• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Server 2008 Start Menu Redirection via GPO

OVERVIEW
Have Server 2008 R2 w/Active Directory
Have Server 2008 R2 Terminal Server
+ Everything works correctly and has been in production for 1 yr +

QUESTION
I have different groups of users (Mgmt, Graphics, Accounting) that I want to have specific start menus.

How do I go about setting this up?
  -How should their profile be configured in active directory?
  - Do I edit the default domain policy or do I create a new one?

COMMENTS
This is my first foray into working with group policy and start menu redirection, so I would say I am a "newbie" at this, so please be specific and clear in your replies.

Thanks,
0
tech911
Asked:
tech911
  • 7
  • 6
  • 3
1 Solution
 
Martin81Commented:
If you just want to apply the folder redirection on your ts not to desktops you should apply the settings to a gpo linked to the OU that contains your ts, which should be in its own ou. You'd need to enable group policy loopback processing in the gpo, which allows you to apply user settings in a gpo linked to an ou containing computers.

The folder redirection settings for the different groups can all be configured on one gpo using the setting for 'advanced -specify  locations for various user groups'. Have a look at this guide to configuring that http://www.group-policy.com/gp%5Cfolder_redirection.smp
0
 
tech911Author Commented:
Again I am new, so forgive the stupid questions up front...

Do I create a new OU or should one already exist that has my TS in it?

IF I do I create a new OU, where do I create it?(Active Directory)

Do I then create a new GP in GP manager, then apply the GP to the OU in GP mgr?

I will read link, you tell me what you think?
0
 
Martin81Commented:
"Do I create a new OU or should one already exist that has my TS in it?"
There will probably already be an OU that it's in, although it could be in the computers container which you can't link GPO's to. Have a look in Active Directory Users and Computers to find out. There reason you want the TS in it's own OU is that the GPO you link to the OU will apply to all computers in that OU, for example if you have a servers OU that the TS is in if you apply your folder redirection policy to that OU it would apply to the other servers in that OU as well.

"IF I do I create a new OU, where do I create it?(Active Directory)"
Yes if you need to create one you can do it from AD, right click and choose new organizational unit. If it's already in an OU that has GPO's linked to it you may want to create the new OU as a child OU of the existing OU, that way those policies will still be inherited and applied when you move the ts computer account to the new OU.

"Do I then create a new GP in GP manager, then apply the GP to the OU in GP mgr?"
Yep right click the OU and choose create and link a new GPO here.

Before you make any changes check how the OU's are setup now and what GPO's are linked there and then decide if you need to create a new OU and GPO or if you can edit the existing ones. If you're unsure post back here the OU it's in and what else is in the OU are what if any GPO's are linked.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
tech911Author Commented:
Thanks for the info... stand by... I will report in before the end of the day.
0
 
yo_beeDirector of Information TechnologyCommented:
I have a question for both the Tech911 and the Martin81.

@Tech911:
You mentioned that you want a certain start menu when connecting to your TS Service.
Is this correct?

@Martin81
There is good guidance with regards to OU structure recommendations and utilizing Loopback, but why are there details about Folder Redirection if the Tech911  is looking to setup a different Start Menu for a certain group of TS users.  There is also no suggestions for Scoping/Filtering who gets what GPO applied in the TS server.

Here is a TechNet article that is posted from MS for Server 2003, but the methods can apply to Remote Desktop Services in Server 2008.
Scenario 1: Administering Group Policy to Provide a Consistent Terminal Services Desktop
Scenario 2: Filtering Administrators from Terminal Services Group Policies

Explaining Loopback:
As stated by Martin81 you must apply loopback to the Computer Configuration so user configurations will apply to the machine or machines within the OU that the GPO is linked to.
This method can be confusing and sometimes are to understand.


This is a article from MS Technet the illustrates the loopback process.
Loopback Technology Review

Hope this adds some insight to your question.

-Mike-
0
 
Martin81Commented:
yo_bee
 
"why are there details about Folder Redirection if the Tech911  is looking to setup a different Start Menu for a certain group of TS users"
That's what setting up start menu folder redirection using the option for 'advanced -specify  locations for various user groups' will achieve. If you have a better way of doing this post it.

"There is also no suggestions for Scoping/Filtering who gets what GPO applied in the TS server."
Not required for the setting I suggested applying as it's applied based on the security groups you specify in that policy setting anyway, although worthwhile bearing in mind if there are other settings being applied, but from what's been posted that's not the case.
0
 
yo_beeDirector of Information TechnologyCommented:
Good to know.
Thanks
0
 
tech911Author Commented:
FYI - We ran into a few "snags" in the process of doing this.  We are going to attempt it tomorrow...again... will advise.

Thanks for the follow up.
0
 
yo_beeDirector of Information TechnologyCommented:
Also I thought of one thing about the Start Menu redirection.
There needs to be a build of the structure and that can not be push via Folder Redirections.
That will need to be configured with other variables in the GPO.
0
 
tech911Author Commented:
Still have not had time to implement this for client... please continue to monitor will advise once we try it.
0
 
yo_beeDirector of Information TechnologyCommented:
Ok
0
 
tech911Author Commented:
We are going to attempt this over the weekend, will advise.
0
 
yo_beeDirector of Information TechnologyCommented:
Good luck on this.
0
 
tech911Author Commented:
Thanks we have not had a moment to work on this, but it is an open ticket on our end will try to keep post updated more frequently.
0
 
tech911Author Commented:
Seems to be in the right direction, but low on details.
0
 
yo_beeDirector of Information TechnologyCommented:
Can I ask why a C rating for the accepted solution?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 7
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now