Connecting to users desktop PC without losing IE 6 Trusted Sites

[Guest bstillion]

Users logon to their PCs while at the office and their IE6 trusted sites are

populated through a WINBATCH script. When the same user logs on from home to

the TS/Citrix server and then RDP's to their desktop, all Trusted Sites get

deleted. When the user returns to the office the next day, he must log on

twice before his trusted sites are restored.

Windows Server 2003 AD, no policies are applying any IE settings (confirmed

by Microsoft Support.) including no "loopback" policy applied to the terminal

servers.

 

One of my steps to resolve was to apply a list of Trusted Sites to the

default domain policy. My manager suggested moving it since that is not the

best place so I created a separate policy and applied it. Later that night,

the policy erased trusted sites necessary for a critical application so he

deleted the policy.

 

What can we do to maintain the "Trusted Sites" critical for many

applications for both local PC access and remote RDP access?

--

Brad Stillion

Maine Medical Center

Portland ME

[Guest Lanwench [MVP - Exchange]]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sites

 

bstillion <bstillion@discussions.microsoft.com> wrote:

> Users logon to their PCs while at the office and their IE6 trusted

> sites are populated through a WINBATCH script. When the same user

> logs on from home to the TS/Citrix server and then RDP's to their

> desktop, all Trusted Sites get deleted. When the user returns to the

> office the next day, he must log on twice before his trusted sites

> are restored.

 

Do you have a separate TS profile & TS home directory path defined for these

users, either in ADUC or via group policy? Don't mix and match profiles - it

can cause problems.

> Windows Server 2003 AD, no policies are applying any IE settings

> (confirmed by Microsoft Support.) including no "loopback" policy

> applied to the terminal servers.

 

Hmmm; generally one wants GPOs with loopback processing set for TS users.

>

> One of my steps to resolve was to apply a list of Trusted Sites to the

> default domain policy. My manager suggested moving it since that is

> not the best place so I created a separate policy and applied it.

 

Where?

> Later that night, the policy erased trusted sites necessary for a

> critical application so he deleted the policy.

 

Who did?

>

> What can we do to maintain the "Trusted Sites" critical for many

> applications for both local PC access and remote RDP access?

[Guest bstillion]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

LANWENCH,

 

I'll check on the TS Policy and TS home folder. I'm a new employee and there

is no orientation to the place so I'll have to ask someone.

 

I have apporached them about loopback processing so they are open to it.

Nothing is/was in place as they are a Novell shop that is apparently

converting to MS but not everyone is excited about it. Loopback processing

seems like it will work fine for the login to the TS but what will happen

when the user RDPs to his desktop? Users go to a web portal, sign and then

one of the Citrix apps is RDP so the connect through the browser to their

desktop.

 

The new policy I created (when I removed the settings from the DDP) was

applied to the Citrix Servers OU which includes the two TS's that users log

in to.

 

The manager deleted the policy so he could repopulate the unique "Trusted

Sites" for different departments.

 

--

Brad Stillion

Maine Medical Center

Portland ME

 

 

"Lanwench [MVP - Exchange]" wrote:

> bstillion <bstillion@discussions.microsoft.com> wrote:

> > Users logon to their PCs while at the office and their IE6 trusted

> > sites are populated through a WINBATCH script. When the same user

> > logs on from home to the TS/Citrix server and then RDP's to their

> > desktop, all Trusted Sites get deleted. When the user returns to the

> > office the next day, he must log on twice before his trusted sites

> > are restored.

>

> Do you have a separate TS profile & TS home directory path defined for these

> users, either in ADUC or via group policy? Don't mix and match profiles - it

> can cause problems.

 

>

> > Windows Server 2003 AD, no policies are applying any IE settings

> > (confirmed by Microsoft Support.) including no "loopback" policy

> > applied to the terminal servers.

>

> Hmmm; generally one wants GPOs with loopback processing set for TS users.

> >

> > One of my steps to resolve was to apply a list of Trusted Sites to the

> > default domain policy. My manager suggested moving it since that is

> > not the best place so I created a separate policy and applied it.

>

> Where?

>

> > Later that night, the policy erased trusted sites necessary for a

> > critical application so he deleted the policy.

>

> Who did?

> >

> > What can we do to maintain the "Trusted Sites" critical for many

> > applications for both local PC access and remote RDP access?

>

>

>

>

[Guest bstillion]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Lanwench,

There are not TS home directory paths and there are profiles for each

user on the TS (if that constitutes a separate TS Profile since they do have

local PC profiles as well.)

Where can we go to set up a TS only policy?

 

Thanks.

--

Brad Stillion

Maine Medical Center

Portland ME

 

 

"Lanwench [MVP - Exchange]" wrote:

> bstillion <bstillion@discussions.microsoft.com> wrote:

> > Users logon to their PCs while at the office and their IE6 trusted

> > sites are populated through a WINBATCH script. When the same user

> > logs on from home to the TS/Citrix server and then RDP's to their

> > desktop, all Trusted Sites get deleted. When the user returns to the

> > office the next day, he must log on twice before his trusted sites

> > are restored.

>

> Do you have a separate TS profile & TS home directory path defined for these

> users, either in ADUC or via group policy? Don't mix and match profiles - it

> can cause problems.

>

> > Windows Server 2003 AD, no policies are applying any IE settings

> > (confirmed by Microsoft Support.) including no "loopback" policy

> > applied to the terminal servers.

>

> Hmmm; generally one wants GPOs with loopback processing set for TS users.

> >

> > One of my steps to resolve was to apply a list of Trusted Sites to the

> > default domain policy. My manager suggested moving it since that is

> > not the best place so I created a separate policy and applied it.

>

> Where?

>

> > Later that night, the policy erased trusted sites necessary for a

> > critical application so he deleted the policy.

>

> Who did?

> >

> > What can we do to maintain the "Trusted Sites" critical for many

> > applications for both local PC access and remote RDP access?

>

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

bstillion <bstillion@discussions.microsoft.com> wrote:

> Lanwench,

> There are not TS home directory paths

 

Set them. :)

> and there are profiles for each

> user on the TS (if that constitutes a separate TS Profile since they

> do have local PC profiles as well.)

 

I mean in group policy. This may help:

http://technet.microsoft.com/en-us/library/cc782910.aspx

> Where can we go to set up a TS only policy?

 

I'm not sure what you mean. What GPOs have you already set up for your TS?

>

> Thanks.

>

>> bstillion <bstillion@discussions.microsoft.com> wrote:

>>> Users logon to their PCs while at the office and their IE6 trusted

>>> sites are populated through a WINBATCH script. When the same user

>>> logs on from home to the TS/Citrix server and then RDP's to their

>>> desktop, all Trusted Sites get deleted. When the user returns to the

>>> office the next day, he must log on twice before his trusted sites

>>> are restored.

>>

>> Do you have a separate TS profile & TS home directory path defined

>> for these users, either in ADUC or via group policy? Don't mix and

>> match profiles - it can cause problems.

>>

>>> Windows Server 2003 AD, no policies are applying any IE settings

>>> (confirmed by Microsoft Support.) including no "loopback" policy

>>> applied to the terminal servers.

>>

>> Hmmm; generally one wants GPOs with loopback processing set for TS

>> users.

>>>

>>> One of my steps to resolve was to apply a list of Trusted Sites to

>>> the default domain policy. My manager suggested moving it since

>>> that is not the best place so I created a separate policy and

>>> applied it.

>>

>> Where?

>>

>>> Later that night, the policy erased trusted sites necessary for a

>>> critical application so he deleted the policy.

>>

>> Who did?

>>>

>>> What can we do to maintain the "Trusted Sites" critical for many

>>> applications for both local PC access and remote RDP access?

[Guest bstillion]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

So,

the local profiles on the server are OK

but

each user needs a home directory for terminal server sessions that

is different than the home directory they get when logging in at locally?

(your last post stated that mixing the profiles was a bad idea.)

> I'm not sure what you mean. What GPOs have you already set up for your TS?

 

I don't see any GPOs for Terminal Services(or any GPOs in use at all for

that matter. I'm a new employee and am helping with the current problem of

"disappearing entries in 'Trusted Sites'.) I'm trying to get us a plan on

what to do to fix the problem. I'm asking them to alter something that is

working in all other aspects so I need to have solid logic behind what I

suggest. I don't want to "fix this problem and create two more".

 

 

--

Brad Stillion

Maine Medical Center

Portland ME

 

 

"Lanwench [MVP - Exchange]" wrote:

> bstillion <bstillion@discussions.microsoft.com> wrote:

> > Lanwench,

> > There are not TS home directory paths

>

> Set them. :)

>

> > and there are profiles for each

> > user on the TS (if that constitutes a separate TS Profile since they

> > do have local PC profiles as well.)

>

> I mean in group policy. This may help:

> http://technet.microsoft.com/en-us/library/cc782910.aspx

>

> > Where can we go to set up a TS only policy?

>

> I'm not sure what you mean. What GPOs have you already set up for your TS?

> >

> > Thanks.

> >

> >> bstillion <bstillion@discussions.microsoft.com> wrote:

> >>> Users logon to their PCs while at the office and their IE6 trusted

> >>> sites are populated through a WINBATCH script. When the same user

> >>> logs on from home to the TS/Citrix server and then RDP's to their

> >>> desktop, all Trusted Sites get deleted. When the user returns to the

> >>> office the next day, he must log on twice before his trusted sites

> >>> are restored.

> >>

> >> Do you have a separate TS profile & TS home directory path defined

> >> for these users, either in ADUC or via group policy? Don't mix and

> >> match profiles - it can cause problems.

> >>

> >>> Windows Server 2003 AD, no policies are applying any IE settings

> >>> (confirmed by Microsoft Support.) including no "loopback" policy

> >>> applied to the terminal servers.

> >>

> >> Hmmm; generally one wants GPOs with loopback processing set for TS

> >> users.

> >>>

> >>> One of my steps to resolve was to apply a list of Trusted Sites to

> >>> the default domain policy. My manager suggested moving it since

> >>> that is not the best place so I created a separate policy and

> >>> applied it.

> >>

> >> Where?

> >>

> >>> Later that night, the policy erased trusted sites necessary for a

> >>> critical application so he deleted the policy.

> >>

> >> Who did?

> >>>

> >>> What can we do to maintain the "Trusted Sites" critical for many

> >>> applications for both local PC access and remote RDP access?

>

>

>

>

[Guest bstillion]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

 

--

Brad Stillion

Maine Medical Center

Portland ME

 

 

"Lanwench [MVP - Exchange]" wrote:

> bstillion <bstillion@discussions.microsoft.com> wrote:

> > Lanwench,

> > There are not TS home directory paths

>

> Set them. :)

>

> > and there are profiles for each

> > user on the TS (if that constitutes a separate TS Profile since they

> > do have local PC profiles as well.)

>

> I mean in group policy. This may help:

> http://technet.microsoft.com/en-us/library/cc782910.aspx

>

> > Where can we go to set up a TS only policy?

>

> I'm not sure what you mean. What GPOs have you already set up for your TS?

> >

> > Thanks.

> >

> >> bstillion <bstillion@discussions.microsoft.com> wrote:

> >>> Users logon to their PCs while at the office and their IE6 trusted

> >>> sites are populated through a WINBATCH script. When the same user

> >>> logs on from home to the TS/Citrix server and then RDP's to their

> >>> desktop, all Trusted Sites get deleted. When the user returns to the

> >>> office the next day, he must log on twice before his trusted sites

> >>> are restored.

> >>

> >> Do you have a separate TS profile & TS home directory path defined

> >> for these users, either in ADUC or via group policy? Don't mix and

> >> match profiles - it can cause problems.

> >>

> >>> Windows Server 2003 AD, no policies are applying any IE settings

> >>> (confirmed by Microsoft Support.) including no "loopback" policy

> >>> applied to the terminal servers.

> >>

> >> Hmmm; generally one wants GPOs with loopback processing set for TS

> >> users.

> >>>

> >>> One of my steps to resolve was to apply a list of Trusted Sites to

> >>> the default domain policy. My manager suggested moving it since

> >>> that is not the best place so I created a separate policy and

> >>> applied it.

> >>

> >> Where?

> >>

> >>> Later that night, the policy erased trusted sites necessary for a

> >>> critical application so he deleted the policy.

> >>

> >> Who did?

> >>>

> >>> What can we do to maintain the "Trusted Sites" critical for many

> >>> applications for both local PC access and remote RDP access?

>

>

>

>

[Guest bstillion]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

 

--

Brad Stillion

Maine Medical Center

Portland ME

 

 

"Lanwench [MVP - Exchange]" wrote:

> bstillion <bstillion@discussions.microsoft.com> wrote:

> > Lanwench,

> > There are not TS home directory paths

>

> Set them. :)

>

> > and there are profiles for each

> > user on the TS (if that constitutes a separate TS Profile since they

> > do have local PC profiles as well.)

>

> I mean in group policy. This may help:

> http://technet.microsoft.com/en-us/library/cc782910.aspx

>

> > Where can we go to set up a TS only policy?

>

> I'm not sure what you mean. What GPOs have you already set up for your TS?

> >

> > Thanks.

> >

> >> bstillion <bstillion@discussions.microsoft.com> wrote:

> >>> Users logon to their PCs while at the office and their IE6 trusted

> >>> sites are populated through a WINBATCH script. When the same user

> >>> logs on from home to the TS/Citrix server and then RDP's to their

> >>> desktop, all Trusted Sites get deleted. When the user returns to the

> >>> office the next day, he must log on twice before his trusted sites

> >>> are restored.

> >>

> >> Do you have a separate TS profile & TS home directory path defined

> >> for these users, either in ADUC or via group policy? Don't mix and

> >> match profiles - it can cause problems.

> >>

> >>> Windows Server 2003 AD, no policies are applying any IE settings

> >>> (confirmed by Microsoft Support.) including no "loopback" policy

> >>> applied to the terminal servers.

> >>

> >> Hmmm; generally one wants GPOs with loopback processing set for TS

> >> users.

> >>>

> >>> One of my steps to resolve was to apply a list of Trusted Sites to

> >>> the default domain policy. My manager suggested moving it since

> >>> that is not the best place so I created a separate policy and

> >>> applied it.

> >>

> >> Where?

> >>

> >>> Later that night, the policy erased trusted sites necessary for a

> >>> critical application so he deleted the policy.

> >>

> >> Who did?

> >>>

> >>> What can we do to maintain the "Trusted Sites" critical for many

> >>> applications for both local PC access and remote RDP access?

>

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

Re: Connecting to users desktop PC without losing IE 6 Trusted Sit

 

bstillion <bstillion@discussions.microsoft.com> wrote:

> So,

> the local profiles on the server are OK

 

Those are cached profiles. You need to set TS profile paths for the users

via group policy - nothing to do with the cached ones.

> but

> each user needs a home directory for terminal server sessions that

> is different than the home directory they get when logging in at

> locally? (your last post stated that mixing the profiles was a bad

> idea.)

 

You keep saying "locally" but I'm not sure what you mean - that would imply

a local account. They don't have local accounts on the TS boxes, do they?

You do run AD?

>

>> I'm not sure what you mean. What GPOs have you already set up for

>> your TS?

>

> I don't see any GPOs for Terminal Services(or any GPOs in use at all

> for that matter.

 

Load GPMC on one of your DCs and check it out.

> I'm a new employee and am helping with the current

> problem of "disappearing entries in 'Trusted Sites'.) I'm trying to

> get us a plan on what to do to fix the problem. I'm asking them to

> alter something that is working in all other aspects so I need to

> have solid logic behind what I suggest. I don't want to "fix this

> problem and create two more".

 

Documenting what you've got now would be a very good start, I think.

>

>

>

>> bstillion <bstillion@discussions.microsoft.com> wrote:

>>> Lanwench,

>>> There are not TS home directory paths

>>

>> Set them. :)

>>

>>> and there are profiles for each

>>> user on the TS (if that constitutes a separate TS Profile since they

>>> do have local PC profiles as well.)

>>

>> I mean in group policy. This may help:

>> http://technet.microsoft.com/en-us/library/cc782910.aspx

>>

>>> Where can we go to set up a TS only policy?

>>

>> I'm not sure what you mean. What GPOs have you already set up for

>> your TS?

>>>

>>> Thanks.

>>>

>>>> bstillion <bstillion@discussions.microsoft.com> wrote:

>>>>> Users logon to their PCs while at the office and their IE6 trusted

>>>>> sites are populated through a WINBATCH script. When the same user

>>>>> logs on from home to the TS/Citrix server and then RDP's to their

>>>>> desktop, all Trusted Sites get deleted. When the user returns to

>>>>> the office the next day, he must log on twice before his trusted

>>>>> sites are restored.

>>>>

>>>> Do you have a separate TS profile & TS home directory path defined

>>>> for these users, either in ADUC or via group policy? Don't mix and

>>>> match profiles - it can cause problems.

>>>>

>>>>> Windows Server 2003 AD, no policies are applying any IE settings

>>>>> (confirmed by Microsoft Support.) including no "loopback" policy

>>>>> applied to the terminal servers.

>>>>

>>>> Hmmm; generally one wants GPOs with loopback processing set for TS

>>>> users.

>>>>>

>>>>> One of my steps to resolve was to apply a list of Trusted Sites to

>>>>> the default domain policy. My manager suggested moving it since

>>>>> that is not the best place so I created a separate policy and

>>>>> applied it.

>>>>

>>>> Where?

>>>>

>>>>> Later that night, the policy erased trusted sites necessary for a

>>>>> critical application so he deleted the policy.

>>>>

>>>> Who did?

>>>>>

>>>>> What can we do to maintain the "Trusted Sites" critical for many

>>>>> applications for both local PC access and remote RDP access?