Ok, i'm gonna give it a test on a clean vm, any ideas when part 2 is out?
Hmmmm... OK. Im going to post up screenies of mine. Can you DM me with yours and I will take a look - or we can arrange an RDP session...
No, and no! I will cover what to do if you already have WDS already installed. It depends whether you are putting SCCM on the same server, or if you want to keep your current WDS running while you test and set up SCCM. I would go with option 2 if you can....
It always appears for the first few seconds (the bar that is), and the connection dialog disappears so quickly that I had never thought about removing it. Im not sure that you can - but Ill ask the RDP team...
A useful prompt for reminding me of something I do as a matter of course... and didnt think others would always use!
Do I get points for making you remember this issue ? ;-)
Hi, Just found this might be handy for people who are doing this type of project: ThinWin | Free software downloads at SourceForge.net
How do you prevent the connection bar appearing for those few seconds even if you have set it to not show? Also there is a box that shows saying connecting and the user has the option to cancel this. How did you deal with that?
Brilliant looking forward to part 2, been wanting to set this up for a while.Only issue is we currently already have WDS configured and running, is this a problem? Should we just remove the role and start again whilst keeping the images we already have?
No, not been allowed to go to BETT this year, budget still too tight apparently
Enjoy yourself though!!
Edit: Just double checked, it's currently set up so that:
Authenticated Users have the default permissions except Apply
Inset Users have only Apply GPO (but propagated to this object and all other objects?)
RDS Servers have only Apply GPO (again propagated)
But it applied to all users when I tried it Got some updates planed for Wednesday so will have another shot then, but otherwise enjoy yourself at BETT!
I knew there was another post to do this weekend! I will write and screenie it on the train tomo. Wi you be at BETT? If so, will take some time out on the stand to show and Rdp in.
I'm 99.999% sure that's how I've got it, I meant to look today but ended up with the return of my unable to login to the RDS server and no response (or very very slow, over an hour) to anything, including reboot or startup, but might have made some progress. Will double check tomorrow.
I have two separate sets of policy.
Users > Staff
Users > Students
Computers > Terminal Servers > Staff (Loopback)
Computers > Terminal Servers > Students (Loopback)
As regards different start menus for specific parts of the site - no. Most software is accross site. Yes there will be some "dead links" but there arent many.
Ive tried GPP for start menus, but it does add to the logon/startup time. As ours dont change much - and we can roll out changes either by script of SCCM, there are better ways of managing it.
Right...you need a combo approach.
Add the Machine with "Apply GP" permisssion, and also add the User Group with "Apply GP" permission. Authenticated users should only have "Read" not the "Apply GP" permission. Youve reminded me to finsih the article with screenshots for you and the other emailers!
I hope that makes sense....
Delegation tab > Click Advanced. Change the permissions here only!
@TheScarfedOne well I tried and failed miserably in my attempt to do this.
I set up my replace policy to be blank (because I wanted to remove all the mandatory profile settings for if I need to log on as an administrator), so removed the apply group policy setting from authenticated users and then added my user and ticked apply group policy and then did gpupdate /force, left it overnight and logged on this morning and it applied all the group policy settings again.
GPMC shows when I run a report that it didn't apply the policy because of Access Denied.
Can you think of anything obvious I might have missed?
Edit: Well, I've made some progress. If I add the server with the ability to apply the group policy then the Replace policy kicks in to effect, however it then applies to everybody. If I remove the server then it applies to nobocy (presumably the replace part of the group policy). I can't work out how I just get the loopback to apply to users who have apply policy permission though, it seems to be an all or nothing thing for me.
Your posts are fantastic and really useful (adapted a couple with use of the VMware guide, but just read your last blog and think I may alter it so it matches up to what you've got again)!
Thanks for the info regarding delegation rather then security - guess what I'll be testing on Tuesday?
Will let you know how I get on!
Look forward to the exports then, I'm at this
stage but had issues with the shell and how to log off cleanly.
Not really no. The only issue I sometimes see is a failed launch of the Rdp file resulting in a blank screen. Loopback is used to prevent the full user settings applying to the thin pc. It doesn't need to, as the Rdp session is what they actually use. I will be posting the actual group policy exports next week
Hey pal, do you notice any issues with logging on twice, ie performance related to group policy processing on the thin pc's and then again on the rds session hosts? (or did you make use of any loopback processing)
This article has now been updated Remote Desktop for Thin Client… Part 2! - Blogs - EduGeek.net