Solved

Delete Temp Folders on Remote Desktop Services 2012

Posted on 2013-12-16
6
3,507 Views
Last Modified: 2013-12-29
We are currently rolling out Remote Desktop Services 2012.  Our test users hit an issue that they were unable to print from Internet Explorer they received an empty page with a file path at the bottom pointing to a Low folder within their user profile that didn't exist.  We have rectified this after some searching by turning off per session folders and creating a logon script that sets the Low folder to Low integrity level.  However by disabling per session folders within group policy the temp folders are not deleting on exit. This seems to be due to the fact under group policy  - Remote Desktop Host  - Temp Folder policy requires the 'Do not use temporary folders per session' to be disabled (i.e to allow creation) to enable the 'Do Not Delete temp folders upon exit' - to be disabled (therefore deleting temp folders)  However if I enable per session folders to allow temp folders to be deleted it then stops my users from printing from IE as the workaround requires per session folders to be switched off!  it seems I can't have both the option to set the Low integrity folder to allow printing and also to enable Temp folder to delete on log off. Any help gratefully received.
0
Comment
Question by:ernie10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Coralon
ID: 39728335
You need to dig in deeper.. turning off per-session temp folders is a terrible idea.  (I have no idea why MS even still has that as an option..  Citrix had created that back with WinFrame when the temp directory didn't always matter very much, but those days are long past).

Can you capture a procmon trace against a failed IE print, so we can see what is really going on?

Coralon
0
 

Author Comment

by:ernie10
ID: 39728822
Coralon

Thanks for response, I have turned per user sessions back on and done a trace on one user when they try to print form IE  the error on the document is ' file:///C:/Users/%username%/AppData/Local/Temp/6/Low/oWSKXEBD.htm'.  I have captured the main part of the document where it points to the Low folder Path not found - as this seems to be the issue as it doesn't create the Low folder within the user session.  We initially thought we could create a script to sort this however couldn't get it to work with the session id changing all the time.
Trace.jpg
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39730995
Unfortunately, Path Not Found is a standard response.. all it really means is that it is trying to find a path and it's not there.  It doesn't mean it won't/can't be created.. just that it's not there at that moment.  

I was hoping for the full capture to look through it.. but something to check for while this happens:
1. Are you sure the Low directory is not being created? It is a standard part of AppData? During this incident, I would verify if it is there or not. If it is not, then you have a serious server issue (like possibly rebuild it type of serious).
2. Are you seeing any access denied errors? Those are usually the culprits.  

Also.. can they print anything from that server?  (I'd publish notepad to them, and try it.)
Can they print from IE at all, or is just one particular site/page that they can't?

Coralon
0
 

Accepted Solution

by:
ernie10 earned 0 total points
ID: 39737877
We are sure the low folder is not created and this is an issue on our other RDSH server and also all windows 8 PCs for none admins.

We have now resolved this by enabling temp folders per session, and creating the low folder in a logon script for users to the path %temp%.

mkdir %temp%\Low
ICACLS %temp%\Low /setintegritylevel (OI)(CI)low
0
 

Author Closing Comment

by:ernie10
ID: 39744497
Creating the folder in the logon script using the %temp% variable enabled the folder to be created regardless of the session number allocated as the %temp% is locate in the session number folder path
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question