Re: User Profiles
From
http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection
Q: How can I configure different TS desktops, based on user group
membership?
A: There are a number of 3rd party add-ons which can do this for
you, but it is also possible with native Windows techniques, using
Group Policies.
Let's assume you have 3 different user groups, which need different
desktop icons.
1. Create 3 security groups in your AD and populate them with the
user accounts
2. Create 3 different shared folders on a file server and populate
the folders with the desktop icons (shortcuts) which you want the
user groups to see
3. Create 3 different GPOs, linked to the OU which contains your
Terminal Server computer account (but not the user accounts!)
4. In each of the GPOs, configure redirection of the desktop to one
of the custom desktop folders which you created in step 2. This is
done in User Configuration - Windows Settings - Folder Redirection
5. Configure each of the GPOs with loopback processing of the GPO,
with the "Replace" option. This is done in Computer Configuration -
Administrative Templates - System - Group Policy - "User Group
Policy loopback processing mode"
6. Configure the security settings on each of the GPOs so that only
the appropriate user group and the TS machine account is allowed to
read and apply the GPO
Further reading:
231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100
Another way to do this is by using Access Based Enumeration, which
is a free add-on to Windows Server 2003.
For a detailed example of using ABE, see:
Build a start menu with ABE
http://www.datacrash.net/howtos/howto/build-a-start-menu-with-
abe.html
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting:
http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?RmVyYmFsZXg=?= <Ferbalex@discussions.microsoft.com>
wrote on 26 sep 2007 in
microsoft.public.windows.terminal_services:
> Thanks Jeff and good article. Having got to the end of it, I
> now have the TS server in its own OU, two policies, machine and
> users in the OU, user and machine disabled where needed, and the
> loopback enabled. From here I would like to have users log onto
> the server and receive various different secure desktops. If I
> edit the user policy, I would think that effects all users
> logging on. How would I differentiate between them for
> different desktops??
> Many Thanks for your help -
> much appreciated
>
> "Jeff Pitsch" wrote:
>
>> when you say normal users do you mean their normal desktop?
>> Read my article on loopback processing and group policy and see
>> if that helps. As well if you could be more specific on what
>> your trying to do and what you've done that would help as well.
>>
>> See this link and Understanding Group POlicy in a TS
>> environment:
>> http://www.jeffpitschconsulting.com/downloads.aspx?c=13&type=dow
>> nload
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Server
>> Citrix Technology Professional
>> Provision Networks VIP
>>
>> Forums not enough?
>> Get support from the experts at your business
>> http://jeffpitschconsulting.com
>>
>> Ferbalex wrote:
>> > Currently running TS where all users load one application -
>> > our business system.
>> > I'm now trying to allocate individual desktops to certain
>> > users but, with a Group Policy only suceeded in restricting
>> > normal users to no start button and no icons!!
>> > Im obviously missing the point - could someone please direct
>> > me to a simple step by step starter??