Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPO to place an Remote Desktop Connection on clients desktop...

Posted on 2013-12-16
10
Medium Priority
?
3,597 Views
Last Modified: 2013-12-16
Hello,

I'm pretty new to Group Policy but I've been asked to create a GPO to place remote desktop shortcuts on some client computers.

The Server is 2008 and so far I've created the Group Policy Object and linked it to the OU that I'm using to test; I then edited that GPO as follows:

User Configuration; Preferences; Windows Settings; Files
       
I've created a shared folder on the server and placed the remote desktop shortcut in that folder.  

In the properties of the GPO, under Files, I set the Action to "Replace", Source File to
\\<servername>\RDP\remotedesktop.RDP (which is the shared folder where I placed the shortcut).  For the Destination File, I used C:\Apps\remotedesktop.RDP (I am assuming that this folder will be created on the Client within the OU that the GPO is linked to). Under the Common tab, I checked Apply once and do not reapply.

User Configuration; Preferences; Windows Settings; Shortcuts

For the Shortcuts option, I set the Action to "Replace"; Target type "File System Object", Location "All Users Desktop"; Target Path "C:\Apps\remotedesktop.RDP "; Start in "C:\Apps".  Under the Common , I checked "Run in logged-on user's security context " and "Apply once and do not reapply".

On the client side, when I do a gpupdate /force no the C:\Apps folder isn't being created and no shortcut appears.  Instead I get an error in the applications log Event ID 4098 -

"Log Name:      Application
Source:        Group Policy Shortcuts
Date:          12/16/2013 8:59:38 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      
Description:
The user 'REMOTEDESKTOP.RDP' preference item in the 'Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Shortcuts" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T12:59:38.000000000Z" />
    <EventRecordID>7118</EventRecordID>
    <Channel>Application</Channel>
    <Computer>COMPUTERNAME.DOMAIN</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>user</Data>
    <Data>ops-pdc-1.RDP</Data>
    <Data>Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}</Data>
    <Data>0x80070002 The system cannot find the file specified.</Data>
  </EventData>
</Event>

I hope I haven't confused the issue but any help would be greatly appreciated!

Thanks in advance.
0
Comment
Question by:BadToro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 39721414
To me this seems like it is a permissions issues to the location where the RDP file is located. Have you confirmed that the users who will be accessing accessing this share have permissions?

Once logged on you can try going to the UNC path where the files are located as that user. If you cant access it this is probably your problem.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721420
This is a permission issue. You need to ensure that the users have the right to create folders on C:\ without elevation/UAC. Why not just create the RDP file on the user's desktop or drop it inside their user profile/My Documents and create the shortcut on the desktop.
0
 

Author Comment

by:BadToro
ID: 39721594
Thanks for responding so quickly.  I can access the file using a UNC path to the folder, tested that by using UNC and copying the .RDP file directly to my C: drive.  Which means that I can create a folder on the C drive as well.

The reason i'm looking to use a GPO is because this shortcut will have to be created on many different PCs across various locations.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721613
Of course you should use GPOs, what I am suggesting is that you copy the RDP file (using GPO) to %userprofile%\desktop instead of C:\Apps
0
 

Author Comment

by:BadToro
ID: 39721642
Ok, gotcha.  So I changed my paths in Files and the Shortcuts to %userprofile%\desktop\remotedesktop.RDP but I still get the error when I fun gpupdate /force.

Log Name:      Application
Source:        Group Policy Shortcuts
Date:          12/16/2013 11:28:11 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      
Description:
The user 'remotedesktop.RDP' preference item in the 'Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Shortcuts" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T15:28:11.000000000Z" />
    <EventRecordID>7180</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXXX</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>user</Data>
    <Data>ops-pdc-1.RDP</Data>
    <Data>Remote Desktop Shortcut {D8E2EAB3-30F5-473A-ABCE-E0F340BE2E20}</Data>
    <Data>0x80070002 The system cannot find the file specified.</Data>
  </EventData>
</Event>
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39721944
Can you try changing the action from Replace to Create and see if you get the same error.
0
 

Author Comment

by:BadToro
ID: 39721998
Changed to Create instead but got the same error : Group Policy Object did not apply because it failed with error code:0x80070003  The system cannot find the path specified
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 2000 total points
ID: 39722034
Ok so it's still a permissions issue. Gpp applies using the local system context. This will not have access to your share.

Under the common options for the Gpp you need to set it to run as the logged on user.  

http://technet.microsoft.com/en-us/library/cc772371.aspx
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 39722038
If the Run in logged-on user's security context option is selected, it changes the security context under which the preference item is processed. The preference extension processes preference items in the security context of the logged-on user. This allows the preference extension to access resources as the user rather than the computer. This can be especially important when using drive maps or other preferences in which the computer may not have permissions to resources or when using environment variables. The value of many environment variables differs when evaluated in a security context other than the logged-on user.
0
 

Author Closing Comment

by:BadToro
ID: 39722359
Thanks for all the help guys, this was definitely the issue - as soon as I enabled that option and updated the group policy on the client the shortcut appeared.

Thanks again.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question