Originally Posted by X-13 I can't go... I think our HT, ICT Co-ord and a Deputy HT are going though.
So laaaaaaame! Can't you go on your own on Saturday? They cannot keep you away as a private individual.
I can't go... I think our HT, ICT Co-ord and a Deputy HT are going though.
Indeed, that was the original plan.
But, then I though... Why not make something that can actually be used!
Perhaps I'll turn it into a cloud mmo LAN server for pupils... though 10x the processing power of an F-series is probably still not enough to run a decent mmo.
That's why you do it for the hell of it. Never know what you might learn.
Brilliant looking forward to part 2, been wanting to set this up for a while.Only issue is we currently already have WDS configured and running, is this a problem? Should we just remove the role and start again whilst keeping the images we already have?
No, not been allowed to go to BETT this year, budget still too tight apparently
Enjoy yourself though!!
Edit: Just double checked, it's currently set up so that:
Authenticated Users have the default permissions except Apply
Inset Users have only Apply GPO (but propagated to this object and all other objects?)
RDS Servers have only Apply GPO (again propagated)
But it applied to all users when I tried it Got some updates planed for Wednesday so will have another shot then, but otherwise enjoy yourself at BETT!
I knew there was another post to do this weekend! I will write and screenie it on the train tomo. Wi you be at BETT? If so, will take some time out on the stand to show and Rdp in.
I'm 99.999% sure that's how I've got it, I meant to look today but ended up with the return of my unable to login to the RDS server and no response (or very very slow, over an hour) to anything, including reboot or startup, but might have made some progress. Will double check tomorrow.
I have two separate sets of policy.
Users > Staff
Users > Students
Computers > Terminal Servers > Staff (Loopback)
Computers > Terminal Servers > Students (Loopback)
As regards different start menus for specific parts of the site - no. Most software is accross site. Yes there will be some "dead links" but there arent many.
Ive tried GPP for start menus, but it does add to the logon/startup time. As ours dont change much - and we can roll out changes either by script of SCCM, there are better ways of managing it.
Right...you need a combo approach.
Add the Machine with "Apply GP" permisssion, and also add the User Group with "Apply GP" permission. Authenticated users should only have "Read" not the "Apply GP" permission. Youve reminded me to finsih the article with screenshots for you and the other emailers!
I hope that makes sense....
Delegation tab > Click Advanced. Change the permissions here only!
@TheScarfedOne well I tried and failed miserably in my attempt to do this.
I set up my replace policy to be blank (because I wanted to remove all the mandatory profile settings for if I need to log on as an administrator), so removed the apply group policy setting from authenticated users and then added my user and ticked apply group policy and then did gpupdate /force, left it overnight and logged on this morning and it applied all the group policy settings again.
GPMC shows when I run a report that it didn't apply the policy because of Access Denied.
Can you think of anything obvious I might have missed?
Edit: Well, I've made some progress. If I add the server with the ability to apply the group policy then the Replace policy kicks in to effect, however it then applies to everybody. If I remove the server then it applies to nobocy (presumably the replace part of the group policy). I can't work out how I just get the loopback to apply to users who have apply policy permission though, it seems to be an all or nothing thing for me.
Our school is a good example of exactly that : we have dedicated systems for media which are of very high specifications (mostly Core i5, 4GB ram min, dedicated scratch disks). People do want to do a couple of things on other machines and more basic editing like Movie Maker goes on on other stations but that's never an excuse for spending school's money unwisely. £300 will get a school a system that will do these tasks fine and still leave enough room for Call of Duty - very rarely is a case for mainstream computers to go much over that requirement!
The interesting thing with it is that people use that excuse that "media" is done all over the school, but that begs the question: What constitutes as media?
To me media is kids going around making videos with digital cameras, of a decent quality, then editing the video files into some sort of movie or presentation, maybe with sounds and/or graphics added on. What worries me is that people are considering media to be the lesser form of that, in other words kids going around with little digital cameras that make small 10mb video files then making little videos in movie maker (like our geography and PE departments do), the school would call that media as a lesson but i wouldn't use the term media towards speccing a PC if that was the best they were used for. Bit of a minefield really though, no one will ever freely accept they're wrong....me included
Unfortunately true - whilst in most cases overspeccing can be of use when they do it for machines that will never see more action than perhaps 4 Word windows at once, it makes you want to ask these people what on earth they are doing in that job - unless they're earning cashback from suppliers on the naughty!
Value is a bit of a moot point when people will happily **** money up the wall on over specced over priced PCs instead, on occasion on these very forums. Though i won't get into "that" whinge...again.
Your posts are fantastic and really useful (adapted a couple with use of the VMware guide, but just read your last blog and think I may alter it so it matches up to what you've got again)!
Thanks for the info regarding delegation rather then security - guess what I'll be testing on Tuesday?
Will let you know how I get on!
Look forward to the exports then, I'm at this
stage but had issues with the shell and how to log off cleanly.
Not really no. The only issue I sometimes see is a failed launch of the Rdp file resulting in a blank screen. Loopback is used to prevent the full user settings applying to the thin pc. It doesn't need to, as the Rdp session is what they actually use. I will be posting the actual group policy exports next week
Hey pal, do you notice any issues with logging on twice, ie performance related to group policy processing on the thin pc's and then again on the rds session hosts? (or did you make use of any loopback processing)
This article has now been updated Remote Desktop for Thin Client… Part 2! - Blogs - EduGeek.net