Blog Comments

  1. denzal2k4's Avatar
    • |
    • permalink
    Ok, i'm gonna give it a test on a clean vm, any ideas when part 2 is out?

    Thanks
  2. TheScarfedOne's Avatar
    • |
    • permalink
    Hmmmm... OK. Im going to post up screenies of mine. Can you DM me with yours and I will take a look - or we can arrange an RDP session...
  3. TheScarfedOne's Avatar
    • |
    • permalink
    No, and no! I will cover what to do if you already have WDS already installed. It depends whether you are putting SCCM on the same server, or if you want to keep your current WDS running while you test and set up SCCM. I would go with option 2 if you can....
  4. TheScarfedOne's Avatar
    • |
    • permalink
    It always appears for the first few seconds (the bar that is), and the connection dialog disappears so quickly that I had never thought about removing it. Im not sure that you can - but Ill ask the RDP team...
  5. TheScarfedOne's Avatar
    • |
    • permalink
    A useful prompt for reminding me of something I do as a matter of course... and didnt think others would always use!
  6. SwedishChef's Avatar
    • |
    • permalink
    Do I get points for making you remember this issue ? ;-)
  7. FN-GM's Avatar
    • |
    • permalink
    Hi, Just found this might be handy for people who are doing this type of project: ThinWin | Free software downloads at SourceForge.net
  8. FN-GM's Avatar
    • |
    • permalink
    How do you prevent the connection bar appearing for those few seconds even if you have set it to not show? Also there is a box that shows saying connecting and the user has the option to cancel this. How did you deal with that?

    Thanks
  9. denzal2k4's Avatar
    • |
    • permalink
    Brilliant looking forward to part 2, been wanting to set this up for a while.Only issue is we currently already have WDS configured and running, is this a problem? Should we just remove the role and start again whilst keeping the images we already have?
  10. Cache's Avatar
    • |
    • permalink
    No, not been allowed to go to BETT this year, budget still too tight apparently

    Enjoy yourself though!!

    Edit: Just double checked, it's currently set up so that:

    Authenticated Users have the default permissions except Apply
    Inset Users have only Apply GPO (but propagated to this object and all other objects?)
    RDS Servers have only Apply GPO (again propagated)

    But it applied to all users when I tried it Got some updates planed for Wednesday so will have another shot then, but otherwise enjoy yourself at BETT!
    Updated 10th January 2012 at 09:37 AM by Cache
  11. TheScarfedOne's Avatar
    • |
    • permalink
    I knew there was another post to do this weekend! I will write and screenie it on the train tomo. Wi you be at BETT? If so, will take some time out on the stand to show and Rdp in.
  12. Cache's Avatar
    • |
    • permalink
    I'm 99.999% sure that's how I've got it, I meant to look today but ended up with the return of my unable to login to the RDS server and no response (or very very slow, over an hour) to anything, including reboot or startup, but might have made some progress. Will double check tomorrow.
  13. TheScarfedOne's Avatar
    • |
    • permalink
    I have two separate sets of policy.

    Users > Staff
    Users > Students

    and

    Computers > Terminal Servers > Staff (Loopback)
    Computers > Terminal Servers > Students (Loopback)

    As regards different start menus for specific parts of the site - no. Most software is accross site. Yes there will be some "dead links" but there arent many.

    Ive tried GPP for start menus, but it does add to the logon/startup time. As ours dont change much - and we can roll out changes either by script of SCCM, there are better ways of managing it.
  14. TheScarfedOne's Avatar
    • |
    • permalink
    Right...you need a combo approach.

    Add the Machine with "Apply GP" permisssion, and also add the User Group with "Apply GP" permission. Authenticated users should only have "Read" not the "Apply GP" permission. Youve reminded me to finsih the article with screenshots for you and the other emailers!

    I hope that makes sense....

    Delegation tab > Click Advanced. Change the permissions here only!
  15. Cache's Avatar
    • |
    • permalink
    @TheScarfedOne well I tried and failed miserably in my attempt to do this.

    I set up my replace policy to be blank (because I wanted to remove all the mandatory profile settings for if I need to log on as an administrator), so removed the apply group policy setting from authenticated users and then added my user and ticked apply group policy and then did gpupdate /force, left it overnight and logged on this morning and it applied all the group policy settings again.

    GPMC shows when I run a report that it didn't apply the policy because of Access Denied.

    Can you think of anything obvious I might have missed?

    Thanks

    Edit: Well, I've made some progress. If I add the server with the ability to apply the group policy then the Replace policy kicks in to effect, however it then applies to everybody. If I remove the server then it applies to nobocy (presumably the replace part of the group policy). I can't work out how I just get the loopback to apply to users who have apply policy permission though, it seems to be an all or nothing thing for me.
    Updated 6th January 2012 at 08:07 PM by Cache
  16. Cache's Avatar
    • |
    • permalink
    Your posts are fantastic and really useful (adapted a couple with use of the VMware guide, but just read your last blog and think I may alter it so it matches up to what you've got again)!

    Thanks for the info regarding delegation rather then security - guess what I'll be testing on Tuesday?

    Will let you know how I get on!

    Thanks again!
  17. SwedishChef's Avatar
    • |
    • permalink
    Look forward to the exports then, I'm at this
    stage but had issues with the shell and how to log off cleanly.
  18. TheScarfedOne's Avatar
    • |
    • permalink
    Not really no. The only issue I sometimes see is a failed launch of the Rdp file resulting in a blank screen. Loopback is used to prevent the full user settings applying to the thin pc. It doesn't need to, as the Rdp session is what they actually use. I will be posting the actual group policy exports next week
  19. SwedishChef's Avatar
    • |
    • permalink
    Hey pal, do you notice any issues with logging on twice, ie performance related to group policy processing on the thin pc's and then again on the rds session hosts? (or did you make use of any loopback processing)
  20. TheScarfedOne's Avatar
    • |
    • permalink
Page 3 of 7 FirstFirst 1234567 LastLast