Start Menu and Desktop Redirection
by, 9th October 2011 at 01:00 AM (46244 Views)
Hello again! This one wanders off into slightly differenet territory for my normal blogging - but its one Ive had lots of questions about recently. Its also been a fairly busy one on the forums too, so here is a reasonably definative guide on how to get it working properly...
1. Create a server side copy of your structure
Sounds simple, but how many times this isnt done properly never ceases to amaze me. Now, some poeple I know wont like what Im about to recommend, but trust me - there is a very good reason.
in your NETLOGON folder (\\DomainNameHere\NETLOGON) create a folder called Environment. This will be our nice handy root folder. Why netlogon? Well, first off - it has permissions on it so Domain users and Domain compuers can read it but not mess with it; second, it gets load balanced and sync'd between however many DCs you have. No single point of failure. Now, I know you can craete your own DFS (Distriburted File System) to do the same thing, but there really is no need for most systems. The files you will have in this folder are shortcuts - and are tiny anyway.
Right, in ENVIRONMENT, create Staff and Student subfolders, and then StartMenu and Desktop subfolders within those. You will also need a Programs folder in StartMenu (StartMenu rather than Start Menu - better not to have spaces).
Copythe various shortcuts you want, and create your Desktop and Start Menu as you want them to be (I have only said about Staff and Students, but you could do this for as many other user groups as you want - you will just need extra subfolders).
2. Create your GPO Settings
This one is where people sometimes have issues. Usually, you will have a GPO for Staff and another for Students. I will assume here you do. If not - create them for this purpose.
The settings, in the main are identical. The only difference comes at the folder reference part. For speed - I have included a screenie below of the settings I have used in my previous Schools, as well as at those I have been across to to set this up. You may not want to be as restrictive - the choice is yours.
Then, you need to actually point at your desktop and start menu folders. This is done at User Configuration > Policies > Windows Settings >Folder Redirection > then right clicking the object to redirect and selecting Properties. Choose Basic—Redirect everyone's folder to the same location, and then select Redirect to the following location. Enter your path. Now, you have two options here. I personally redirect to a local copy of the structure I have on the Server. This is maintained by a Startup Script. This I will cover in a 2nd part to this article, including the script used. Alternatively, you can point to the Server path. Note, for Start Menu, do not go down to the Programs level - your path would be \\DomainNameHere\Netlogon\Environment\StartMenu
Then, you must go to the Settings tab. In the Settings tab in the Properties box for a folder, you should change these settings:
Grant the user exclusive rights. This setting is enabled by default and is not the recommended setting for here. Usually, yes, but we dont want to lock others out of it (particularly on the Server sharing scenario)
Move the contents of [FolderName] to the new location. This setting moves all the data the user has in the local folder to the shared folder on the network. We definately dont want this either
Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems. This enables folder redirection to work withWindows 7 and Windows Vista, and earlier Windows operating systems. This option applies only to redirectable folders in earlier Windows operating systems, which are the Application Data, Desktop, My Documents, My Pictures, and Start Menu folders. You will want this setting.
3. What often goes wrong
Right, the setting that causes this not to work! The one to watch is
User Configuration > Policies > Admin Templates > Start Menu & Taskbar > Remove User's folders from the Start Menu - this needs to be DISABLED for Windows 7. On XP, it should be Enabled. So... yes - in co-existance you will need two policies, and to use security group filtering to ensure Staff applies to Staff, and Students to Students. Alternatively, careful use of the "Apply to OS" setting can also do this. I will cover this scenario in more detail in Part 2.
Hope this helps - and the screenshot will be added on Monday!
Total Trackbacks 0