Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Folder redirection on XenApp 5 on Windows 2008 SP2 Server

Posted on 2010-09-15
1
Medium Priority
?
1,392 Views
Last Modified: 2012-05-10
Hiya,

Currently supporting a XENAPP 5 server that has a desktop published on the server (CTX1). The Desktop and Start Menu for Domain Users accounts are redirected to the \\Domain\netlogon\Citrix\Desktop and \\Domain\netlogon\Citrix\StartMenu folders. The "Authenticated users' group have Read and Execute access to the \\Domain\netlogon\Citrix folder and sub folders. We also have a group policy that sets Terminal Services Profile to a file server (FILE1) for all users.

The first time a new user logs onto the published desktop they are able to double click on the icons on the redirected desktop and start menu and launch the applications. However, if the same user tries to log onto the published desktop, the applications won't launch when the user tries to double click on the icons on the redirected desktop and start menu.

The following error is displayed in the Application Event viewer on the server when domain users log onto a XENAPP 5 Published Desktop: -
"Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect" issue that results in having to wait a few minutes before being able to access the start menu icons.

As a test, I temporarily gave "Authenticated users" Read and Execute AND Write access to the \\Domain\netlogon\Citrix folder and sub folders. Then the applications do launch when the user tries to double click on the icons on the redirected desktop and start menu, dispite how many times the user logs onto the CTX1.

I also tested the Desktop and Start Menu for Domain Users are redirected to the \\FILE1\Citrix\Desktop and \\FILE1\Citrix\StartMenu shared folders and the "Authenticated users" group have Read and Execute access to these folders and sub folders. Then the applications will also launch when the user tries to double click on the icons on the redirected desktop and start menu, dispite how many times the user logs onto the CTX1.

Ideally, we want the Desktop and Start Menu for Domain Users accounts are redirected to the \\Domain\netlogon\Citrix\Desktop and \\Domain\netlogon\Citrix\StartMenu folders. We also want the "Authenticated users' group to have Read and Execute access to the \\Domain\netlogon\Citrix folder and sub folders.

I've gone through many of the forums and not had any luck, please assist.
0
Comment
Question by:klikon
1 Comment
 
LVL 3

Accepted Solution

by:
sbo2002 earned 1000 total points
ID: 33746863
The netlogon share on the domain controller is not the appropriate place to store data of any kind. That's a special share created by Windows to support domain authentication functions.

If you've adjusted the permissions on the netlogon share, the first step you should take is to put them back to the default. With write access, users can upload all kinds of stuff to that folder, which will impact your domain functionality because that folder gets replicated among the domain controllers.

Create a new folder somewhere, share it, then move your Start menu and whatever other redirected folders you have to that location.

The setup you have using \\FILE1 is the correct way to do what you want. Using the netlogon share is not only not ideal, it is something that you don't want to do under any circumstances.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question