troubleshooting Question

Terminal Services/RDS policies  - folder redirection

Avatar of Line One
Line One asked on
Active DirectoryWindows Server 2008
13 Comments1 Solution1368 ViewsLast Modified:
Folks,

Up until now I have been using the steps at the bottom for creating Terminal Services and as a result have 3 GPO's when I set up a Terminal Server system.  I have had it suggested to me that with Windows 2008 R2 I should have a separate Folder Redirection GPO as this somehow makes things more efficient but it's not been clearly explained how that works. If somebody could look over what I have in place below and address the question of what a separate policy for Folder Redirection would buy me I would appreciate it. Please feel free to critique what I have if not applicable/optimal for 2008 R2.


1) Create a separate Terminal Services OU in the domain

2) Under the TS OU create two OU's - Terminal Servers and Terminal Server User Groups

3) Create 3 GPO's and apply to the Terminal Servers OU

a) TSServers

Enable Block Policy inheritance
Disable User Configuration Settings
Permission: Authenticated Users System TS-Admins

Full Control

Read Allow Allow Allow
Write Allow Allow
Create Child Objects Allow Allow
Delete Child Objects Allow Allow
Apply Group Policy Allow


Loopback Policy - replace mode
Delete Cached Copies of Roaming Profiles

b) AllTSUsers Policy (Includes Admin)
Disable Computer Configuration Settings

Permission: Authenticated Users System TS-Admins

Full Control Allow

Read Allow Allow Allow

Write Allow Allow
Create Child Objects Allow Allow
Delete Child Objects Allow Allow
Apply Group Policy Allow Allow

Enable: Do Not Track Shell Shortcuts During Roaming
Enable: Disable UI to Change Menu Animation Settings
Enable: Add Logoff to the Start Menu
Enable: Disable and REmove the Shut Down Command
Enable: Do Not Use the Search-based Method When Resolving Shell Shortcuts
Enable: No Screen Saver
Enable: Group Policy Refresh Interval - 1440 (24 hours)

c) RegularTSUSERS (not including Admins)


Disable Computer Configuration Settings

Permission: Authenticated Users System TS-Admins

Full Control

Read Allow Allow Allow
Write Allow Allow
Create Child Objects Allow Allow
Delete Child Objects Allow Allow
Apply Group Policy Allow Deny

Wndows Settings\Folder Redirection - I redirect My Documents and Application Data to a network share

Administrative Templates\Windows Components\Windows Explorer
Enable: Removes the Folder Options Menu From the Tools Menu
Enable: Hide Hardware Tab

Administrative Templates\Start Menu & Taskbar
Enable: Disable and Remove Links to Windows Update
Enable: Remove Network & Dial-up
Enable: Disable Changes to Taskbar and Start Menu Settings

Administrative Templates\Desktop
Enable: Prohibit User From Changing My Documents Path

Administrative Templates\Control Panel
Enable: Disable Control Panel

Administrative Templates\Systems
Enable: Disable Registry Editing Options
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 13 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros