Solved

RDS Desktop per each OU

Posted on 2013-01-16
9
293 Views
Last Modified: 2013-03-02
Hello Experts,

I have an Windows 2008 R2 environment using RDS and I want to make different Desktops per OU or based on member groups.

My current setup is that I have an OU named RDS - Users and move users to this OU when I deploy a thin client for them.   I want each department to have their own desktop because departments are removing other departments shortcuts (not nice).

Can anyone please provide me details of the best way to organize this separation?
0
Comment
Question by:tucktech
  • 5
  • 4
9 Comments
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38790330
The best way is by security groups.  You would publish the various desktops to the various security groups.

A lot depends on how many "different" desktops you want to provide.  If it is fairly minimal, you can redirect the desktop to a read-only folder for each department, which keeps them from seeing non-relevant icons and keeps them from deleting things they shouldn't.  If they need read/write access to the desktop, then I would redirect to either their own home directories (optimal), or maybe a department directory.  Then you would place the "read only" icons in c:\users\public\desktop, which will keep them from being deleted.

I typically do not bothering moving the users - it's burdensome, and can cause issues if they are not *always* going to be on that RDS host.  it's better to configure an OU for the RDS hosts, and use loopback processing on the group policies, so that that OU controls the GPO settings.  

Coralon
0
 

Author Comment

by:tucktech
ID: 38802162
So, should I create my overall RDS group policy at a domain level with loopback processing and then create a department group policy where I change desktop redirection?

Currently I have a gpo at an OU level and the a specific folder redirection for desktop, documents etc.  I guess I could remove the desktop and change it for the individual OUs.

Your thoughts..
0
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38808297
You would do the RDS loopback policy at the OU level, as low as possible.  
From your response, it sounds like you want folder redirection specific to an OU?  You may be able to use the WMI targeting with registry settings, but it would be far simpler to just use the advanced folder redirection for different security groups.

Coralon
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:tucktech
ID: 38808344
Can you elaborate on the advanced folder redirection?  Not sure I understand the details.
0
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38810545
When you set up the Folder Redirection in a GPO, you have to select the "level".
1. None
2. Basic - all users to the same location
3. Advanced - different groups of users to different locations.

In basic, you might redirect My Documents to \\server\share.  In that case, each person gets their own directory like \\server\share\coralon\documents.  (The dialog will show you an example).

In advanced you will select various groups, and pick the shares for each of those groups.

Coralon
0
 

Author Comment

by:tucktech
ID: 38875994
Sorry for the late responses.  I will be working on my test server to try these out.  It will take me about a week to get this problem again.
0
 

Author Comment

by:tucktech
ID: 38902237
Hello, I am not understanding the group setting for redirection of desktop.

I have an OU called - RDS-Users.  I have a Security Group - Global named "Billing-Grp".  I have added redirection for both the RDS-User and Billing-Grp.  My user has is a member of both.

My GPO are all under RDS-Users as I am trying to avoid setting up a major GPO for each department for RDS.

When I login I get the desktop for RDS-USers and I want Billing-GRP desktop.
0
 
LVL 24

Accepted Solution

by:
Coralon earned 400 total points
ID: 38903988
You should not have overlapping users.  You have to decide how you want to lay it out.. if you are going to use groups for your redirection, either pick unique groups, or make unique groups.  If you have overlap, then it gets into policy priority as for who gets what & where.

but, if everyone is on one server, then you can stick with the basic.

Coralon
0
 

Author Closing Comment

by:tucktech
ID: 38945191
I am trying all these suggestions in a lab.  I believe you have provided solid advise but I think I have to test it out to get a real life feel.  My users are going to change requirements at a whim as they already have (i.e. I don't want to be able to delete ICONS, oh by the way how come I can't delete ICONs..... arrgh).  Yes, I need to step back and get better business agreement.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question