We help IT Professionals succeed at work.

Deploying Applications in TS Farm

Medium Priority
Last Modified: 2013-11-21
We currently have a few windows 2003 "stand-alone" terminal services. No clustering or session balancing.

we're gonna buy some new servers and run windows 2008 in a TS farm with Session Broker and Ts Gateway.

I've read that in order for a TS farm to perform effective you need to configure your TS-servers 100% the same when it comes to application installation and user profiles. My question is. What is the recommended approach for deploying different apps? How do I smoothly control what usergroups can access what applications? Also there might be cases where i need multiple instances of an application so that group1 can use app-instance1, and group can use app-instance2. Is there a way to handle this in TS2008 without buying third party application virtualization?

Also how do you move the complete user profile to a centralized storage so that outlook and other stuff is in sync. Is it enough to define Folder Redirection for Application Data, Desktop and My Documents? There's a folder that is called "Local settings" in the local userprofiles. I think that also needs to be on the central share, but i can't see a option for that in the Group Policy Object Editor under Folder Redireciton.
Watch Question

I'm more familiar with Citrix than 2008 TS, but I can answer your second question.

Set up a share on a folder on a file server called something like tsprofiles$.  It doesn't have to be that exact name, but that's the one I use.

Make sure that users have full control on the share and folder.

Then you can either set a GP on an OU that the TS are in to point their TS roaming profile to \\servername\sharename\%username% or you can manually set the TS roaming profile location for each user in AD under the Terminal SErvices Profile tab of the user in the Profile Path field.  

So if your server name was FILESERVER and the share name was TSPROFILES$ then the path in either case would be \\FILESERVER\TSPROFILES$\%USERNAME%.

You have a user log in, set up their profile, and log off and it gets saved up to the share.  The next time they log in it gets downloaded, no matter which TS they log into.  I recommend that you do a careful job of setting up your apps and also setting up a default user profile that gets copied to all of the TS.  If you lock down the TS via group policy, make sure that administrators are omitted from applying that policy.

You may also want to see about moving the local profiles off of C: onto D: -- microsoft has a document for that.  Otherwise, over time, you'll need to clean up old profiles on C: to free up disk space.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

We use this script to automatically configure Outlook for the users.  It makes use of a PRF file generated from Office/Outlook.

The first line just checks to see if there's a file with the user's name in the path in the user's roaming TS profile.
The second line, if the file doesn't exist, imports a PRF file and creates the Outlook profile for the user.
The third line creates a file with the user's name in the path of the TS roaming profile.  This is the file that is looked for in the first line and the existence of this file means that the Outlook profile has already been created.

if exist \\server\tsprofiles$\%username%\%username%.domain\applic~1\micros~1\outlook\%username% GOTO :END
START d:\progra~1\Micros~1\OFFICE11\OUTLOOK.EXE /importprf \\server\software\micros~1\office~1\ORK_profile.prf
hostname > "%userprofile%\applic~1\micros~1\outlook\%username%"



As stated I don't really want to use roaming profiles. I don't want users to have login time degrade over time.  That way I don't need to worry about my C:\ or other volumes on the TS to fill up with user profiles either.  What i'm wondering is if using folder redirection is "enough" to get all the application data and local settings a userprofile usually have.

Nice tip on the outlook-profiles :)

I'll give you a few points, but I really need an answer on app deployment too so let's wait and see if some-one else can chip in.
Did you see Microsoft App-V? http://www.microsoft.com/systemcenter/appv/techoverview.mspx - It seems like something you're looking for.

There's also Propalms - "Easily publish applications across load balanced servers and deliver application access in seconds." http://www.propalms.com/web_console.html

Besides those types of applications, I do not believe there is something built-in to manage applications across a terminal services farm/cluster.

You should check out this article. http://jaysonrowe.wordpress.com/2008/07/20/windows-server-2008-terminal-services-vs-citrix-xenapp-vs-2x-application-server/ . You'll probably want something like Citrix to manage the environment with more control.
I think you'll find that even with server 2008, it's going to be a bit kludgy if you've got different groups of people with overlap that need access to specific apps but that you want to prevent access to other apps.  Citrix handles this very welland as Jsun9 pointed out, there are some third party add-ons (which you said you didn't want to use) to help manage this in the microsoft terminal server environment.  You could control what apps they see with redirected desktops/start menus, but unless you enable software restriction policies (which for this purpose I think would be a nightmare) you're not going to get the granularity nor ease of management that you're looking for.

If you can group your users and have some access one set of TS and others access another set with different apps, that may meet your goals.  If you to a TCO estimate by (over time) replacing PCs with thin client appliances, decreasing maintenance there, decreased cost of operating systems, hardware, electricity, air conditioning, antivirus licenses, etc., you may be able to justify using Citrix.  My understanding now is that Citrix also has a "breakthrough" where you can get a real benefit out of virtualizing Citrix servers.  Previously, the costs and benefits were a wash at best.

Now, back to centralized storage of profiles.  Here are some tips on avoiding some of the issues you were concerned with regarding roaming profiles.

Local Settings are just that, local settings.  They are not copied up as part of a roaming profile.  If something is set there that you want to be accessible across multiple servers, it can't be in Local Settings.

 Here is a link on how to move "documents and settings" to another drive.  We do this with our terminal servers to eliminate the possibility that the system partition will fill up.


You can use folder redirection to redirect My Documents to their home drive, you can redirect the desktop and the start menu as well.  I've found that the biggest problem with logins degrading over time with respect to roaming profiles is having My Documents and the desktop part of the profile because that's where everyone dumps their data.  Temporary internet files are part of Local Settings, so they don't get copied to the roaming profile so you don't have to worry about that.

You can also set group policy to remove local copies of roaming profiles on logoff to help keep the Documents and Settings folder clean.

You can also control what people see on the desktop and in their start menu depending on the server they log into by setting different policies per group of servers.  E.g., if two servers have office pro and two servers have office standard, you can redirect the start menu of users depending on the servers they log into so that they don't see a bogus shortcut for Access if they're on the server with office standard.

I think what I would do using pure Microsoft, is either set all of the servers up so they're the same and everyone has access to every app, or create different groups of servers, with different apps in each group.  Then set up roaming profiles as discussed above.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.