Convert domain account to local account and remove folder redirection.

[thecomputerguy]

I have a client with a server hosting 2008R2 that we want to decommission. They do not use any data whatsoever besides email and Quickbooks. There email is already on Office 365 and I'll be moving the their QB to a hosted solution with Right Networks.

At that point I want to remove the server, and then upgrade the workstations to W10. The workstations are currently connected to the server via the domain and are using folder redirection. If I could just convert those to local accounts so that I don't have to re-create profiles, setup email addresses, change backgrounds etc... that would be amazing.

Does ProfWiz do this?

I'm pretty sure I'd have to edit the GPO so that when folder redirection is removed the Policy Removal is: "Redirect the folder back to the local userprofile location policy is removed"

What's the correct way to do this to minimize effort in keeping everything identical just removing the DC and setting the Workstation back to a local workgroup computer?

 

[Markverhyden]

It claims it will move from Domain to workgroup but I've never tested that direction. I've only ever gone from workgroup to domain. It's worked pretty well.

 

[thecomputerguy]

It claims it will move from Domain to workgroup but I've never tested that direction. I've only ever gone from workgroup to domain. It's worked pretty well.

Yeah I've used it workgroup to domain and aside from the few security or policy issues it's gone smooth. I'll just pick out the least used station and just give it a go and see what happens, they are pretty low maintenance and I have backup in place.

 

[YeOldeStonecat]

The GPO to control folder redirection...several choices.
*Can edit it now to...and change the path to have the folders go back to local user profiles
or
*Can check it to ensure that when the GPO is removed, folders go back to local user profiles.
*I'd also NOW uncheck "Grant users exclusive rights.."....so that's turned off..and do that now.

I've been dealing with a TON of removing these as we're moving clients to O365...and I want OneDrive to take over this task. But often these GPOs get broke a bit. Have a network of ~20 computers, and near half of 'em will give you fits as you try to get their folders local again..especially getting rid of remnants of this GPO so that OD does not think anything is controllers the user library location.

 

[glennd]

Is this how it is now? We're transitioning away from client/server installations to O365/OneDrive installations?

 

[Sky-Knight]

That's been a thing for the last two years. It's cheaper to let O365 be the file server, heck it's cheaper to run an Azure instance with Windows Server on it than it is to finance a new server.

 

[thecomputerguy]

That's been a thing for the last two years. It's cheaper to let O365 be the file server, heck it's cheaper to run an Azure instance with Windows Server on it than it is to finance a new server.

But how do you access Sharepoint data via mobile? The OneDrive client doesn't do Sharepoint?

 

[Sky-Knight]

But how do you access Sharepoint data via mobile? The OneDrive client doesn't do Sharepoint?

Teams...

 

[thecomputerguy]

Teams...

Yeah I'm researching this more now and I realize I do not know enough about teams at all. So teams uses SharePoint as a backbone for file storage in teams but you don't ever have to deal with the SharePoint interface unless you are connecting the client to a document library for file explorer access in windows right? Is that the jist of it?

What do you all use to backup the SharePoint data in case someone decides they want to erase a bunch stuff?

What about the other data like conversations and stuff like that?

 

[Sky-Knight]

Yes, the files in the team are readily available. Using Sharepoint directly is... hard. I use Sharepoint itself next to never.

Datto Backupify, or this: https://azure.microsoft.com/en-us/pricing/details/information-protection/

 

[Moltuae]

Is this how it is now? We're transitioning away from client/server installations to O365/OneDrive installations?

If you trust Microsoft to take care of encryption for you.

Personally, I don't. Plus, in the UK we have GDPR to consider. None of my customers' data gets sent to cloud services, at least not without ensuring it's encrypted beforehand. Call me old-fashioned, but I prefer to take care of security myself rather than entrust it to a custodial service.

 

[YeOldeStonecat]

But how do you access Sharepoint data via mobile? The OneDrive client doesn't do Sharepoint?

There's a mobile Sharepoint app....
But yeah....Teams is better...Teams uses Sharepoint for the file storage, and the mobile app also works great!

 

[YeOldeStonecat]

Yeah I'm researching this more now and I realize I do not know enough about teams at all. So teams uses SharePoint as a backbone for file storage in teams but you don't ever have to deal with the SharePoint interface unless you are connecting the client to a document library for file explorer access in windows right? Is that the jist of it

Yup that's the jist of it...managing your Sharepoint storage via Teams makes it much easier. Create the Team...that creates the file storage in SP. Add members to the Team..that controls the access. Create channels under the Team..that creates the separate libraries in SP.

I put file retention to "Never delete" for all stuff for all my O365 clients..so email, and files everywhere...never get deleted. Forever retention.
There is version history..so if someone deletes a file or messes it up, simply go restore a prior version. Much like shadow copies on a server.
Traditionally...with servers, you had backup to handle things like...if the server caught fire and burned down, or went floating down the river in a flood...with O365 that isn't there. Or if hard drives on the server corrupted...RAID volume blew up, etc...with O365 that need isn't there. If clients deleted files by accident...since Server 03 and forward with volume shadow copies (previous version)...that need for 3rd party backup minimized since you can restore files with native built in doors. (for 99% of my file restore requests from clients in the past.....near 10 years or more I've just used previous versions to quickly get it done, rarely go to the actual backup) Same with O365. Ransomware is kind of the last thing left to keep a demand for backup for on-prem server clients. But for O365...it has its protection...esp if you've added ATP...and of course it has its versioning/rollback. Any file storage that is "syncing" to clients...that's the weak point..laptops, workstations...one of those gets hit and the encryption of files travels up hill. Pretty easy to roll back in O365, I'm sure ransomware will evolve..and Microsoft (and other cloud providers) will evolve their protection against it too, same old cat 'n mouse game.

But...just like we push our backup/disaster recovery protection on clients for their on-prem servers....do the same with cloud storage. Whichever cloud storage you use (O365 in this case)...push 3rd party SaaS backup. Being Datto partners...we push Datto BackupIfy. SaaS backup is pretty cheap....it's all just more cloud storage....no local software to install, no local hardware appliances (well, some may want a local device to make them think their data is still all local).

 

[Sky-Knight]

@Moltuae I'm with you, but the key here is understanding. SMBv3 has encryption and endpoint authentication built it, as does Onedrive, and all data in Azure is encrypted at rest. Every requirement is already handled, the only thing the admins need worry about is AUTHENTICATION.

Deploy your MFA engine of choice, and then focus on other things, like teaching power users how to use Power Automate, or using it yourself to make your executives more effective people.

If you don't like the big players then I suppose you fall back to deploying NextCloud, which is pretty cool too honestly.

 

[thecomputerguy]

The GPO to control folder redirection...several choices.
*Can edit it now to...and change the path to have the folders go back to local user profiles
or
*Can check it to ensure that when the GPO is removed, folders go back to local user profiles.
*I'd also NOW uncheck "Grant users exclusive rights.."....so that's turned off..and do that now.

I've been dealing with a TON of removing these as we're moving clients to O365...and I want OneDrive to take over this task. But often these GPOs get broke a bit. Have a network of ~20 computers, and near half of 'em will give you fits as you try to get their folders local again..especially getting rid of remnants of this GPO so that OD does not think anything is controllers the user library location.

Been familiarizing myself all day with teams, and your right, holy smokes, old fashioned sharepoint is so crude!

I had a couple questions though... after you've created your Team and various channels, General, Marketing, Accounting, Admin etc. Then you want to connect it to Windows using OneDrive so that users can browse those files as they would traditionally with a file server is there a way to streamline the process of adding various channels to users to sync?

What I mean by this is, do you have to physically walk (or remote in) to each client, open teams, click open in sharepoint, login, then click sync for every channel for every user? What if you have 30 users you need to do this with? Is there a way to just have them login to OneDrive and start syncing all channels in the team?

Also, as far as the retention policy goes, if I set a retention policy to keep files forever what exactly does that mean? I know if a user deletes a file or folder it will go into the sharepoint recycle bin, but what if it's deleted out of the recycle bin? Does the retention policy become null and void at that point and we'd need an external backup solution to recover that file?

Last one, say a client using OneDrive with Sharepoint gets hit with ransomware and it encrypts the entirety of the contents of the Sync'd sharepoint sites. At that point, what does recovery look like?

Edit: Also it looks like sharepoint expands itself automatically by 1TB per licensed user, is that correct? So if I had 10 Business premium accounts I'd get a total of 10TB of sharepoint storage? Does that automatically expand? What about if those 10 users drop down to 2 users?

Lastly, are there any issues with using Business premium accounts for all of this? What about essentials accounts? Do you still get the +1 TB?

 

[Sky-Knight]

Assuming users are logged into Onedrive, each team they're a member of shows up in Onedrive automatically. They just open up their OneDrive folder and navigate. If they want files / folders to always be available, they just right click and set it.

OneDrive has built in mechanisms for crypto's, it offers a rollback for the individual drives. Sharepoint itself has multiple versions so you just access an older version of the files.

Cloud Features start with Business Essentials, the only thing Business Premium adds is on-premise apps.

But yeah, backup / restore / emergency procedures are the scary bits here, the docs are sparse and it's not like you get to test.

 

[thecomputerguy]

Assuming users are logged into Onedrive, each team they're a member of shows up in Onedrive automatically. They just open up their OneDrive folder and navigate. If they want files / folders to always be available, they just right click and set it.

OneDrive has built in mechanisms for crypto's, it offers a rollback for the individual drives. Sharepoint itself has multiple versions so you just access an older version of the files.

Cloud Features start with Business Essentials, the only thing Business Premium adds is on-premise apps.

Right so currently in my test setup I am logged into OneDrive using my global admin account which is info@thecomputerguy.onmicrosoft.com

I have two channels setup, General and Marketing both of which I am the admin of (obviously). I was able to sync general by clicking on "Show in sharepoint" then clicking the sync button. That prompted me to login which I did and I am now successfully syncing the General folder for my Team. But what about the files in the Marketing channel? Are you saying that should be showing up automatically because I am a member of my Team and that channel is under my team?

If that's the case that's not happening...

 

[Sky-Knight]

On the file's tab in the team in question, there's a sync button. Push it. That will put the folder in OneDrive. Now, it shows up in the company's Onedrive, not the personal one. So you're looking for an icon that looks like a skyscraper, not a cloud.

 

[thecomputerguy]

This is what I got, am I missing something? The only way I can sync General/Marketing is to open it in sharepoint and login then click sync and that is massively cumbersome. I have the General folder syncing because I followed that method so I do have the Skyscraper and then a Contoso Team - General folder

But I want a way to add the Contoso Team - Marketing under the general folder easier than having to go all the way to sharepoint to do it.

Basically I want to auto-add channel files to my business OneDrive that I am a member of

 

[Sky-Knight]

That's... strange... The button is flat not there!