Home > Remote Desktop Services (RDS), Server Based Computing, Windows Server, XenApp > Libraries in Server 2008 R2 mandatory profiles.

Libraries in Server 2008 R2 mandatory profiles.

Love them or hate them, the new library system Microsoft has included in Windows Vista and later operating systems are here to stay. But when you start provisioning mandatory profiles in server 2008, you quickly begin to see issues with these static file mappings.

Bear in mind with libraries, there are no group policys  to control what is populated in a library. You can control which libraries are created, but you cannot by default control what goes into them.

Shared local folders in the enterprise:

The first issue to be found with libraries are their default locations, for each respective library it contains the users personal folder and a shared folder accessible by all on the local machine.

This shared folder may serve a good purpose in the home, with multiple family members sharing a pc and wanting to share music and pictures, but in the enterprise shared folders on a shared system require maintenance. Worse yet, if you are sharing hosted desktops with other departments / customers this is where data may fall into the wrong hands.

Static mappings from the mandatory profile:

After the initial login, if the user browses directly to the contents of the library contents without first opening the parent library, they will often receive the following error:

The user we see above, manny, was the name of my mandatory profile creating account. If you browse to the parent before entering your documents folder, windows is clever enough to rectify the issue without giving an error.

But alas, despite following the best practices available on-line we’ve some how ended up with a static mapping, how annoying.

To get to the crux of the issue, we need to know more about these libraries.

So what is a library? 

A library, is a collection of indexed* directories, allowing you to view the contents of multiple folders in a single view. They have more cool features, but lets leave it as that for the moment.

* libraries will allow un-indexed directories to be mapped if part of a group policy, but it will complain about the source not being indexed.

A library is a text document, stored in %appdata%\Microsoft\windows\libraries. These files have the file extension of .library-ms. The contents of the file can be opened with a text editor as its XML based.

When i opened my mandatory profile’s documents.ms-library file, below you can see the contents:

As you can see above, the library contains the user’s sid and the following default locations are listed under the <URL> tag. To compare a known folder’s GUID to a  folder, check the following site provided by Microsoft for reference. In the case of the documents Library here are the locations that are in there by default:

{FDD39AD0-238F-46AF-ADB4-6C85480369C7} = Documents

{ED4824AF-DCE4-45A8-81E2-FC7965083634} = PublicDocuments

Note the Serialized string also, this seems to be a static mapping to the folder in question.

So how do we fix this?

Well, that’s a two part answer. If you decide you are happy that the public documents folder will be displayed to all users in their documents library, simply delete the libraries from the mandatory profile, this will cause the libraries to be recreated each time they login, resolving the static mapping error above.

If you want to remove the public folders, you first need to modify the library file in question in the mandatory profile and remove the public documents. To remove the public folder, simply remove the <searchconnectordescription> value containing the public folder in question. In the case of the documents library above you would remove the following:

This will get rid of the public folder in the library, to remove the static mapping, remove the usersid section, along with the serialized section. The finished result is below for reference:

Saving the above file in your mandatory profile will correctly provision the documents folder without a shared folder or incorrect mapping. This practice can also be applied to the remaining libraries.

  1. SR
    September 21, 2011 at 11:48 pm

    Nice article, many thanks. I tried the modification on the libraries files, removed the sid, the serialised detail and the public folder id and have the following issue. When including the stripped down libraries xml files with the mandatory profile and having group policy folder redirection to a network share in place, for my documents, music etc. It successfully removes the public folder from the libraries and lists the four default libraries on launching explorer. However when examing the properties of the lirbraries when logged in as a user with the mandatory profile it shows under the properties of the libraries the path of where they were originally located as part of the mandatory profile. e.g. My Documents (C:\users\manny), instead of the logged on users path to the redirected documents which should be \\fileserver\home\%username%\documents
    If I select the libraries option to restore default libraries and then look at the properites of the libraries it shows the path as that of the group policy folder redirection setting, \\fileserver\home\%username%\documents, has restored the public folder and matches the logged on user.

    If I do not include the modified libraries as part of the mandatory profile, then libraries appears in explorer, however no defaul libraries are present. To make them appear I have to select restore default libraries and they appear. Can this be automated to make the default libraries appear ?

    Any suggestions on how to make the libraries when using the modified xml file to set the users redirected folders as the path as set in the group policy folder redirection path

  2. September 22, 2011 at 7:18 am

    Hi SR,

    This sounds very strange, could you email me the library you are trying to use and we’ll try to get to the route cause?




  3. SR
    September 23, 2011 at 8:23 am


    Many thanks for your offer to assist, I have sent you the library files by email.

  4. Daniel
    November 30, 2011 at 9:26 am

    I modify shell32.dll with resource hacker, to remove the public folder being mapped on to the library folders.

    Doing this way, the users cannot click on the restore default library to restore the public folder.

    Thanks for good homepage, many usefull tips here.

  5. November 30, 2011 at 9:43 am

    Wow, that’s really clever Daniel. If you dont mind could you document what you did to achieve this? I’d be really interested in seeing it.

    • Daniel
      November 30, 2011 at 10:45 pm

      Hi Andrew,

      I dropped you an email, let me know if you didnt get it,


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: