You are currently offline, waiting for your internet to reconnect

Folder Redirection fails to apply when redirected to mapped drive letter, instead of UNC path.

Consider the following scenario:

·         Home drive is configured for the users (eg: H:)

·         Redirecting the folder to home drive using “Redirect to following location” and specify the drive letter (eg: H:\Documents) instead of using UNC path

·         The user is an administrator.

In this scenario, folder redirection fails to apply and the below event is logged

Log Name:      Application

Source:        Microsoft-Windows-Folder Redirection

Date:          6/5/2013 5:35:27 PM

Event ID:      502

Task Category: None

Level:         Error


User:          Contoso\raj



Failed to apply policy and redirect folder "Documents" to "H:\Documents".

 Redirection options=0x1001.

 The following error occurred: "Cannot create folder "H:\Documents"".

 Error details: "The system cannot find the path specified.
When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights removed (filtered). Because LSA created the access tokens during two separate logon sessions, the access tokens contain separate logon IDs. The standard user access token is used to map the drive.

When the policy applies it uses the highest token (admin token) and thus it fails to see the map drive.
It is always recommended to use UNC path, not the drive map letter while redirecting a folder.

To resolve this issue, redirect the folder using UNC path instead of using map drive letter. You may use “Redirect to user’s home directory” option if you want to redirect the folder to home drive
More information

1.     Use “EnableLinkedConnections” registry. This value enables Windows Vista to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group. After you configure this registry value, LSA checks whether there is another access token that is associated with the current user session if a network resource is mapped to an access token. If LSA determines that there is a linked access token, it adds the network share to the linked location.

To configure the EnableLinkedConnections registry value, follow these steps:
1. Click Start , type regedit in the Start Search box, and then press Enter.
2. Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. Point to New , and then click DWORD Value .
4. Type EnableLinkedConnections , and then press Enter.
5. Right-click EnableLinkedConnections , and then click Modify .
6. In the Value data box, type 1 , and then click OK .
7. Exit Registry Editor, and then restart the computer.

Important: This workaround may make your system unsafe. Microsoft does not support this workaround. Use this workaround at your own risk.

2.     Disable UAC. Disabling UAC will stop splitting the token, but it is not recommended to disable UAC.

Disabling User Account Control (UAC) on Windows Server

Folder Redirection, Map drive, 502
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2859465 - Last Review: 08/13/2013 09:09:00 - Revision: 2.0

Windows 7 Enterprise, Windows 7 Professional, Windows 7 Service Pack 1, Windows 7 Ultimate, Windows Vista Service Pack 1, Windows Vista Service Pack 2

  • KB2859465
utoFirePV = 1; var varClickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" e"> 대한민국 - 한국어
España - Español
Paraguay - Español
Venezuela - Español
mp;t=">=""> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" ="var m=document.createElement('meta');'ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src=""> >