#Windows terminal server 2012 windows
This policy setting is located at “Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Set path for TS Roaming Profiles” When specifying the TS Profile Path enter the UNC Path to the share that will hold the user’s profiles. Do not use %UserName%, as the user’s folder will be automatically added at logon. It’s important that CREATOR OWNER has permissions to the share, or the folders will not be created when users logon. Terminal Server Roaming Profile Path – It’s of critical importance that the user’s normal roaming profile is not used when they log on to a terminal server, as this can cause profile corruption and data loss. Additionally, if user’s have a normal roaming profile, but no Terminal Server Roaming Profile is defined, the normal roaming profile will be loaded. To avoid this one can define the TS Roaming Profile Path via GPO.
#Windows terminal server 2012 how to
Now that we know how to create a GPO and enable Loopback Policy Processing, let’s discuss some commonly enabled settings for Terminal Server Environments. When enabling this policy setting, there are two options (Replace and Merge). If the goal is to only use the settings defined in this policy, Replace should be selected. If however the goal is to use the totality of the settings in this policy and the settings derived from the location of the User Account, select Merge. To enable Loopback Policy Processing in the GPO, navigate to “Computer Configuration -> Administrative Templates -> System -> Group Policy -> User Group Policy loopback processing mode”
Since Loopback GPO are often created to provide a severely locked down user environment, it’s important that the account(s) used to manage the terminal servers are not affected by the policy settings. This can be accomplished by editing the security on the GPO and enabling “Deny Apply Policy” for these accounts, so when the user logs on the locked down environment will not apply. One should also enable the “Apply Group Policy” setting for the Terminal Server Computer Objects, or a security group of which they’re a member. Once we’ve created our Terminal Servers OU we need to create a Group Policy Object (GPO) to manage these servers that will be placed in this OU. It’s worth reiterating that only the Terminal Server Computer Objects will be placed in this OU, as the location of the User Account Objects is irrelevant when using Loopback Policy Processing. To begin, we start with the Active Directory Users and Computers MMC where we want to add an OU to hold our terminal servers. If one works for a large organization, the IT Department’s duties have likely been divided like a pie, so the people managing the terminal servers may have no access to management of Active Directory or Group Policy. If you’re lucky, the Active Directory people will concede to providing the Terminal Server Admins with an Organization Unit (OU) that they can administer. If not, you’re stuck using local policies, or getting the Active Directory People to apply the settings you want, either of which can be tricky in a large environment Luckily Group Policy has a feature called Loopback Policy Processing that addresses the need to apply specific settings to users based not on their user account’s location in Active Directory, but rather on the location of the Terminal Server Computer Object. This allows administrators to provide a locked down environment when users log on to these specific machines, without affecting the settings on their client machine.
Windows Terminal Servers play a special role in each environment. Technically they’re servers, but they’re used as workstations in that users log on to these machines to run end user applications.
0 kommentar(er)
