Solved

Server 2008, Remote Desktop Services

Posted on 2010-11-17
5
642 Views
Last Modified: 2012-05-10
I have a brand new Server 2008 Enterprise server up and running.  Of course I remote in as Administrator and work the server when it has problems.  Now I has a user, a special user, who needs to remote in using her username and password and have her desktop like the one she has when she's in the office.  In other words, she wants to log in from home into the server, and use it like a terminal server.

This user is in the admin group and she can log in.  Under her settings in AD, on the Remote Desktop Services Profile tab, I set her profile to her roaming profile and I set her H: drive to her userdata folder.  It "appears" to be set up correctly.  However, when I log in as her, all I get is the recycle bin.  I do not get her desktop items, her H: drive or anything.

I did go into the Remote Desktop Services Configuration and turned off the option to limit the number of connections.  So, I can log in as an administrator and I can log in as my user, it's just my user is not getting her desktop and her documents.

Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:jplato
ID: 34161374
If user has a desktop at office and not laptop I would suggest turning on RWW that way they remote into thier desktop and not the server.
http://technet.microsoft.com/en-us/library/sbs-2008-remote-access-management(WS.10).aspx
0
 

Author Comment

by:crp0499
ID: 34161439
i'm not on sbs...i'm on server 08 r2 enterprise
0
 
LVL 3

Expert Comment

by:jplato
ID: 34161459
Sorry I misread. What OS is she using on her desktop?
0
 
LVL 3

Accepted Solution

by:
jplato earned 500 total points
ID: 34161478
"I read that in server 2008 since 2000, xp profiles are not compatible you need to create new ones."

Not entirely correct. What *is* true that you cannot use multiple client OSes to access the same profile - e.g., Windows 2000 Pro and XP Pro users cannot roam between workstations. You don't mention having had TS for W2k before ...nor TS profiles

For TS, you have always needed to create a separate TS profile anyway. Never try to log into a TS session using a *desktop* roaming profile or you will have problems.

I would apply this via a GPO instead of in the Terminal Services profile option in ADUC so you don't need to remember to do that. Link  the policy at the OU where your TS box lives and apply loopback processing so all users get the same settings. Also see KB 278295 for some good TS lockdown suggestions. Also see MVP Patrick Rouse's articles at http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html

You don't need the .v2 stuff - a) this is TS and b) this ain't Vista.

Roaming profiles in general have not changed much over the years. Here's my boilerplate - a lot of it will apply to TS as well...especially the folder redirection stuff. TS profiles, roaming profiles - you need to keep them TINY.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,  
\\server\users\%username%\Desktop,      
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

********************
Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a n entirely *separate*  TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username%

********************
 Do not let people store any data locally - all data belongs on the server.

********************
 The User Profile Hive Cleanup Utility should be running on all your computers.  You can download it here:  http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

--------------------------------------------------------------------------------
0
 

Author Comment

by:crp0499
ID: 34164726
i think you hit on something.  her PC OS is XP Pro.  I have set up roaming profiles and I expected her profile to load on the server.  It did not and that's what threw me.  Now I think I have it.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question