Deploying Applications in TS Farm

Posted on 2009-02-17
Last Modified: 2013-11-21
We currently have a few windows 2003 "stand-alone" terminal services. No clustering or session balancing.

we're gonna buy some new servers and run windows 2008 in a TS farm with Session Broker and Ts Gateway.

I've read that in order for a TS farm to perform effective you need to configure your TS-servers 100% the same when it comes to application installation and user profiles. My question is. What is the recommended approach for deploying different apps? How do I smoothly control what usergroups can access what applications? Also there might be cases where i need multiple instances of an application so that group1 can use app-instance1, and group can use app-instance2. Is there a way to handle this in TS2008 without buying third party application virtualization?

Also how do you move the complete user profile to a centralized storage so that outlook and other stuff is in sync. Is it enough to define Folder Redirection for Application Data, Desktop and My Documents? There's a folder that is called "Local settings" in the local userprofiles. I think that also needs to be on the central share, but i can't see a option for that in the Group Policy Object Editor under Folder Redireciton.
Question by:arndawg
    LVL 15

    Assisted Solution

    I'm more familiar with Citrix than 2008 TS, but I can answer your second question.

    Set up a share on a folder on a file server called something like tsprofiles$.  It doesn't have to be that exact name, but that's the one I use.

    Make sure that users have full control on the share and folder.

    Then you can either set a GP on an OU that the TS are in to point their TS roaming profile to \\servername\sharename\%username% or you can manually set the TS roaming profile location for each user in AD under the Terminal SErvices Profile tab of the user in the Profile Path field.  

    So if your server name was FILESERVER and the share name was TSPROFILES$ then the path in either case would be \\FILESERVER\TSPROFILES$\%USERNAME%.

    You have a user log in, set up their profile, and log off and it gets saved up to the share.  The next time they log in it gets downloaded, no matter which TS they log into.  I recommend that you do a careful job of setting up your apps and also setting up a default user profile that gets copied to all of the TS.  If you lock down the TS via group policy, make sure that administrators are omitted from applying that policy.

    You may also want to see about moving the local profiles off of C: onto D: -- microsoft has a document for that.  Otherwise, over time, you'll need to clean up old profiles on C: to free up disk space.
    LVL 15

    Expert Comment

    We use this script to automatically configure Outlook for the users.  It makes use of a PRF file generated from Office/Outlook.

    The first line just checks to see if there's a file with the user's name in the path in the user's roaming TS profile.
    The second line, if the file doesn't exist, imports a PRF file and creates the Outlook profile for the user.
    The third line creates a file with the user's name in the path of the TS roaming profile.  This is the file that is looked for in the first line and the existence of this file means that the Outlook profile has already been created.

    if exist \\server\tsprofiles$\%username%\%username%.domain\applic~1\micros~1\outlook\%username% GOTO :END
    START d:\progra~1\Micros~1\OFFICE11\OUTLOOK.EXE /importprf \\server\software\micros~1\office~1\ORK_profile.prf
    hostname > "%userprofile%\applic~1\micros~1\outlook\%username%"

    LVL 3

    Author Comment

    As stated I don't really want to use roaming profiles. I don't want users to have login time degrade over time.  That way I don't need to worry about my C:\ or other volumes on the TS to fill up with user profiles either.  What i'm wondering is if using folder redirection is "enough" to get all the application data and local settings a userprofile usually have.

    Nice tip on the outlook-profiles :)

    I'll give you a few points, but I really need an answer on app deployment too so let's wait and see if some-one else can chip in.
    LVL 4

    Assisted Solution

    by:J. Smith
    Did you see Microsoft App-V? - It seems like something you're looking for.

    There's also Propalms - "Easily publish applications across load balanced servers and deliver application access in seconds."

    Besides those types of applications, I do not believe there is something built-in to manage applications across a terminal services farm/cluster.

    You should check out this article. . You'll probably want something like Citrix to manage the environment with more control.
    LVL 15

    Accepted Solution

    I think you'll find that even with server 2008, it's going to be a bit kludgy if you've got different groups of people with overlap that need access to specific apps but that you want to prevent access to other apps.  Citrix handles this very welland as Jsun9 pointed out, there are some third party add-ons (which you said you didn't want to use) to help manage this in the microsoft terminal server environment.  You could control what apps they see with redirected desktops/start menus, but unless you enable software restriction policies (which for this purpose I think would be a nightmare) you're not going to get the granularity nor ease of management that you're looking for.

    If you can group your users and have some access one set of TS and others access another set with different apps, that may meet your goals.  If you to a TCO estimate by (over time) replacing PCs with thin client appliances, decreasing maintenance there, decreased cost of operating systems, hardware, electricity, air conditioning, antivirus licenses, etc., you may be able to justify using Citrix.  My understanding now is that Citrix also has a "breakthrough" where you can get a real benefit out of virtualizing Citrix servers.  Previously, the costs and benefits were a wash at best.

    Now, back to centralized storage of profiles.  Here are some tips on avoiding some of the issues you were concerned with regarding roaming profiles.

    Local Settings are just that, local settings.  They are not copied up as part of a roaming profile.  If something is set there that you want to be accessible across multiple servers, it can't be in Local Settings.

     Here is a link on how to move "documents and settings" to another drive.  We do this with our terminal servers to eliminate the possibility that the system partition will fill up.

    You can use folder redirection to redirect My Documents to their home drive, you can redirect the desktop and the start menu as well.  I've found that the biggest problem with logins degrading over time with respect to roaming profiles is having My Documents and the desktop part of the profile because that's where everyone dumps their data.  Temporary internet files are part of Local Settings, so they don't get copied to the roaming profile so you don't have to worry about that.

    You can also set group policy to remove local copies of roaming profiles on logoff to help keep the Documents and Settings folder clean.

    You can also control what people see on the desktop and in their start menu depending on the server they log into by setting different policies per group of servers.  E.g., if two servers have office pro and two servers have office standard, you can redirect the start menu of users depending on the servers they log into so that they don't see a bogus shortcut for Access if they're on the server with office standard.

    I think what I would do using pure Microsoft, is either set all of the servers up so they're the same and everyone has access to every app, or create different groups of servers, with different apps in each group.  Then set up roaming profiles as discussed above.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
    My previous article  ( one possible method to get SCCM 2007 installed an…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video discusses moving either the default database or any database to a new volume.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now