Solved

Server 2008, Remote Desktop Services

Posted on 2010-11-17
5
637 Views
Last Modified: 2012-05-10
I have a brand new Server 2008 Enterprise server up and running.  Of course I remote in as Administrator and work the server when it has problems.  Now I has a user, a special user, who needs to remote in using her username and password and have her desktop like the one she has when she's in the office.  In other words, she wants to log in from home into the server, and use it like a terminal server.

This user is in the admin group and she can log in.  Under her settings in AD, on the Remote Desktop Services Profile tab, I set her profile to her roaming profile and I set her H: drive to her userdata folder.  It "appears" to be set up correctly.  However, when I log in as her, all I get is the recycle bin.  I do not get her desktop items, her H: drive or anything.

I did go into the Remote Desktop Services Configuration and turned off the option to limit the number of connections.  So, I can log in as an administrator and I can log in as my user, it's just my user is not getting her desktop and her documents.

Ideas?

Thanks

Cliff
0
Comment
Question by:crp0499
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:jplato
Comment Utility
If user has a desktop at office and not laptop I would suggest turning on RWW that way they remote into thier desktop and not the server.
http://technet.microsoft.com/en-us/library/sbs-2008-remote-access-management(WS.10).aspx
0
 

Author Comment

by:crp0499
Comment Utility
i'm not on sbs...i'm on server 08 r2 enterprise
0
 
LVL 3

Expert Comment

by:jplato
Comment Utility
Sorry I misread. What OS is she using on her desktop?
0
 
LVL 3

Accepted Solution

by:
jplato earned 500 total points
Comment Utility
"I read that in server 2008 since 2000, xp profiles are not compatible you need to create new ones."

Not entirely correct. What *is* true that you cannot use multiple client OSes to access the same profile - e.g., Windows 2000 Pro and XP Pro users cannot roam between workstations. You don't mention having had TS for W2k before ...nor TS profiles

For TS, you have always needed to create a separate TS profile anyway. Never try to log into a TS session using a *desktop* roaming profile or you will have problems.

I would apply this via a GPO instead of in the Terminal Services profile option in ADUC so you don't need to remember to do that. Link  the policy at the OU where your TS box lives and apply loopback processing so all users get the same settings. Also see KB 278295 for some good TS lockdown suggestions. Also see MVP Patrick Rouse's articles at http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html

You don't need the .v2 stuff - a) this is TS and b) this ain't Vista.

Roaming profiles in general have not changed much over the years. Here's my boilerplate - a lot of it will apply to TS as well...especially the folder redirection stuff. TS profiles, roaming profiles - you need to keep them TINY.

********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

4. Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

********************
Notes:

Make sure users understand that they should not log into multiple computers at the same time when they have roaming profiles (unless you make the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change them, which has major disadvantages),. Explain that the 'last one out wins' when it comes to uploading the final, changed copy of the profile. If you want to restrict multiple simultaneous network logins, look at LimitLogon (too much overhead for me), or this: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

********************
Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents,  
\\server\users\%username%\Desktop,      
\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

********************
Note that user profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

*********************
If you also have Terminal Services users, make sure you set up a n entirely *separate*  TS profile path for them in their ADUC properties - e.g., \\server\tsprofiles$\%username%

********************
 Do not let people store any data locally - all data belongs on the server.

********************
 The User Profile Hive Cleanup Utility should be running on all your computers.  You can download it here:  http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

********************
Roaming profile & folder redirection article -
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

--------------------------------------------------------------------------------
0
 

Author Comment

by:crp0499
Comment Utility
i think you hit on something.  her PC OS is XP Pro.  I have set up roaming profiles and I expected her profile to load on the server.  It did not and that's what threw me.  Now I think I have it.
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now