[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Server 2008 Start Menu Redirection via GPO

Posted on 2012-04-01
16
Medium Priority
?
260 Views
Last Modified: 2014-08-07
OVERVIEW
Have Server 2008 R2 w/Active Directory
Have Server 2008 R2 Terminal Server
+ Everything works correctly and has been in production for 1 yr +

QUESTION
I have different groups of users (Mgmt, Graphics, Accounting) that I want to have specific start menus.

How do I go about setting this up?
  -How should their profile be configured in active directory?
  - Do I edit the default domain policy or do I create a new one?

COMMENTS
This is my first foray into working with group policy and start menu redirection, so I would say I am a "newbie" at this, so please be specific and clear in your replies.

Thanks,
0
Comment
Question by:tech911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
16 Comments
 
LVL 7

Expert Comment

by:Martin81
ID: 37793081
If you just want to apply the folder redirection on your ts not to desktops you should apply the settings to a gpo linked to the OU that contains your ts, which should be in its own ou. You'd need to enable group policy loopback processing in the gpo, which allows you to apply user settings in a gpo linked to an ou containing computers.

The folder redirection settings for the different groups can all be configured on one gpo using the setting for 'advanced -specify  locations for various user groups'. Have a look at this guide to configuring that http://www.group-policy.com/gp%5Cfolder_redirection.smp
0
 
LVL 3

Author Comment

by:tech911
ID: 37793095
Again I am new, so forgive the stupid questions up front...

Do I create a new OU or should one already exist that has my TS in it?

IF I do I create a new OU, where do I create it?(Active Directory)

Do I then create a new GP in GP manager, then apply the GP to the OU in GP mgr?

I will read link, you tell me what you think?
0
 
LVL 7

Expert Comment

by:Martin81
ID: 37793139
"Do I create a new OU or should one already exist that has my TS in it?"
There will probably already be an OU that it's in, although it could be in the computers container which you can't link GPO's to. Have a look in Active Directory Users and Computers to find out. There reason you want the TS in it's own OU is that the GPO you link to the OU will apply to all computers in that OU, for example if you have a servers OU that the TS is in if you apply your folder redirection policy to that OU it would apply to the other servers in that OU as well.

"IF I do I create a new OU, where do I create it?(Active Directory)"
Yes if you need to create one you can do it from AD, right click and choose new organizational unit. If it's already in an OU that has GPO's linked to it you may want to create the new OU as a child OU of the existing OU, that way those policies will still be inherited and applied when you move the ts computer account to the new OU.

"Do I then create a new GP in GP manager, then apply the GP to the OU in GP mgr?"
Yep right click the OU and choose create and link a new GPO here.

Before you make any changes check how the OU's are setup now and what GPO's are linked there and then decide if you need to create a new OU and GPO or if you can edit the existing ones. If you're unsure post back here the OU it's in and what else is in the OU are what if any GPO's are linked.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Author Comment

by:tech911
ID: 37793162
Thanks for the info... stand by... I will report in before the end of the day.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37793467
I have a question for both the Tech911 and the Martin81.

@Tech911:
You mentioned that you want a certain start menu when connecting to your TS Service.
Is this correct?

@Martin81
There is good guidance with regards to OU structure recommendations and utilizing Loopback, but why are there details about Folder Redirection if the Tech911  is looking to setup a different Start Menu for a certain group of TS users.  There is also no suggestions for Scoping/Filtering who gets what GPO applied in the TS server.

Here is a TechNet article that is posted from MS for Server 2003, but the methods can apply to Remote Desktop Services in Server 2008.
Scenario 1: Administering Group Policy to Provide a Consistent Terminal Services Desktop
Scenario 2: Filtering Administrators from Terminal Services Group Policies

Explaining Loopback:
As stated by Martin81 you must apply loopback to the Computer Configuration so user configurations will apply to the machine or machines within the OU that the GPO is linked to.
This method can be confusing and sometimes are to understand.


This is a article from MS Technet the illustrates the loopback process.
Loopback Technology Review

Hope this adds some insight to your question.

-Mike-
0
 
LVL 7

Expert Comment

by:Martin81
ID: 37793646
yo_bee
 
"why are there details about Folder Redirection if the Tech911  is looking to setup a different Start Menu for a certain group of TS users"
That's what setting up start menu folder redirection using the option for 'advanced -specify  locations for various user groups' will achieve. If you have a better way of doing this post it.

"There is also no suggestions for Scoping/Filtering who gets what GPO applied in the TS server."
Not required for the setting I suggested applying as it's applied based on the security groups you specify in that policy setting anyway, although worthwhile bearing in mind if there are other settings being applied, but from what's been posted that's not the case.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37793651
Good to know.
Thanks
0
 
LVL 3

Author Comment

by:tech911
ID: 37807784
FYI - We ran into a few "snags" in the process of doing this.  We are going to attempt it tomorrow...again... will advise.

Thanks for the follow up.
0
 
LVL 23

Accepted Solution

by:
yo_bee earned 1000 total points
ID: 37807858
Also I thought of one thing about the Start Menu redirection.
There needs to be a build of the structure and that can not be push via Folder Redirections.
That will need to be configured with other variables in the GPO.
0
 
LVL 3

Author Comment

by:tech911
ID: 37823351
Still have not had time to implement this for client... please continue to monitor will advise once we try it.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37823416
Ok
0
 
LVL 3

Author Comment

by:tech911
ID: 37842357
We are going to attempt this over the weekend, will advise.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37842775
Good luck on this.
0
 
LVL 3

Author Comment

by:tech911
ID: 37910973
Thanks we have not had a moment to work on this, but it is an open ticket on our end will try to keep post updated more frequently.
0
 
LVL 3

Author Closing Comment

by:tech911
ID: 40244816
Seems to be in the right direction, but low on details.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40245846
Can I ask why a C rating for the accepted solution?
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question