Solved

Server 2008, Remote Desktop Services

Posted on 2010-11-17
5
643 Views
Last Modified: 2012-05-10
I have a brand new Server 2008 Enterprise server up and running.  Of course I remote in as Administrator and work the server when it has problems.  Now I has a user, a special user, who needs to remote in using her username and password and have her desktop like the one she has when she's in the office.  In other words, she wants to log in from home into the server, and use it like a terminal server.

This user is in the admin group and she can log in.  Under her settings in AD, on the Remote Desktop Services Profile tab, I set her profile to her roaming profile and I set her H: drive to her userdata folder.  It "appears" to be set up correctly.  However, when I log in as her, all I get is the recycle bin.  I do not get her desktop items, her H: drive or anything.

I did go into the Remote Desktop Services Configuration and turned off the option to limit the number of connections.  So, I can log in as an administrator and I can log in as my user, it's just my user is not getting her desktop and her documents.

Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:jplato
ID: 34161374
If user has a desktop at office and not laptop I would suggest turning on RWW that way they remote into thier desktop and not the server.
http://technet.microsoft.com/en-us/library/sbs-2008-remote-access-management(WS.10).aspx
0
 

Author Comment

by:crp0499
ID: 34161439
i'm not on sbs...i'm on server 08 r2 enterprise
0
 
LVL 3

Expert Comment

by:jplato
ID: 34161459
Sorry I misread. What OS is she using on her desktop?
0
 
LVL 3

Accepted Solution

by:
jplato earned 500 total points
ID: 34161478
"I read that in server 2008 since 2000, xp profiles are not compatible you need to create new ones."

Not entirely correct. What *is* true that you cannot use multiple client OSes to access the same profile - e.g., Windows 2000 Pro and XP Pro users cannot roam between workstations. You don't mention having had TS for W2k before ...nor TS profiles

For TS, you have always needed to create a separate TS profile anyway. Never try to log into a TS session using a *desktop* roaming profile or you will have problems.

I would apply this via a GPO instead of in the Terminal Services profile option in ADUC so you don't need to remember to do that. Link  the policy at the OU where your TS box lives and apply loopback processing so all users get the same settings. Also see KB 278295 for some good TS lockdown suggestions. Also see MVP Patrick Rouse's articles at http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html

You don't need the .v2 stuff - a) this is TS and b) this ain't Vista.

Roaming profiles in general have not changed much over the years. Here's my boilerplate - a lot of it will apply to TS as well...especially the folder redirection stuff. TS profiles, roaming profiles - you need to keep them TINY.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,  
\\server\users\%username%\Desktop,      
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

********************
Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a n entirely *separate*  TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username%

********************
 Do not let people store any data locally - all data belongs on the server.

********************
 The User Profile Hive Cleanup Utility should be running on all your computers.  You can download it here:  http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

--------------------------------------------------------------------------------
0
 

Author Comment

by:crp0499
ID: 34164726
i think you hit on something.  her PC OS is XP Pro.  I have set up roaming profiles and I expected her profile to load on the server.  It did not and that's what threw me.  Now I think I have it.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question