Mandatory Profiles - Read Only Desktop

  • Thread starter Thread starter Kristin Griffin
  • Start date Start date
K

Kristin Griffin

Guest
Hi Folks,

I have a terminal server farm (windows 2008) and I am using one mandatory
profile for all users. This works fine, except that users can save things
to their desktops and then when they log off, those files are discarded.
Not good. So I want to create a read only desktop.

I can do this if I redirect the Desktop folder to a network share, allow the
Folder Redirection GPO "create a folder for each user under the root path",
and then change the Desktop folder permissions to Read only after the user
logs in and out the first time. It works, but this is a PITA.

I read in Jeremy Moskowitz's GP green book (page 385) that I should be able
to create one desktop folder, and have everyone use the same one. This does
not work. Here is what I do.

I create a folder share, \\ozark\ash-ts-read-only-desktop and give users
NTFS read only access to the folder. I give one user full control, so he
can log in and out and the desktop stuff will be written to this folder. I
set the GPO to redirect the desktop folder, but this time I tell it to
"Redirect to the following location", \\ozark\ash-ts-read-only-desktop .
Then I log in and out of the terminal server as that user. This puts the
right desktop stuff into my desktop network share. The problem is that this
user needs to be the owner of that network share folder in order for that to
happen. When I remove that user's permissions so that all users again have
read only rights, and change the owner of the folder to administrators,
folder redirection fails.

So how can you have all users use ONE read only desktop? Anyone know?
 
Re: Mandatory Profiles - Read Only Desktop

On Mar 22, 7:59 pm, "Kristin Griffin" <kristin.l.grif...@gmail.com>
wrote:
> Hi Folks,
>
> I have a terminal server farm (windows 2008) and I am using one mandatory
> profile for all users.  This works fine, except that users can save things
> to their desktops and then when they log off, those files are discarded.
> Not good.  So I want to create a read only desktop.
>
> I can do this if I redirect the Desktop folder to a network share, allow the
> Folder Redirection GPO "create a folder for each user under the root path",
> and then change the Desktop folder permissions to Read only after the user
> logs in and out the first time.  It works, but this is a PITA.
>
> I read in Jeremy Moskowitz's GP green book (page 385) that I should be able
> to create one desktop folder, and have everyone use the same one. This does
> not work.  Here is what I do.
>
> I create a folder share, \\ozark\ash-ts-read-only-desktop and give users
> NTFS read only access to the folder.  I give one user full control, so he
> can log in and out and the desktop stuff will be written to this folder. I
> set the GPO to redirect the desktop folder, but this time I tell it to
> "Redirect to the following location", \\ozark\ash-ts-read-only-desktop .
> Then I log in and out of the terminal server as that user.  This puts the
> right desktop stuff into my desktop network share. The problem is that this
> user needs to be the owner of that network share folder in order for that to
> happen.  When I remove that user's permissions so that all users again have
> read only rights, and change the owner of the folder to administrators,
> folder redirection fails.
>
> So how can you have all users use ONE read only desktop?  Anyone know?

Have you figured ths out yet? I
 
Re: Mandatory Profiles - Read Only Desktop

Got it. :)

"compsosinc@gmail.com" wrote:

> On Mar 22, 7:59 pm, "Kristin Griffin" <kristin.l.grif...@gmail.com>
> wrote:
> > Hi Folks,
> >
> > I have a terminal server farm (windows 2008) and I am using one mandatory
> > profile for all users. This works fine, except that users can save things
> > to their desktops and then when they log off, those files are discarded.
> > Not good. So I want to create a read only desktop.
> >
> > I can do this if I redirect the Desktop folder to a network share, allow the
> > Folder Redirection GPO "create a folder for each user under the root path",
> > and then change the Desktop folder permissions to Read only after the user
> > logs in and out the first time. It works, but this is a PITA.
> >
> > I read in Jeremy Moskowitz's GP green book (page 385) that I should be able
> > to create one desktop folder, and have everyone use the same one. This does
> > not work. Here is what I do.
> >
> > I create a folder share, \\ozark\ash-ts-read-only-desktop and give users
> > NTFS read only access to the folder. I give one user full control, so he
> > can log in and out and the desktop stuff will be written to this folder. I
> > set the GPO to redirect the desktop folder, but this time I tell it to
> > "Redirect to the following location", \\ozark\ash-ts-read-only-desktop .
> > Then I log in and out of the terminal server as that user. This puts the
> > right desktop stuff into my desktop network share. The problem is that this
> > user needs to be the owner of that network share folder in order for that to
> > happen. When I remove that user's permissions so that all users again have
> > read only rights, and change the owner of the folder to administrators,
> > folder redirection fails.
> >
> > So how can you have all users use ONE read only desktop? Anyone know?
>
> Have you figured ths out yet? I
>
 

Similar threads

S
Read CSV file
Replies
0
Views
57
sva0008
S
N
Can I update my 10 year old Acer desktop
Replies
0
Views
570
neophyte
N
S
How to sync users Home folder with these OneDrive for Business folder
Replies
0
Views
246
Szunomár Péter István
S
V
Possible ransomware attack
Replies
0
Views
252
VijayRenghan
V
B
Here is Practical Explanation about Next Life, Purpose of Human Life, philosophical/religious facts, theories etc.
Replies
0
Views
62
Bhuta-Bhavya-Bhavat-Prabh
B
Back
Top