Solved

Folder redirection on XenApp 5 on Windows 2008 SP2 Server

Posted on 2010-09-15
1
1,377 Views
Last Modified: 2012-05-10
Hiya,

Currently supporting a XENAPP 5 server that has a desktop published on the server (CTX1). The Desktop and Start Menu for Domain Users accounts are redirected to the \\Domain\netlogon\Citrix\Desktop and \\Domain\netlogon\Citrix\StartMenu folders. The "Authenticated users' group have Read and Execute access to the \\Domain\netlogon\Citrix folder and sub folders. We also have a group policy that sets Terminal Services Profile to a file server (FILE1) for all users.

The first time a new user logs onto the published desktop they are able to double click on the icons on the redirected desktop and start menu and launch the applications. However, if the same user tries to log onto the published desktop, the applications won't launch when the user tries to double click on the icons on the redirected desktop and start menu.

The following error is displayed in the Application Event viewer on the server when domain users log onto a XENAPP 5 Published Desktop: -
"Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect" issue that results in having to wait a few minutes before being able to access the start menu icons.

As a test, I temporarily gave "Authenticated users" Read and Execute AND Write access to the \\Domain\netlogon\Citrix folder and sub folders. Then the applications do launch when the user tries to double click on the icons on the redirected desktop and start menu, dispite how many times the user logs onto the CTX1.

I also tested the Desktop and Start Menu for Domain Users are redirected to the \\FILE1\Citrix\Desktop and \\FILE1\Citrix\StartMenu shared folders and the "Authenticated users" group have Read and Execute access to these folders and sub folders. Then the applications will also launch when the user tries to double click on the icons on the redirected desktop and start menu, dispite how many times the user logs onto the CTX1.

Ideally, we want the Desktop and Start Menu for Domain Users accounts are redirected to the \\Domain\netlogon\Citrix\Desktop and \\Domain\netlogon\Citrix\StartMenu folders. We also want the "Authenticated users' group to have Read and Execute access to the \\Domain\netlogon\Citrix folder and sub folders.

I've gone through many of the forums and not had any luck, please assist.
0
Comment
Question by:klikon
1 Comment
 
LVL 3

Accepted Solution

by:
sbo2002 earned 250 total points
Comment Utility
The netlogon share on the domain controller is not the appropriate place to store data of any kind. That's a special share created by Windows to support domain authentication functions.

If you've adjusted the permissions on the netlogon share, the first step you should take is to put them back to the default. With write access, users can upload all kinds of stuff to that folder, which will impact your domain functionality because that folder gets replicated among the domain controllers.

Create a new folder somewhere, share it, then move your Start menu and whatever other redirected folders you have to that location.

The setup you have using \\FILE1 is the correct way to do what you want. Using the netlogon share is not only not ideal, it is something that you don't want to do under any circumstances.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now