Solved

GPO to place an Remote Desktop Connection on clients desktop...

Posted on 2013-12-16
10
3,485 Views
Last Modified: 2013-12-16
Hello,

I'm pretty new to Group Policy but I've been asked to create a GPO to place remote desktop shortcuts on some client computers.

The Server is 2008 and so far I've created the Group Policy Object and linked it to the OU that I'm using to test; I then edited that GPO as follows:

User Configuration; Preferences; Windows Settings; Files
       
I've created a shared folder on the server and placed the remote desktop shortcut in that folder.  

In the properties of the GPO, under Files, I set the Action to "Replace", Source File to
\\<servername>\RDP\remotedesktop.RDP (which is the shared folder where I placed the shortcut).  For the Destination File, I used C:\Apps\remotedesktop.RDP (I am assuming that this folder will be created on the Client within the OU that the GPO is linked to). Under the Common tab, I checked Apply once and do not reapply.

User Configuration; Preferences; Windows Settings; Shortcuts

For the Shortcuts option, I set the Action to "Replace"; Target type "File System Object", Location "All Users Desktop"; Target Path "C:\Apps\remotedesktop.RDP "; Start in "C:\Apps".  Under the Common , I checked "Run in logged-on user's security context " and "Apply once and do not reapply".

On the client side, when I do a gpupdate /force no the C:\Apps folder isn't being created and no shortcut appears.  Instead I get an error in the applications log Event ID 4098 -

"Log Name:      Application
Source:        Group Policy Shortcuts
Date:          12/16/2013 8:59:38 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      
Description:
The user 'REMOTEDESKTOP.RDP' preference item in the 'Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Shortcuts" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T12:59:38.000000000Z" />
    <EventRecordID>7118</EventRecordID>
    <Channel>Application</Channel>
    <Computer>COMPUTERNAME.DOMAIN</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>user</Data>
    <Data>ops-pdc-1.RDP</Data>
    <Data>Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}</Data>
    <Data>0x80070002 The system cannot find the file specified.</Data>
  </EventData>
</Event>

I hope I haven't confused the issue but any help would be greatly appreciated!

Thanks in advance.
0
Comment
Question by:BadToro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 39721414
To me this seems like it is a permissions issues to the location where the RDP file is located. Have you confirmed that the users who will be accessing accessing this share have permissions?

Once logged on you can try going to the UNC path where the files are located as that user. If you cant access it this is probably your problem.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721420
This is a permission issue. You need to ensure that the users have the right to create folders on C:\ without elevation/UAC. Why not just create the RDP file on the user's desktop or drop it inside their user profile/My Documents and create the shortcut on the desktop.
0
 

Author Comment

by:BadToro
ID: 39721594
Thanks for responding so quickly.  I can access the file using a UNC path to the folder, tested that by using UNC and copying the .RDP file directly to my C: drive.  Which means that I can create a folder on the C drive as well.

The reason i'm looking to use a GPO is because this shortcut will have to be created on many different PCs across various locations.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721613
Of course you should use GPOs, what I am suggesting is that you copy the RDP file (using GPO) to %userprofile%\desktop instead of C:\Apps
0
 

Author Comment

by:BadToro
ID: 39721642
Ok, gotcha.  So I changed my paths in Files and the Shortcuts to %userprofile%\desktop\remotedesktop.RDP but I still get the error when I fun gpupdate /force.

Log Name:      Application
Source:        Group Policy Shortcuts
Date:          12/16/2013 11:28:11 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      
Description:
The user 'remotedesktop.RDP' preference item in the 'Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Shortcuts" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T15:28:11.000000000Z" />
    <EventRecordID>7180</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXXX</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>user</Data>
    <Data>ops-pdc-1.RDP</Data>
    <Data>Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}</Data>
    <Data>0x80070002 The system cannot find the file specified.</Data>
  </EventData>
</Event>
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721944
Can you try changing the action from Replace to Create and see if you get the same error.
0
 

Author Comment

by:BadToro
ID: 39721998
Changed to Create instead but got the same error : Group Policy Object did not apply because it failed with error code:0x80070003  The system cannot find the path specified
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 500 total points
ID: 39722034
Ok so it's still a permissions issue. Gpp applies using the local system context. This will not have access to your share.

Under the common options for the Gpp you need to set it to run as the logged on user.  

http://technet.microsoft.com/en-us/library/cc772371.aspx
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 39722038
If the Run in logged-on user's security context option is selected, it changes the security context under which the preference item is processed. The preference extension processes preference items in the security context of the logged-on user. This allows the preference extension to access resources as the user rather than the computer. This can be especially important when using drive maps or other preferences in which the computer may not have permissions to resources or when using environment variables. The value of many environment variables differs when evaluated in a security context other than the logged-on user.
0
 

Author Closing Comment

by:BadToro
ID: 39722359
Thanks for all the help guys, this was definitely the issue - as soon as I enabled that option and updated the group policy on the client the shortcut appeared.

Thanks again.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS logs 1 32
is a device online 4 42
Active Directory Replication 1 24
Raising the AD forest\domain functional level 1 12
In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question