Solved

Server 2008, Remote Desktop Services

Posted on 2010-11-17
5
638 Views
Last Modified: 2012-05-10
I have a brand new Server 2008 Enterprise server up and running.  Of course I remote in as Administrator and work the server when it has problems.  Now I has a user, a special user, who needs to remote in using her username and password and have her desktop like the one she has when she's in the office.  In other words, she wants to log in from home into the server, and use it like a terminal server.

This user is in the admin group and she can log in.  Under her settings in AD, on the Remote Desktop Services Profile tab, I set her profile to her roaming profile and I set her H: drive to her userdata folder.  It "appears" to be set up correctly.  However, when I log in as her, all I get is the recycle bin.  I do not get her desktop items, her H: drive or anything.

I did go into the Remote Desktop Services Configuration and turned off the option to limit the number of connections.  So, I can log in as an administrator and I can log in as my user, it's just my user is not getting her desktop and her documents.

Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:jplato
ID: 34161374
If user has a desktop at office and not laptop I would suggest turning on RWW that way they remote into thier desktop and not the server.
http://technet.microsoft.com/en-us/library/sbs-2008-remote-access-management(WS.10).aspx
0
 

Author Comment

by:crp0499
ID: 34161439
i'm not on sbs...i'm on server 08 r2 enterprise
0
 
LVL 3

Expert Comment

by:jplato
ID: 34161459
Sorry I misread. What OS is she using on her desktop?
0
 
LVL 3

Accepted Solution

by:
jplato earned 500 total points
ID: 34161478
"I read that in server 2008 since 2000, xp profiles are not compatible you need to create new ones."

Not entirely correct. What *is* true that you cannot use multiple client OSes to access the same profile - e.g., Windows 2000 Pro and XP Pro users cannot roam between workstations. You don't mention having had TS for W2k before ...nor TS profiles

For TS, you have always needed to create a separate TS profile anyway. Never try to log into a TS session using a *desktop* roaming profile or you will have problems.

I would apply this via a GPO instead of in the Terminal Services profile option in ADUC so you don't need to remember to do that. Link  the policy at the OU where your TS box lives and apply loopback processing so all users get the same settings. Also see KB 278295 for some good TS lockdown suggestions. Also see MVP Patrick Rouse's articles at http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html

You don't need the .v2 stuff - a) this is TS and b) this ain't Vista.

Roaming profiles in general have not changed much over the years. Here's my boilerplate - a lot of it will apply to TS as well...especially the folder redirection stuff. TS profiles, roaming profiles - you need to keep them TINY.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,  
\\server\users\%username%\Desktop,      
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

********************
Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a n entirely *separate*  TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username%

********************
 Do not let people store any data locally - all data belongs on the server.

********************
 The User Profile Hive Cleanup Utility should be running on all your computers.  You can download it here:  http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

--------------------------------------------------------------------------------
0
 

Author Comment

by:crp0499
ID: 34164726
i think you hit on something.  her PC OS is XP Pro.  I have set up roaming profiles and I expected her profile to load on the server.  It did not and that's what threw me.  Now I think I have it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now