A bunch of my XP users now have offline files enabled for their My Documents folder.
1) Is there any way I can turn this off without having to go to each user's Desktop, or VNC in?
2) How might have this become enabled? I did set the My Documents to point to their Network drive … does offline files automatically get enabled when you do this?
These XP machines are on a Windows 2003 domain.
Best Answer
Per your comment on Sam's answer it sounds like a rundown on what Group Policy does and how it works is probably in order. Not having time for that this morning, here's a quick "recipe" that will do what you need.
Download the Group Policy Management Console with Service Pack 1 package and install it on either one of your Windows Server 2003 machines or a Windows XP-based client computer.
Once that's installed, run it from a "Domain Admin" session (from "Administrative Tools", or Start / Run / GPMC.MSC).
Assuming that you do not want "Offline Files" turned on any computers in your domain, open the "Forest" node in the left pane of "Group Policy Management", the "Domains" node, and highlight the node representing your domain.
Right-click the domain node and choose "Create and Link a GPO Here...".
Enter a descriptive name for the GPO, like "Disable Offline Files".
In the right pane, right-click and "Edit" the "Disable Offline Files" GPO.
In the left pane of the "Group Policy Object Editor", navigate to "Computer Configuration", "Administrative Templates", "Network", and "Offline Files".
In the right pane, double-click the entry "Allow of Disallow use of the Offline Files feature". Change the radio button to "Disabled" and click "OK".
The affected client computers will need to be rebooted for the change to take effect (as this is one of the settings that is only applied at boot-time).
Sam points you toward the user configuration for Offline Files. Personally, I prefer the computer setting, though it requires a reboot to take effect. I find that normally I am enabling / disabling Offline Files on the basis of the type of computer-- laptop or desktop-- not the type of user.
You should learn more about Group Policy when you get a chance. You can do a lot of really, really cool stuff. Fundamentally, just the ability to arbitrarily execute scripts on subsets of remote computers on startup and logon is all you'd ever really need, but Microsoft has put a lot of nice "Window dressing" in the Group Policy system to make it useful for sysadmins of all skill levels. Getting a good handle on how the particular GPOs are set for a particular user or computer (and understanding some of the esoteric features like WMI filtering, filtering by group membership, loopback policy processing) is really the only major hurdle in starting to use it.
re: removing this setting later - If you delete or change the setting in the GPO the clients go back to their OS-default setting. This is true of all the "Administrative Template" settings (which are really just registry settings) that Microsoft includes "out of the box". If you apply 3rd-party "Administrtaive Template" settings you may find that they "tattoo" the registry-- i.e. even if you remove the GPO that set a given 3rd-party setting the "changed" setting may persist in client registries.
I wouldn't go too wild on applying GPO settings at the root of the domain like this because they affect all computers / users in the domain. I also wouldn't modify the "Default Domain Policy" or "Default Domain Controllers Policy" objects. This way you can always disable all the GPOs you created, if necessary, and your clients / servers will fall back to an OS-default state. (That should be a wildly remote possibility, but it's nice to leave things so that it's possible...)
Edit:
Not knowing anything about the locations of objects in your domain, the easiest way to limit the scope of this GPO is as follows:
Create a global security group named, say, "Computers to disable Offline Files".
Add the affected computer objects as members of this group (you have to change the "Object Types" to include computers when using the "Add..." function in the properties of the group)
Navigate to and highlight the "Disable Offline Files" GPO in the left pane of the "Group Policy Management" snap-in
Dismiss any warnings that are displayed re: "You have selected a link..."
In the "Security Filtering" list, highlight "Authenticated Users" and click "Remove". Confirm the removal.
Click "Add" under "Security Filtering" and specify the "Computers to disable Offline Files" group.
This will constrain the application of the settings in this GPO to only the computers named as members of the "Computers to disable Offline Files" security group, regardless of their location in the Active Directory.
If the computers have remained "online" (i.e. attached to the network) then all their files will be in sync already.
If the network connectivity of the computers has been in doubt it is theoretically possible that they might be "Offline" right now and could have locally-cached changes. It might be best, in such a case, to contact each user and ask them to synchronize (the easiest way I know to direct them to do this is to have them click Start / Run / mobsync, uncheck the "MY Current Home Page" in the "Items to Synchronize" dialog, and then click the "Synchronize" button.)