+ Post New Thread
Results 1 to 12 of 12
Windows Server 2008 R2 Thread, 2008R2 Terminal services... in Technical; EDIT: ALL THE BELOW IN THIS POST IS SORTED PLEASE SEE POST #11 FOR NEW QUESTION: http://www.edugeek.net/forums/window...tml#post588694 I'm trying to ...
  1. #1
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99

    2008R2 Terminal services...

    EDIT: ALL THE BELOW IN THIS POST IS SORTED PLEASE SEE POST #11 FOR NEW QUESTION: 2008R2 Terminal services...

    I'm trying to lock down our terminal server which is used for home access, it's only temporary while i finish bug testing remote app but it'd be handy to have running properly incase we need it...

    I'm using a group policy loopback processing policy set to replace and these are my current issues:
    Start Menu - Control panel, Administrative tools, Windows security
    Disable Task manager
    Start Menu redirection
    Disable C: A: and D:

    So at the moment on the main start menu i can't get rid of control panel or admin tools (not that they can do anything in it as it's all locked down to the extent the mmcs don't run) and the windows security selection which brings me to my next point... running task manager, in theory i don't think they'll be able to run task manager with the windows security bit done but i'd like to make sure by locking them out of that completely.

    Start menu redirection, im trying to redirect them in the computer policy to a different start menu than they are usually redirected to but for some reason although the desktop redirection is working the start menu won't no matter what i set.

    Disabling the drives i've set in GPO but for some reason that isn't taking effect!

    The machine is running as a VM if that matters at all, i don't expect many people to be able to help too much with the start menu redirection but any idea why the others won't work? They are all set to various things in group policy but they aren't taking effect. (all set in the user section of the computers policy)
    Last edited by mrbios; 15th November 2010 at 03:22 PM.

  2. #2

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86
    check gpresult to see if the policies are applying.

  3. #3
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    never used gpresult before but i ran rsop.msc using a test user and it's not actually applying the policy at all, event viewer gives me nothing more than i already know as well. It's still trying to apply the User GPO and not overriding it with the loopback setting :/

  4. #4
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    Just disabled my new policy, enabled my old policy, old server 2003R2 server picks up the change straight away, server 2008R2 server does not.

    Seems no matter what i do i can't get the server 2008R2 server to pickup that policy >_< same security settings on the policies etc so i can't see why it wouldn't apply. The stupid thing is that for some reason it's partially applied.........to the administrator account! WHAT THE HELL! (doesn't show up in rsop that it has, but something i've obviously done previously has applied to it as the start menu is redirected for administrator, and is stuck that way)

  5. #5

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86
    in gpm godown the bottom of the left hand pane and look at gp results. If its not applying it should give you an idea why, It may be something like wmi filters.

  6. #6
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    {ABD85540-7075-41C4-AD50-39E8BA891508} Domain.local/Domain Computers/Servers/SIMS Terminal Server Inaccessible
    {0758C2F9-E923-47E9-924F-EA57A213C5AB} Domain.local/Domain Computers/Servers/SIMS Terminal Server Inaccessible

    Unsure how i check if those two are infact the GPs im after but it's highly likely!

  7. #7
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    Ah i've partially fixed it, i copied the existing GPO, pasted it with the default security settings and it now picks it up. Only problem now is that desktop and start menu redirection aren't working ¬_¬

  8. #8

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    I know with our server, we block inheritance for other gpo's and just assign a gpo to the container that the servers in...takes a bit of fiddling though. if you like I can email a report of what our gpo does (which settings) pm if you would like.

    this publishes anything in the C:\startmenu container to the start menu. (we use app-v and it publishes to this dir.) it also publishes my computer to the start menu, only giving them access to their Network area and any shares (readonly etc)
    Last edited by sacrej; 15th November 2010 at 01:41 PM.

  9. #9

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86
    thats the id, if you click on your policy and look under the tabs it'll say it there.

  10. #10
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    Ah no worries, i've just got it all working now, copying the GPO and redoing i with default security worked a treat, for the start menu redirection i had some silly setting enabled i used to use on server 2003 (copied the previous 2003 GPO and just added to it to comply with server 2008R2) i think i've finshed that task now

    Now on to convincing the SMT that the current school calendar is crap and needs replacing (excel spreadsheet edited by multiple people *spit spit spit*).....

  11. #11
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 260 Times in 213 Posts
    Rep Power
    99
    New Question same thread title applies......

    Question 1.
    This terminal server was setup initially to test the remote app capability of server 2008R2 and now that i've tested it i want to move forwards with it, currently the following roles are installed:
    Remote Desktop Session Host
    Remote Desktop Connection Broker
    Remote Desktop Gateway
    Remote Desktop Web Access

    I want this server to be the server people connect to for the web front end of remote app, when an app is loaded i want it to load from a different server. Do i require just Remote Desktop Gateway on tis server or do i need the Web Access part as well? I'm unsure what session host and connection broker both do specifically and whether they are required for this functionality.

    Question 2:
    Once i've established that which roles do i require in order for the app end to be the remote app source as well as a server than can be directly remote desktoped to? The explanations of them all feel as though they overlap so i'm getting confused as to what is required for each area of functionality.

    Question 3:
    Next want this as secure as possible, i have a wildcard certificate for *.websitedomain.net can i use this certificate as the digital certificate on this or should i just use a self signed one?

    Question 4:
    Is there any way of getting remoteapp working properly in firefox etc? As it uses activex controls will it only ever be useable in IE?
    Last edited by mrbios; 15th November 2010 at 03:25 PM.

  12. #12

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    Not answer answer to all...but..

    The connection broker i believe is used more in a farm situation with NLB. It also acts as a connection policy server, but depending how you set this up, we used normal GPO's to control this.

    I would not advise having the gateway and session host on the same server. The gateway will be the initial point of connection, the session host is then the server that loads the app the users try to access. For access control, we allowed a large group of people onto the gateway, then permissioned access to each app and hid the irrelevant icons from display to each user.

SHARE:
+ Post New Thread

Similar Threads

  1. installing FMS on 2008R2 Terminal Server
    By sacrej in forum MIS Systems
    Replies: 19
    Last Post: 5th March 2010, 10:13 AM
  2. Replies: 8
    Last Post: 23rd April 2008, 10:33 PM
  3. Terminal Services
    By HodgeHi in forum Windows
    Replies: 0
    Last Post: 6th March 2008, 11:00 AM
  4. Terminal Services
    By wesleyw in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 30th June 2006, 12:34 PM
  5. Terminal Services
    By faza in forum Windows
    Replies: 15
    Last Post: 1st June 2006, 10:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •