offers that complete package.
So what are your recommendations or expericences with offline GPO settings? I currently have it disabled here.
I have them enabled as I want our clients to have the same experience when not on site.
If you are Windows 7+, I would enable it (in fact – it is enabled by default on windows 7). You can configure it only to sync certain folders, redirected folder, etc.