Re: Help with configuration
- From: lavagirl <lavagirl@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Apr 2007 09:30:03 -0700
So there's a local profile and a TS profile. When the user logs in, are they
both available? Can I somehow have the local one hidden, (all except for the
home directory) yet still have the user access an application located
locally? (ie: Most of the apps will be run from the TS, but there are a few
apps that we have that won't run over TS. Can they still access those from
the local drive, while in a tS session?)
Thank you so much for your help.
"Vera Noest [MVP]" wrote:
About the TS:.
yes, you must place it in a separate OU.
Then link your lockdown GPO to this OU.
Make sure that you configure "loopback processing" in this GPO.
About your user accounts and policies: you can leave them in the
"Redirection" security group, which redirects their "My Documents"
folder (when logged on to the clients) to a separate file server.
You *must* ensure that the users have different profiles on the
clients and the TS, to avoid profile corruption. Since your users
have a local profile on the clients, you probably have not
specified a local profile path in their AD account properties. If
you want them to have a local profile on the TS as well, you could
also leave the TS profile path blank. Or you can specify a roaming
profile, pointing to a shared TS profile folder on your file
server. See:
246132 - User Profile and Home Directory Behavior with Terminal
Services
http://support.microsoft.com/?kbid=246132
Irrespective of whether you use local or roaming TS profiles, you
can use the GPO linked to your TS OU to redirect "My Documents" on
the TS to the same folder as you currently use (that would also be
most convenient for your users). You can redirect other parts of
the TS user profile (Desktop, Start Menu) to other shared folders.
But don't mix the client profile folders with the TS profile
folders!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?bGF2YWdpcmw=?= <lavagirl@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote on 31 mar 2007 in
microsoft.public.windows.terminal_services:
I just read my previous post and realize I need to clarify.
Currently, in active directory, I have the students in a
"redirect" group which redirects the "MyDocuments" folder to a
W2003 server share. They have local profiles. If I change them
to TS users, can I leave them in the redirect group and keep the
MyDocuments folder the same, yet redirect the other folders of
the profile to the TS local drive? And, once I enable the
redirected folders, will it move the profile folders from the
local drive automatically to the TS share?
"lavagirl" wrote:
Wow...great articles! Very informative. I think I'm getting
this somewhat. Do you mind if I ask a few questions?
For a school environment, where no one is logging in remotely
(offsite), and I want to keep the desktops clean and
"trouble-proof", would you recommend placing the Terminal
Server computer into the lockdown OU?
I am currently redirecting student home directory to a Windows
2003 server (not TS). If I enable folder redirection on the
TS, can I still redirect to the same location (on the other
server)? If that's the case, can the desktop, start menu and
application folders redirect to the local TS profile?
What happens if I do not specify a local TS profile, does it
create a
default one?
We tried roaming profiles in our current environment, and they
were a nightmare. I don't know if I want to use them in the TS
environment (but it's not really the same, right, because they
are not being copied over the network?)
thanks so much for your help...
"Vera Noest [MVP]" wrote:
You can lock down what users can do on your Terminal Server
and your desktops with Group Policies.
Here are some good starters, feel free to come back if you
have any specific questions.
Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272
fff- 9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
Windows Server 2003 Terminal Server Security White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyID=402A0
CD1- 9E4D-4007-8EAF-C30623E71250&displaylang=en
278295 - How to lock down a Windows Server 2003 or Windows
2000 Terminal Server session
http://support.microsoft.com/?kbid=278295
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?bGF2YWdpcmw=?= <lavagirl@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote on 30 mar 2007 in
microsoft.public.windows.terminal_services:
I am a TS newbie trying to install/configure Terminal
Services for a small school. I have the Windows 2003
server up and running, with TS enabled, but I'm kind of at
a loss for where to go from here. I have installed RDP on
the client computers, and have installed Office 2003 on the
TS. I want the students to have no control over their
desktops or apps installed, redirected home folder to
another server, but still be able to have individual app
settings, favorites, etc... Is this possible? Can someone
direct me to a document or site that helps someone to walk
through the process? I can't really find anything past
setting up the server. Thanks for any help...
- Follow-Ups:
- Re: Help with configuration
- From: Vera Noest [MVP]
- Re: Help with configuration
- Prev by Date: Re: installing Office 2007 on WIN2003 R2
- Next by Date: Re: Terminal Service on XP
- Previous by thread: Re: Load Balance TS Sessions
- Next by thread: Re: Help with configuration
- Index(es):
Relevant Pages
|
