Solved

RDS Desktop per each OU

Posted on 2013-01-16
9
291 Views
Last Modified: 2013-03-02
Hello Experts,

I have an Windows 2008 R2 environment using RDS and I want to make different Desktops per OU or based on member groups.

My current setup is that I have an OU named RDS - Users and move users to this OU when I deploy a thin client for them.   I want each department to have their own desktop because departments are removing other departments shortcuts (not nice).

Can anyone please provide me details of the best way to organize this separation?
0
Comment
Question by:tucktech
  • 5
  • 4
9 Comments
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38790330
The best way is by security groups.  You would publish the various desktops to the various security groups.

A lot depends on how many "different" desktops you want to provide.  If it is fairly minimal, you can redirect the desktop to a read-only folder for each department, which keeps them from seeing non-relevant icons and keeps them from deleting things they shouldn't.  If they need read/write access to the desktop, then I would redirect to either their own home directories (optimal), or maybe a department directory.  Then you would place the "read only" icons in c:\users\public\desktop, which will keep them from being deleted.

I typically do not bothering moving the users - it's burdensome, and can cause issues if they are not *always* going to be on that RDS host.  it's better to configure an OU for the RDS hosts, and use loopback processing on the group policies, so that that OU controls the GPO settings.  

Coralon
0
 

Author Comment

by:tucktech
ID: 38802162
So, should I create my overall RDS group policy at a domain level with loopback processing and then create a department group policy where I change desktop redirection?

Currently I have a gpo at an OU level and the a specific folder redirection for desktop, documents etc.  I guess I could remove the desktop and change it for the individual OUs.

Your thoughts..
0
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38808297
You would do the RDS loopback policy at the OU level, as low as possible.  
From your response, it sounds like you want folder redirection specific to an OU?  You may be able to use the WMI targeting with registry settings, but it would be far simpler to just use the advanced folder redirection for different security groups.

Coralon
0
 

Author Comment

by:tucktech
ID: 38808344
Can you elaborate on the advanced folder redirection?  Not sure I understand the details.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 400 total points
ID: 38810545
When you set up the Folder Redirection in a GPO, you have to select the "level".
1. None
2. Basic - all users to the same location
3. Advanced - different groups of users to different locations.

In basic, you might redirect My Documents to \\server\share.  In that case, each person gets their own directory like \\server\share\coralon\documents.  (The dialog will show you an example).

In advanced you will select various groups, and pick the shares for each of those groups.

Coralon
0
 

Author Comment

by:tucktech
ID: 38875994
Sorry for the late responses.  I will be working on my test server to try these out.  It will take me about a week to get this problem again.
0
 

Author Comment

by:tucktech
ID: 38902237
Hello, I am not understanding the group setting for redirection of desktop.

I have an OU called - RDS-Users.  I have a Security Group - Global named "Billing-Grp".  I have added redirection for both the RDS-User and Billing-Grp.  My user has is a member of both.

My GPO are all under RDS-Users as I am trying to avoid setting up a major GPO for each department for RDS.

When I login I get the desktop for RDS-USers and I want Billing-GRP desktop.
0
 
LVL 24

Accepted Solution

by:
Coralon earned 400 total points
ID: 38903988
You should not have overlapping users.  You have to decide how you want to lay it out.. if you are going to use groups for your redirection, either pick unique groups, or make unique groups.  If you have overlap, then it gets into policy priority as for who gets what & where.

but, if everyone is on one server, then you can stick with the basic.

Coralon
0
 

Author Closing Comment

by:tucktech
ID: 38945191
I am trying all these suggestions in a lab.  I believe you have provided solid advise but I think I have to test it out to get a real life feel.  My users are going to change requirements at a whim as they already have (i.e. I don't want to be able to delete ICONS, oh by the way how come I can't delete ICONs..... arrgh).  Yes, I need to step back and get better business agreement.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now