Automate Outlook profiles through citrix.

If using Outlook 2007 and Exchange 2007, use the Autodiscovery service.

Anything else use RichProfile or one of the many other tools out there for the job.

With 3 XenApp servers, why are you not using Romaing Profiles and Redirected Folders?

I'm using outlook 2007 with exchange 2003 sp2.

Where can I go to get the information to set up Roaming profiles and folder redirection?
I only want users to have this done when they log through citrix. Users have their own desktops. I think loopback needs to be set for this right?

I have some users with desktops and I have users with thin clients running desktops from vm's. Can this be accomplished for both types of users?

Yes, it can be accomplished for both types of users.  You create an OU for your XenApp servers, move the servers in to it, create your Group Policies and link them to that OU, use Loopback Processing in Merge Mode and it only affects the users who log into your XenApp servers.

I am sure there are articles on setting up roaming and redirected folders, just Google those terms.  I am in the process of writing article of securing XenApp servers using Group Policy and also setting up Roaming Profiles and Redirected Folders.  But those will take a few days to write-up and edit.

They will appear here when done: http://www.dabcc.com/Webster

You can signup to follow me on Twitter to receive notices for when I start on articles and publish them.

I was going through the roaming profiles configuration and it requires that I put the roaming path in the users profile but this will mean that the profile will also be created when a user logs in to their regular station. Is there a way around this?

No, you put that in a Group Policy that is applied only to the OU where your Citrix servers are placed.  Use Loopback Merge mode.  That way the policy is only applied when they log in to the Citrix servers.

I went and created the ou and added the servers to it. Then I created a loopback policy with the ts terminal services for folder redirection and roaming profile. I created 2 shares on a server for users folders and roaming profiles.  Then I logged in with a user to one of the 3 citrix servers in the ou and nothing is created that I can see in user folders.

Where can I look to see what's not working?

In the c:\program files\gpmc\scripts folder is a script to run to get a report of your policy.  

cscript GetReportsforGPO.wsf "Group Policy Name" c:\LocationForReports

upload the HTML file generated

Here it is.

nothing there

oops it doesn't accept html extension. so I changed the extension to .txt you can then rename it to .html

thanks

Loopback-Policy.txt

Path: \\Mtl-dc2\Usersf\%USERNAME%\Application Data

Is "Usersf" the correct Share name?

This needs to be fixed:

Start Menu
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\Mtl-dc2\Usersf

Shouldn't that be Path: \\Mtl-dc2\Usersf\%USERNAME%\Start Menu ?

This is from a working policy:

Computer Configuration (Enabled)
Administrative Templates
System/User Profiles
Policy Setting
Add the Administrators security group to roaming user profiles Enabled
Delete cached copies of roaming profiles Enabled
Do not check for user ownership of Roaming Profile Folders Enabled

Windows Components/Terminal Services
Policy Setting
Set path for TS Roaming Profiles Enabled
Profile path \\file2\tsprofiles$
Specify the path in the form, \\Computername\Sharename
Do not append the user name to the profile path. Disabled
 
Policy Setting
TS User Home Directory Enabled
Location: On the Network
Home Dir Root Path: \\file2\user\%username%
If home path is on the network, specify drive letter for the mapped drive.
Drive Letter H:
 
User Configuration (Enabled)
Windows Settings
Folder Redirection
Desktop
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\file2\user\%username%\Citrix\Desktop
Options
Grant user exclusive rights to Desktop Enabled
Move the contents of Desktop to the new location Enabled
Policy Removal Behavior Leave contents

My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\file2\user\%username%\Citrix\My Documents
Options
Grant user exclusive rights to My Documents Enabled
Move the contents of My Documents to the new location Enabled
Policy Removal Behavior Leave contents

Does the Everyone group have Full COntrol permissions on the Share?  Did you disable offline caching for all the shares?

I did everything you said and still nothing.

Do I need to put anything in the users TS Profile tab in active directory?

No, you need to put nothing in the TS Profile tab.

Does it matter if I only run an app and not log into the desktop itself?

Do I need ot create the user directory on the share of Users and profiles such as test?

What I did is the following

I created a user test and created an app to go directly to on of the servers defined in the ou of the policy. I logged in directly to the desktop of the server and it still won't create the roaming profiles.

I went to the share Users and set full permissions to everyone and the ntfs security I added everyone FC to make sure it wasn't a permissions issue.

I went and modified the policy under


User Configuration (Enabled)
Windows Settings
Folder Redirection
Desktop
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\file2\user\%username%\Citrix\Desktop
Options
Grant user exclusive rights to Desktop Enabled
Move the contents of Desktop to the new location Enabled
Policy Removal Behavior Leave contents

My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\file2\user\%username%\Citrix\My Documents
Options
Grant user exclusive rights to My Documents Enabled
Move the contents of My Documents to the new location Enabled
Policy Removal Behavior Leave contents

When I try to add the unc path of \\file2\user\%username%\Citrix\My Documents
it says that "The Specified taget location is not valid". Si I change it to this \\file2\users and it accepts it.
Although it accepts the full path for Start Menu only of  \\file2\user\%username%\Citrix\Start Menu.
Is this an indication of what's could be wrong?

You do not need to create anything under the shares.  Windows will take care of that.

According to jeremy Moskowitz's book, redirecting the Start Menu and the Desktop are static for all users NOT per use (as I assumed).  I have never had to redirect either which was the cause of my confusion.

Quoting from his book:

"The Start Menu and Desktop might seem like weird items to redirect.  However, there are some cases where you might want to.

One case is in a common computing environment <snip> where you want to make sure the same Start Menu and/or Desktop are always presented.  Then, you can lock down the target location of the redirected items to ensure that they canot be changed.

In case like these, you specifiy a shared folder with Read-only access for the security group who will use it and Full Control for just the person who can change the Start Menu or Desktop <snip>

Instead of using the %username% variable, you fix the redirection to a specific shared folder and directory <snip>"

From page 159 of Creating the Secure Managed Desktop, Sybex, ISBN: 978-0-470-27764-5

I went to the event viewer of of the server i logged in with I see the following error message

Windows cannot access the file gpt.ini for GPO cn={AAB8D770-A485-4F6A-805D-1BD0519CA229},cn=policies,cn=system,DC=Duocom,DC=local. The file must be present at the location <\\Duocom.local\SysVol\Duocom.local\Policies\{AAB8D770-A485-4F6A-805D-1BD0519CA229}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.

I think this might be the issue.

uhh, yep.  You got replication issues.  Fix those first.

Hello,

The replication has been resolved. When I try to set the Root Path under the desktop properties folder redirection IT says the following
The Specified target location is not valid.

Unless you want everyone to have the exact same desktop, you do not need the Desktop folder redirection.

If you do need it, then just make sure the physical folder exists.

Obviously my boss who originally sent me those GPOs must have gone in and did something different to get his to work.  In the GPO book I referenced, he just uses \\server\share\desktop

All I want is the user to be able to run a specific application. This application requires sending email from each user. That requires a setup of outlook for each profiles logged in across 3 citrix servers.
The mapping of H drive is now working.

But the folder redirection does not seem to work.

Sorry but I have never had any problems getting foder redirection to work.  I am starting work today on my articles for locking down (or managing is the term I prefer) a XenApp server and then setting up Roaming Profiles, Redirected Folders and a Home Folder.

I just create a share say MyDocs and give Everyone Full Control to the share and disable offlne caching.

I then create a GPO that redirects MyDocs to \\Server\MyDocs.

What happens is when you create a report of the settings it adds what happens in the background (if you look at the bottom of the dialog box you will see this).  i.e. \\Server\MyDocs\%username%\My Documents

All you need to type in is \\server\sharename

OK I found what the problem was.

I had created a folder called users. I also defined on that folder only certain permissions to allow only a user authority to create or add within their 'home' directory. So what I did is create another folder and followed you instructions and it worked fie. I have created 2 folders 1 for the users H drive and another folder for TSProfiles.

Thanks

Also,

Would you kow how to create outlook profiles on users login or should I ask another question?

I recommend, if you are not using Exchange 2007 and Outlook 2007, the use of RichProfile.

Where in group policy can I set to run the richprofile? Would you have an example/

Thanks