Folder Redirection and Permissions

February 25, 2008

Hi Guys,

Currently have a NAS device with a root share that everybody uses...

\\NAS\Share. This is at present configured for everyone full control. Which i

believe is the source of my problems... Under this Folder I have created

\\NAS\Share\TerminalServices. I have not created a separate share for the

TerminalServices folder as it is accessible via \\NAS\Share. This is where I

have redirected all my folders to. However it seems all users can access each

others Redirected folders. Could you guide me as to what Share and Security

permissions are required on the share \\NAS\Share\TerminalServices to ensure

these folders are locked down and the system is able to create these

redirected folders with permissions for the user only? I dont want to

pre-create everyones folders as there are so many users...

Also I am difficulty understanding Start Menu redirection... from :

http://technet2.microsoft.com/windowsserver/en/library/2b24872a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

It states "As a best practice for Windows XP–based computers, do not use

Folder Redirection to redirect the Start Menu folder; instead, use Group

Policy to control what appears on the Start Menu" - How can one use Group

Policy to control what shortcuts/folders appear in a users start menu?

February 25, 2008

RE: Folder Redirection and Permissions

Hey Guys,

Okay for th first part of my question... I have just found :

http://support.microsoft.com/kb/274443

Could an expert confirm this is correct procedure?

I am still working on the second question regarding the controlling of the

start menu through GP...so any help would be great! this somewhat confuses

me. In fact the whole redirection of start menu confuses me, however I cannot

think of a suitable question to ask that will assist me in understanding

this... i;m sure i will soon enough ;)

Lozza

"lozza" wrote:

> Hi Guys,

>

> Currently have a NAS device with a root share that everybody uses...

> \\NAS\Share. This is at present configured for everyone full control. Which i

> believe is the source of my problems... Under this Folder I have created

> \\NAS\Share\TerminalServices. I have not created a separate share for the

> TerminalServices folder as it is accessible via \\NAS\Share. This is where I

> have redirected all my folders to. However it seems all users can access each

> others Redirected folders. Could you guide me as to what Share and Security

> permissions are required on the share \\NAS\Share\TerminalServices to ensure

> these folders are locked down and the system is able to create these

> redirected folders with permissions for the user only? I dont want to

> pre-create everyones folders as there are so many users...

>

> Also I am difficulty understanding Start Menu redirection... from :

> http://technet2.microsoft.com/windowsserver/en/library/2b24872a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>

> It states "As a best practice for Windows XP–based computers, do not use

> Folder Redirection to redirect the Start Menu folder; instead, use Group

> Policy to control what appears on the Start Menu" - How can one use Group

> Policy to control what shortcuts/folders appear in a users start menu?

February 25, 2008

Re: Folder Redirection and Permissions

lozza <lozza@discussions.microsoft.com> wrote:

> Hey Guys,

>

> Okay for th first part of my question... I have just found :

> http://support.microsoft.com/kb/274443

>

> Could an expert confirm this is correct procedure?

I don't know if I'm an expert, but yes, it's the correct procedure.

>

> I am still working on the second question regarding the controlling

> of the start menu through GP...so any help would be great! this

> somewhat confuses me. In fact the whole redirection of start menu

> confuses me, however I cannot think of a suitable question to ask

> that will assist me in understanding this... i;m sure i will soon

> enough ;)

I don't redirect the Start Menu, myself (I do MyDocs, Application Data,

Desktop), but you certainly can. What exactly are you having trouble with?

Check out

http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

for a good start. You won't be using roaming profiles per se as these are TS

users (but you do need to specify dedicated TS profile paths for everyone in

their ADUC properties). As in, \\fileserver\tsprofiles$\%username%.

>

> Lozza

>

> "lozza" wrote:

>

>> Hi Guys,

>>

>> Currently have a NAS device with a root share that everybody uses...

>> \\NAS\Share. This is at present configured for everyone full

>> control. Which i believe is the source of my problems... Under this

>> Folder I have created \\NAS\Share\TerminalServices. I have not

>> created a separate share for the TerminalServices folder as it is

>> accessible via \\NAS\Share. This is where I have redirected all my

>> folders to. However it seems all users can access each others

>> Redirected folders. Could you guide me as to what Share and Security

>> permissions are required on the share \\NAS\Share\TerminalServices

>> to ensure these folders are locked down and the system is able to

>> create these redirected folders with permissions for the user only?

>> I dont want to pre-create everyones folders as there are so many

>> users...

>>

>> Also I am difficulty understanding Start Menu redirection... from :

>> http://technet2.microsoft.com/windowsserver/en/library/2b24872a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>>

>> It states "As a best practice for Windows XP-based computers, do not

>> use Folder Redirection to redirect the Start Menu folder; instead,

>> use Group Policy to control what appears on the Start Menu" - How

>> can one use Group Policy to control what shortcuts/folders appear in

>> a users start menu?

February 25, 2008

Re: Folder Redirection and Permissions

Hey Lanwench,

Thanks for response. As soon as I have figured out what I dont understand I

will post. I think i'm struggling around the permissions of the share this

folder is redirected to, whether one user changing the start menu will affect

all users and how to update the redirected start menu when installing new

programs... so new program groups are visible, and how to go about managing

this without causing a nightmare for our support staff.

Thank you for confirming the procedure for me :)

I will check the article out you supplied. One last thing you say :

"You won't be using roaming profiles per se as these are TS

users (but you do need to specify dedicated TS profile paths for everyone in

their ADUC properties). As in, \\fileserver\tsprofiles$\%username%."

I am using Group Policy... Machine Policy. To set the path CC\AT\WC\Terminal

Services\Set Path for TS Roaming Profiles. And pointing this to the network

location \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO to

append the %username% folder)... I assume this has the same effect?

Thanks Again... hope what I am saying is making sense.

Lozza

"Lanwench [MVP - Exchange]" wrote:

> lozza <lozza@discussions.microsoft.com> wrote:

> > Hey Guys,

> >

> > Okay for th first part of my question... I have just found :

> > http://support.microsoft.com/kb/274443

> >

> > Could an expert confirm this is correct procedure?

>

> I don't know if I'm an expert, but yes, it's the correct procedure.

> >

> > I am still working on the second question regarding the controlling

> > of the start menu through GP...so any help would be great! this

> > somewhat confuses me. In fact the whole redirection of start menu

> > confuses me, however I cannot think of a suitable question to ask

> > that will assist me in understanding this... i;m sure i will soon

> > enough ;)

>

> I don't redirect the Start Menu, myself (I do MyDocs, Application Data,

> Desktop), but you certainly can. What exactly are you having trouble with?

>

> Check out

> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

> for a good start. You won't be using roaming profiles per se as these are TS

> users (but you do need to specify dedicated TS profile paths for everyone in

> their ADUC properties). As in, \\fileserver\tsprofiles$\%username%.

>

> >

> > Lozza

> >

> > "lozza" wrote:

> >

> >> Hi Guys,

> >>

> >> Currently have a NAS device with a root share that everybody uses...

> >> \\NAS\Share. This is at present configured for everyone full

> >> control. Which i believe is the source of my problems... Under this

> >> Folder I have created \\NAS\Share\TerminalServices. I have not

> >> created a separate share for the TerminalServices folder as it is

> >> accessible via \\NAS\Share. This is where I have redirected all my

> >> folders to. However it seems all users can access each others

> >> Redirected folders. Could you guide me as to what Share and Security

> >> permissions are required on the share \\NAS\Share\TerminalServices

> >> to ensure these folders are locked down and the system is able to

> >> create these redirected folders with permissions for the user only?

> >> I dont want to pre-create everyones folders as there are so many

> >> users...

> >>

> >> Also I am difficulty understanding Start Menu redirection... from :

> >> http://technet2.microsoft.com/windowsserver/en/library/2b24872a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

> >>

> >> It states "As a best practice for Windows XP-based computers, do not

> >> use Folder Redirection to redirect the Start Menu folder; instead,

> >> use Group Policy to control what appears on the Start Menu" - How

> >> can one use Group Policy to control what shortcuts/folders appear in

> >> a users start menu?

>

February 25, 2008

Re: Folder Redirection and Permissions

lozza <lozza@discussions.microsoft.com> wrote:

> Hey Lanwench,

>

> Thanks for response. As soon as I have figured out what I dont

> understand I will post. I think i'm struggling around the permissions

> of the share this folder is redirected to, whether one user changing

> the start menu will affect all users

No - each user gets his/her own.

> and how to update the redirected

> start menu when installing new programs...

That should be the "all users" not the user's start menu bits.

> so new program groups are

> visible, and how to go about managing this without causing a

> nightmare for our support staff.

This would be good to test before deploying - you're wise to be cautious.

>

> Thank you for confirming the procedure for me :)

>

> I will check the article out you supplied. One last thing you say :

>

> "You won't be using roaming profiles per se as these are TS

> users (but you do need to specify dedicated TS profile paths for

> everyone in their ADUC properties). As in,

> \\fileserver\tsprofiles$\%username%."

>

> I am using Group Policy... Machine Policy. To set the path

> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles. And

> pointing this to the network location

> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO to append

> the %username% folder)... I assume this has the same effect?

Yes....check out the link. :)

>

> Thanks Again... hope what I am saying is making sense.

> Lozza

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> lozza <lozza@discussions.microsoft.com> wrote:

>>> Hey Guys,

>>>

>>> Okay for th first part of my question... I have just found :

>>> http://support.microsoft.com/kb/274443

>>>

>>> Could an expert confirm this is correct procedure?

>>

>> I don't know if I'm an expert, but yes, it's the correct procedure.

>>>

>>> I am still working on the second question regarding the controlling

>>> of the start menu through GP...so any help would be great! this

>>> somewhat confuses me. In fact the whole redirection of start menu

>>> confuses me, however I cannot think of a suitable question to ask

>>> that will assist me in understanding this... i;m sure i will soon

>>> enough ;)

>>

>> I don't redirect the Start Menu, myself (I do MyDocs, Application

>> Data, Desktop), but you certainly can. What exactly are you having

>> trouble with?

>>

>> Check out

>> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html

>> for a good start. You won't be using roaming profiles per se as

>> these are TS users (but you do need to specify dedicated TS profile

>> paths for everyone in their ADUC properties). As in,

>> \\fileserver\tsprofiles$\%username%.

>>

>>>

>>> Lozza

>>>

>>> "lozza" wrote:

>>>

>>>> Hi Guys,

>>>>

>>>> Currently have a NAS device with a root share that everybody

>>>> uses... \\NAS\Share. This is at present configured for everyone

>>>> full control. Which i believe is the source of my problems...

>>>> Under this Folder I have created \\NAS\Share\TerminalServices. I

>>>> have not created a separate share for the TerminalServices folder

>>>> as it is accessible via \\NAS\Share. This is where I have

>>>> redirected all my folders to. However it seems all users can

>>>> access each others Redirected folders. Could you guide me as to

>>>> what Share and Security permissions are required on the share

>>>> \\NAS\Share\TerminalServices to ensure these folders are locked

>>>> down and the system is able to create these redirected folders

>>>> with permissions for the user only? I dont want to pre-create

>>>> everyones folders as there are so many users...

>>>>

>>>> Also I am difficulty understanding Start Menu redirection... from :

>>>> http://technet2.microsoft.com/windowsserver/en/library/2b24872a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>>>>

>>>> It states "As a best practice for Windows XP-based computers, do

>>>> not use Folder Redirection to redirect the Start Menu folder;

>>>> instead, use Group Policy to control what appears on the Start

>>>> Menu" - How can one use Group Policy to control what

>>>> shortcuts/folders appear in a users start menu?

February 25, 2008

Re: Folder Redirection and Permissions

"Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote

on 25 feb 2008 in microsoft.public.windows.terminal_services:

> lozza <lozza@discussions.microsoft.com> wrote:

>> Hey Lanwench,

>>

>> Thanks for response. As soon as I have figured out what I dont

>> understand I will post. I think i'm struggling around the

>> permissions of the share this folder is redirected to, whether

>> one user changing the start menu will affect all users

>

> No - each user gets his/her own.

Well, that depends on how you configure it.

I have always used a single read-only redirected start menu. Users

cannot change anything there.

>> and how to update the redirected

>> start menu when installing new programs...

>

> That should be the "all users" not the user's start menu bits.

That also depends. You can create different start menus for

different user groups, and then you certainly don't want to put

things in the All Users profile. Check here:

How can I configure different TS desktops, based on user group

membership?

http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection

You can update the start menu and the All User profile by simply

copying the necessary folders and shortcuts into it. You just have

to make sure that the permissions are correct (Read + Execute will

do in most cases).

>> so new program groups are

>> visible, and how to go about managing this without causing a

>> nightmare for our support staff.

If all users share the same read-only Start Menu, your support

staff will have little to do in this area.

> This would be good to test before deploying - you're wise to be

> cautious.

>>

>> Thank you for confirming the procedure for me :)

>>

>> I will check the article out you supplied. One last thing you

>> say :

>>

>> "You won't be using roaming profiles per se as these are TS

>> users (but you do need to specify dedicated TS profile paths

>> for everyone in their ADUC properties). As in,

>> \\fileserver\tsprofiles$\%username%."

>>

>> I am using Group Policy... Machine Policy. To set the path

>> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles.

>> And pointing this to the network location

>> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO to

>> append the %username% folder)... I assume this has the same

>> effect?

>

> Yes....check out the link. :)

>>

>> Thanks Again... hope what I am saying is making sense.

>> Lozza

>>

>> "Lanwench [MVP - Exchange]" wrote:

>>

>>> lozza <lozza@discussions.microsoft.com> wrote:

>>>> Hey Guys,

>>>>

>>>> Okay for th first part of my question... I have just found :

>>>> http://support.microsoft.com/kb/274443

>>>>

>>>> Could an expert confirm this is correct procedure?

>>>

>>> I don't know if I'm an expert, but yes, it's the correct

>>> procedure.

>>>>

>>>> I am still working on the second question regarding the

>>>> controlling of the start menu through GP...so any help would

>>>> be great! this somewhat confuses me. In fact the whole

>>>> redirection of start menu confuses me, however I cannot think

>>>> of a suitable question to ask that will assist me in

>>>> understanding this... i;m sure i will soon enough ;)

>>>

>>> I don't redirect the Start Menu, myself (I do MyDocs,

>>> Application Data, Desktop), but you certainly can. What

>>> exactly are you having trouble with?

>>>

>>> Check out

>>> http://www.windowsnetworking.com/articles_tutorials/Profile-Fol

>>> der-Redirection-Windows-Server-2003.html for a good start. You

>>> won't be using roaming profiles per se as these are TS users

>>> (but you do need to specify dedicated TS profile paths for

>>> everyone in their ADUC properties). As in,

>>> \\fileserver\tsprofiles$\%username%.

>>>

>>>>

>>>> Lozza

>>>>

>>>> "lozza" wrote:

>>>>

>>>>> Hi Guys,

>>>>>

>>>>> Currently have a NAS device with a root share that everybody

>>>>> uses... \\NAS\Share. This is at present configured for

>>>>> everyone full control. Which i believe is the source of my

>>>>> problems... Under this Folder I have created

>>>>> \\NAS\Share\TerminalServices. I have not created a separate

>>>>> share for the TerminalServices folder as it is accessible

>>>>> via \\NAS\Share. This is where I have redirected all my

>>>>> folders to. However it seems all users can access each

>>>>> others Redirected folders. Could you guide me as to what

>>>>> Share and Security permissions are required on the share

>>>>> \\NAS\Share\TerminalServices to ensure these folders are

>>>>> locked down and the system is able to create these

>>>>> redirected folders with permissions for the user only? I

>>>>> dont want to pre-create everyones folders as there are so

>>>>> many users...

>>>>>

>>>>> Also I am difficulty understanding Start Menu redirection...

>>>>> from :

>>>>> http://technet2.microsoft.com/windowsserver/en/library/2b2487

>>>>> 2a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>>>>>

>>>>> It states "As a best practice for Windows XP-based

>>>>> computers, do not use Folder Redirection to redirect the

>>>>> Start Menu folder; instead, use Group Policy to control what

>>>>> appears on the Start Menu" - How can one use Group Policy to

>>>>> control what shortcuts/folders appear in a users start menu?

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

February 25, 2008

Re: Folder Redirection and Permissions

Vera Noest [MVP] <vera.noest@remove-this.hem.utfors.se> wrote:

> "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote

> on 25 feb 2008 in microsoft.public.windows.terminal_services:

>

>> lozza <lozza@discussions.microsoft.com> wrote:

>>> Hey Lanwench,

>>>

>>> Thanks for response. As soon as I have figured out what I dont

>>> understand I will post. I think i'm struggling around the

>>> permissions of the share this folder is redirected to, whether

>>> one user changing the start menu will affect all users

>>

>> No - each user gets his/her own.

>

> Well, that depends on how you configure it.

> I have always used a single read-only redirected start menu. Users

> cannot change anything there.

>

>>> and how to update the redirected

>>> start menu when installing new programs...

>>

>> That should be the "all users" not the user's start menu bits.

>

> That also depends. You can create different start menus for

> different user groups, and then you certainly don't want to put

> things in the All Users profile. Check here:

>

> How can I configure different TS desktops, based on user group

> membership?

> http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection

>

> You can update the start menu and the All User profile by simply

> copying the necessary folders and shortcuts into it. You just have

> to make sure that the permissions are correct (Read + Execute will

> do in most cases).

>

Ah - thanks, Vera. I may be a bit vague on some of this as I've done this

config much more often with managed XP desktops & not TS.

In general, I want the all users start menu to be static per machine (and

users don't have admin rights, so they can't edit All Users) and the per

user one - eh, don't really care much about what they do with it, as they

may want their own custom shortcuts, whatnot. As long as they have all the

basics the frou-frou there doesn't make much difference to me or the client.

>>> so new program groups are

>>> visible, and how to go about managing this without causing a

>>> nightmare for our support staff.

>

> If all users share the same read-only Start Menu, your support

> staff will have little to do in this area.

>

>> This would be good to test before deploying - you're wise to be

>> cautious.

>>>

>>> Thank you for confirming the procedure for me :)

>>>

>>> I will check the article out you supplied. One last thing you

>>> say :

>>>

>>> "You won't be using roaming profiles per se as these are TS

>>> users (but you do need to specify dedicated TS profile paths

>>> for everyone in their ADUC properties). As in,

>>> \\fileserver\tsprofiles$\%username%."

>>>

>>> I am using Group Policy... Machine Policy. To set the path

>>> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles.

>>> And pointing this to the network location

>>> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO to

>>> append the %username% folder)... I assume this has the same

>>> effect?

>>

>> Yes....check out the link. :)

>>>

>>> Thanks Again... hope what I am saying is making sense.

>>> Lozza

>>>

>>> "Lanwench [MVP - Exchange]" wrote:

>>>

>>>> lozza <lozza@discussions.microsoft.com> wrote:

>>>>> Hey Guys,

>>>>>

>>>>> Okay for th first part of my question... I have just found :

>>>>> http://support.microsoft.com/kb/274443

>>>>>

>>>>> Could an expert confirm this is correct procedure?

>>>>

>>>> I don't know if I'm an expert, but yes, it's the correct

>>>> procedure.

>>>>>

>>>>> I am still working on the second question regarding the

>>>>> controlling of the start menu through GP...so any help would

>>>>> be great! this somewhat confuses me. In fact the whole

>>>>> redirection of start menu confuses me, however I cannot think

>>>>> of a suitable question to ask that will assist me in

>>>>> understanding this... i;m sure i will soon enough ;)

>>>>

>>>> I don't redirect the Start Menu, myself (I do MyDocs,

>>>> Application Data, Desktop), but you certainly can. What

>>>> exactly are you having trouble with?

>>>>

>>>> Check out

>>>> http://www.windowsnetworking.com/articles_tutorials/Profile-Fol

>>>> der-Redirection-Windows-Server-2003.html for a good start. You

>>>> won't be using roaming profiles per se as these are TS users

>>>> (but you do need to specify dedicated TS profile paths for

>>>> everyone in their ADUC properties). As in,

>>>> \\fileserver\tsprofiles$\%username%.

>>>>

>>>>>

>>>>> Lozza

>>>>>

>>>>> "lozza" wrote:

>>>>>

>>>>>> Hi Guys,

>>>>>>

>>>>>> Currently have a NAS device with a root share that everybody

>>>>>> uses... \\NAS\Share. This is at present configured for

>>>>>> everyone full control. Which i believe is the source of my

>>>>>> problems... Under this Folder I have created

>>>>>> \\NAS\Share\TerminalServices. I have not created a separate

>>>>>> share for the TerminalServices folder as it is accessible

>>>>>> via \\NAS\Share. This is where I have redirected all my

>>>>>> folders to. However it seems all users can access each

>>>>>> others Redirected folders. Could you guide me as to what

>>>>>> Share and Security permissions are required on the share

>>>>>> \\NAS\Share\TerminalServices to ensure these folders are

>>>>>> locked down and the system is able to create these

>>>>>> redirected folders with permissions for the user only? I

>>>>>> dont want to pre-create everyones folders as there are so

>>>>>> many users...

>>>>>>

>>>>>> Also I am difficulty understanding Start Menu redirection...

>>>>>> from :

>>>>>> http://technet2.microsoft.com/windowsserver/en/library/2b2487

>>>>>> 2a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>>>>>>

>>>>>> It states "As a best practice for Windows XP-based

>>>>>> computers, do not use Folder Redirection to redirect the

>>>>>> Start Menu folder; instead, use Group Policy to control what

>>>>>> appears on the Start Menu" - How can one use Group Policy to

>>>>>> control what shortcuts/folders appear in a users start menu?

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

February 25, 2008

Re: Folder Redirection and Permissions

Hey Guys,

I think i;m starting to understand the concept here about start menu

redirection and maybe if I outline what it is I want to achieve you guys can

point me to how to do it. So here goes..

I would like to redirect all allowable folders.... So for start menu I would

like to redirect everyones to the same location. All Users of the TS Cluster

should be able to access all software installed on the TS servers. They

should not be able to install any (and I believe they cant as they are only

members of the RDU group - i'll test this to be sure).

My TS Servers are in an OU of their own. On that OU is 2 GPOs... A machine

GPO with settings such TS configurations (Session Directory, LoopBack=Replace

etc) and a User GPO (filtered to the same Domain Group added to the Local RDU

group), this GPO has the redirection settings...

So this is my issue if I use the 'Basic - Redirect everyone's folder to the

same location' setting and specify the network location as

\\NAS\Share\TerminalServices\StartMenu

and permission this to only allow read and execute to Domain User Group

(that is a member of the Local RDU Group)... how will that redirected start

menu update itself when an admin comes along and adds another piece of

software... Effectively does that update to the software hosted on the server

even matter to the redirected folder in this case?

Let me give my reasoning...

1) All users use a redirected Start Menu (that has been copied and pasted

from a given start menu, any start menu of the server will do I guess, even

ALL USERS). Permission to this is granted for only read and execute.

2) Admin comes along and adds a bit of software. The software writes a

shortcut to the ALL USERS start menu on the local TS Server. Admin does this

on each TS Server in the cluster. Therefore each ALL USERS folder on each TS

Server gets the new shortcut to the start menu for the new software installed.

3) User logs on... pulls their read only start menu from the network

location (which i believe will NOT have the new shortcuts to the new

software) and at this point, does the local ALL USERS start menu also merge

with this network located start menu to give the user shortcuts to all

applications hosted on the machine?

In essence, what I'm saying is, in my situation do I even need to redirect

the start menu? I guess I am relying on the fact that each bit of software

installed adds a shortcut to the Local ALL USERS start menu so all users

logging in can access neccessary software. If a bit of software does not

write to the ALL USER area, then I guess I would have to paste a shortcut in

there myself into EITHER the ALL USERS local start menu OR the Redirected

Start Menu.

I am also assuming I would only need to mess about with Start Menu

redirection when different group of users are supposed to have different sets

of start menus. In which case, wont I need to ensure the ALL USERS area NEVER

gets written to? and control which shortcuts go into which groups of users

Start Menu manually by editing the network location of these redirected Start

Menus.... as this in this controlled state, if the ALL USERS menu is always

merged in, those software shortcuts might have to be hidden to some groups of

users

If I haven't confused you... please do let me know, if I have a point :)

Lozza

"Vera Noest [MVP]" wrote:

> "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote

> on 25 feb 2008 in microsoft.public.windows.terminal_services:

>

> > lozza <lozza@discussions.microsoft.com> wrote:

> >> Hey Lanwench,

> >>

> >> Thanks for response. As soon as I have figured out what I dont

> >> understand I will post. I think i'm struggling around the

> >> permissions of the share this folder is redirected to, whether

> >> one user changing the start menu will affect all users

> >

> > No - each user gets his/her own.

>

> Well, that depends on how you configure it.

> I have always used a single read-only redirected start menu. Users

> cannot change anything there.

>

> >> and how to update the redirected

> >> start menu when installing new programs...

> >

> > That should be the "all users" not the user's start menu bits.

>

> That also depends. You can create different start menus for

> different user groups, and then you certainly don't want to put

> things in the All Users profile. Check here:

>

> How can I configure different TS desktops, based on user group

> membership?

> http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection

>

> You can update the start menu and the All User profile by simply

> copying the necessary folders and shortcuts into it. You just have

> to make sure that the permissions are correct (Read + Execute will

> do in most cases).

>

> >> so new program groups are

> >> visible, and how to go about managing this without causing a

> >> nightmare for our support staff.

>

> If all users share the same read-only Start Menu, your support

> staff will have little to do in this area.

>

> > This would be good to test before deploying - you're wise to be

> > cautious.

> >>

> >> Thank you for confirming the procedure for me :)

> >>

> >> I will check the article out you supplied. One last thing you

> >> say :

> >>

> >> "You won't be using roaming profiles per se as these are TS

> >> users (but you do need to specify dedicated TS profile paths

> >> for everyone in their ADUC properties). As in,

> >> \\fileserver\tsprofiles$\%username%."

> >>

> >> I am using Group Policy... Machine Policy. To set the path

> >> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles.

> >> And pointing this to the network location

> >> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO to

> >> append the %username% folder)... I assume this has the same

> >> effect?

> >

> > Yes....check out the link. :)

> >>

> >> Thanks Again... hope what I am saying is making sense.

> >> Lozza

> >>

> >> "Lanwench [MVP - Exchange]" wrote:

> >>

> >>> lozza <lozza@discussions.microsoft.com> wrote:

> >>>> Hey Guys,

> >>>>

> >>>> Okay for th first part of my question... I have just found :

> >>>> http://support.microsoft.com/kb/274443

> >>>>

> >>>> Could an expert confirm this is correct procedure?

> >>>

> >>> I don't know if I'm an expert, but yes, it's the correct

> >>> procedure.

> >>>>

> >>>> I am still working on the second question regarding the

> >>>> controlling of the start menu through GP...so any help would

> >>>> be great! this somewhat confuses me. In fact the whole

> >>>> redirection of start menu confuses me, however I cannot think

> >>>> of a suitable question to ask that will assist me in

> >>>> understanding this... i;m sure i will soon enough ;)

> >>>

> >>> I don't redirect the Start Menu, myself (I do MyDocs,

> >>> Application Data, Desktop), but you certainly can. What

> >>> exactly are you having trouble with?

> >>>

> >>> Check out

> >>> http://www.windowsnetworking.com/articles_tutorials/Profile-Fol

> >>> der-Redirection-Windows-Server-2003.html for a good start. You

> >>> won't be using roaming profiles per se as these are TS users

> >>> (but you do need to specify dedicated TS profile paths for

> >>> everyone in their ADUC properties). As in,

> >>> \\fileserver\tsprofiles$\%username%.

> >>>

> >>>>

> >>>> Lozza

> >>>>

> >>>> "lozza" wrote:

> >>>>

> >>>>> Hi Guys,

> >>>>>

> >>>>> Currently have a NAS device with a root share that everybody

> >>>>> uses... \\NAS\Share. This is at present configured for

> >>>>> everyone full control. Which i believe is the source of my

> >>>>> problems... Under this Folder I have created

> >>>>> \\NAS\Share\TerminalServices. I have not created a separate

> >>>>> share for the TerminalServices folder as it is accessible

> >>>>> via \\NAS\Share. This is where I have redirected all my

> >>>>> folders to. However it seems all users can access each

> >>>>> others Redirected folders. Could you guide me as to what

> >>>>> Share and Security permissions are required on the share

> >>>>> \\NAS\Share\TerminalServices to ensure these folders are

> >>>>> locked down and the system is able to create these

> >>>>> redirected folders with permissions for the user only? I

> >>>>> dont want to pre-create everyones folders as there are so

> >>>>> many users...

> >>>>>

> >>>>> Also I am difficulty understanding Start Menu redirection...

> >>>>> from :

> >>>>> http://technet2.microsoft.com/windowsserver/en/library/2b2487

> >>>>> 2a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

> >>>>>

> >>>>> It states "As a best practice for Windows XP-based

> >>>>> computers, do not use Folder Redirection to redirect the

> >>>>> Start Menu folder; instead, use Group Policy to control what

> >>>>> appears on the Start Menu" - How can one use Group Policy to

> >>>>> control what shortcuts/folders appear in a users start menu?

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

February 25, 2008

Re: Folder Redirection and Permissions

comments inline

=?Utf-8?B?bG96emE=?= <lozza@discussions.microsoft.com> wrote on 25

feb 2008 in microsoft.public.windows.terminal_services:

> Hey Guys,

>

> I think i;m starting to understand the concept here about start

> menu redirection and maybe if I outline what it is I want to

> achieve you guys can point me to how to do it. So here goes..

>

> I would like to redirect all allowable folders.... So for start

> menu I would like to redirect everyones to the same location.

> All Users of the TS Cluster should be able to access all

> software installed on the TS servers. They should not be able to

> install any (and I believe they cant as they are only members of

> the RDU group - i'll test this to be sure).

>

> My TS Servers are in an OU of their own. On that OU is 2 GPOs...

> A machine GPO with settings such TS configurations (Session

> Directory, LoopBack=Replace etc) and a User GPO (filtered to the

> same Domain Group added to the Local RDU group), this GPO has

> the redirection settings...

So far, all seems to be done by the book :-)

> So this is my issue if I use the 'Basic - Redirect everyone's

> folder to the same location' setting and specify the network

> location as \\NAS\Share\TerminalServices\StartMenu

>

> and permission this to only allow read and execute to Domain

> User Group (that is a member of the Local RDU Group)... how will

> that redirected start menu update itself when an admin comes

> along and adds another piece of software...

It doesn't. Most likely, new software which is installed while the

TS is in install mode will put a shortcut into the current

Administrators ao All Users Start Menu. After installation,

manually move these shortcuts into your custom Start Menu.

> Effectively does

> that update to the software hosted on the server even matter to

> the redirected folder in this case?

No.

> Let me give my reasoning...

>

> 1) All users use a redirected Start Menu (that has been copied

> and pasted from a given start menu, any start menu of the server

> will do I guess, even ALL USERS). Permission to this is granted

> for only read and execute. 2) Admin comes along and adds a bit

> of software. The software writes a shortcut to the ALL USERS

> start menu on the local TS Server. Admin does this on each TS

> Server in the cluster. Therefore each ALL USERS folder on each

> TS Server gets the new shortcut to the start menu for the new

> software installed. 3) User logs on... pulls their read only

> start menu from the network location (which i believe will NOT

> have the new shortcuts to the new software) and at this point,

> does the local ALL USERS start menu also merge with this network

> located start menu to give the user shortcuts to all

> applications hosted on the machine?

>

> In essence, what I'm saying is, in my situation do I even need

> to redirect the start menu?

No, you don't HAVE to use a redirected Start Menu, but you might

want to use it because you want to remove items from the existing

start menu for the users, while keeping them for the

Administrators. It simply gives you more control over the start

menu. And if you have multiple servers, you only have to make

change in one place and can be sure that the Start Menu is always

the same on all servers.

> I guess I am relying on the fact

> that each bit of software installed adds a shortcut to the Local

> ALL USERS start menu so all users logging in can access

> neccessary software. If a bit of software does not write to the

> ALL USER area, then I guess I would have to paste a shortcut in

> there myself into EITHER the ALL USERS local start menu OR the

> Redirected Start Menu.

>

> I am also assuming I would only need to mess about with Start

> Menu redirection when different group of users are supposed to

> have different sets of start menus. In which case, wont I need

> to ensure the ALL USERS area NEVER gets written to? and control

> which shortcuts go into which groups of users Start Menu

> manually by editing the network location of these redirected

> Start Menus.... as this in this controlled state, if the ALL

> USERS menu is always merged in, those software shortcuts might

> have to be hidden to some groups of users

>

> If I haven't confused you... please do let me know, if I have a

> point :)

>

> Lozza

>

> Lozza

> "Vera Noest [MVP]" wrote:

>

>> "Lanwench [MVP - Exchange]"

>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

>> wrote on 25 feb 2008 in

>> microsoft.public.windows.terminal_services:

>>

>> > lozza <lozza@discussions.microsoft.com> wrote:

>> >> Hey Lanwench,

>> >>

>> >> Thanks for response. As soon as I have figured out what I

>> >> dont understand I will post. I think i'm struggling around

>> >> the permissions of the share this folder is redirected to,

>> >> whether one user changing the start menu will affect all

>> >> users

>> >

>> > No - each user gets his/her own.

>>

>> Well, that depends on how you configure it.

>> I have always used a single read-only redirected start menu.

>> Users cannot change anything there.

>>

>> >> and how to update the redirected

>> >> start menu when installing new programs...

>> >

>> > That should be the "all users" not the user's start menu

>> > bits.

>>

>> That also depends. You can create different start menus for

>> different user groups, and then you certainly don't want to put

>> things in the All Users profile. Check here:

>>

>> How can I configure different TS desktops, based on user group

>> membership?

>> http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirect

>> ion

>>

>> You can update the start menu and the All User profile by

>> simply copying the necessary folders and shortcuts into it. You

>> just have to make sure that the permissions are correct (Read +

>> Execute will do in most cases).

>>

>> >> so new program groups are

>> >> visible, and how to go about managing this without causing a

>> >> nightmare for our support staff.

>>

>> If all users share the same read-only Start Menu, your support

>> staff will have little to do in this area.

>>

>> > This would be good to test before deploying - you're wise to

>> > be cautious.

>> >>

>> >> Thank you for confirming the procedure for me :)

>> >>

>> >> I will check the article out you supplied. One last thing

>> >> you say :

>> >>

>> >> "You won't be using roaming profiles per se as these are TS

>> >> users (but you do need to specify dedicated TS profile paths

>> >> for everyone in their ADUC properties). As in,

>> >> \\fileserver\tsprofiles$\%username%."

>> >>

>> >> I am using Group Policy... Machine Policy. To set the path

>> >> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles.

>> >> And pointing this to the network location

>> >> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO

>> >> to append the %username% folder)... I assume this has the

>> >> same effect?

>> >

>> > Yes....check out the link. :)

>> >>

>> >> Thanks Again... hope what I am saying is making sense.

>> >> Lozza

>> >>

>> >> "Lanwench [MVP - Exchange]" wrote:

>> >>

>> >>> lozza <lozza@discussions.microsoft.com> wrote:

>> >>>> Hey Guys,

>> >>>>

>> >>>> Okay for th first part of my question... I have just found

>> >>>> : http://support.microsoft.com/kb/274443

>> >>>>

>> >>>> Could an expert confirm this is correct procedure?

>> >>>

>> >>> I don't know if I'm an expert, but yes, it's the correct

>> >>> procedure.

>> >>>>

>> >>>> I am still working on the second question regarding the

>> >>>> controlling of the start menu through GP...so any help

>> >>>> would be great! this somewhat confuses me. In fact the

>> >>>> whole redirection of start menu confuses me, however I

>> >>>> cannot think of a suitable question to ask that will

>> >>>> assist me in understanding this... i;m sure i will soon

>> >>>> enough ;)

>> >>>

>> >>> I don't redirect the Start Menu, myself (I do MyDocs,

>> >>> Application Data, Desktop), but you certainly can. What

>> >>> exactly are you having trouble with?

>> >>>

>> >>> Check out

>> >>> http://www.windowsnetworking.com/articles_tutorials/Profile-

>> >>> Fol der-Redirection-Windows-Server-2003.html for a good

>> >>> start. You won't be using roaming profiles per se as these

>> >>> are TS users (but you do need to specify dedicated TS

>> >>> profile paths for everyone in their ADUC properties). As

>> >>> in, \\fileserver\tsprofiles$\%username%.

>> >>>

>> >>>>

>> >>>> Lozza

>> >>>>

>> >>>> "lozza" wrote:

>> >>>>

>> >>>>> Hi Guys,

>> >>>>>

>> >>>>> Currently have a NAS device with a root share that

>> >>>>> everybody uses... \\NAS\Share. This is at present

>> >>>>> configured for everyone full control. Which i believe is

>> >>>>> the source of my problems... Under this Folder I have

>> >>>>> created \\NAS\Share\TerminalServices. I have not created

>> >>>>> a separate share for the TerminalServices folder as it is

>> >>>>> accessible via \\NAS\Share. This is where I have

>> >>>>> redirected all my folders to. However it seems all users

>> >>>>> can access each others Redirected folders. Could you

>> >>>>> guide me as to what Share and Security permissions are

>> >>>>> required on the share \\NAS\Share\TerminalServices to

>> >>>>> ensure these folders are locked down and the system is

>> >>>>> able to create these redirected folders with permissions

>> >>>>> for the user only? I dont want to pre-create everyones

>> >>>>> folders as there are so many users...

>> >>>>>

>> >>>>> Also I am difficulty understanding Start Menu

>> >>>>> redirection... from :

>> >>>>> http://technet2.microsoft.com/windowsserver/en/library/2b2

>> >>>>> 487 2a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

>> >>>>>

>> >>>>> It states "As a best practice for Windows XP-based

>> >>>>> computers, do not use Folder Redirection to redirect the

>> >>>>> Start Menu folder; instead, use Group Policy to control

>> >>>>> what appears on the Start Menu" - How can one use Group

>> >>>>> Policy to control what shortcuts/folders appear in a

>> >>>>> users start menu?

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

February 25, 2008

Re: Folder Redirection and Permissions

LanWench/Vera... as usual....lovely job... Again, I think I took the scenic

route.... :)

Next post, is looking strong for methods of publishing applications... speak

to you soon...

"Vera Noest [MVP]" wrote:

> comments inline

>

> =?Utf-8?B?bG96emE=?= <lozza@discussions.microsoft.com> wrote on 25

> feb 2008 in microsoft.public.windows.terminal_services:

>

> > Hey Guys,

> >

> > I think i;m starting to understand the concept here about start

> > menu redirection and maybe if I outline what it is I want to

> > achieve you guys can point me to how to do it. So here goes..

> >

> > I would like to redirect all allowable folders.... So for start

> > menu I would like to redirect everyones to the same location.

> > All Users of the TS Cluster should be able to access all

> > software installed on the TS servers. They should not be able to

> > install any (and I believe they cant as they are only members of

> > the RDU group - i'll test this to be sure).

> >

> > My TS Servers are in an OU of their own. On that OU is 2 GPOs...

> > A machine GPO with settings such TS configurations (Session

> > Directory, LoopBack=Replace etc) and a User GPO (filtered to the

> > same Domain Group added to the Local RDU group), this GPO has

> > the redirection settings...

>

> So far, all seems to be done by the book :-)

>

> > So this is my issue if I use the 'Basic - Redirect everyone's

> > folder to the same location' setting and specify the network

> > location as \\NAS\Share\TerminalServices\StartMenu

> >

> > and permission this to only allow read and execute to Domain

> > User Group (that is a member of the Local RDU Group)... how will

> > that redirected start menu update itself when an admin comes

> > along and adds another piece of software...

>

> It doesn't. Most likely, new software which is installed while the

> TS is in install mode will put a shortcut into the current

> Administrators ao All Users Start Menu. After installation,

> manually move these shortcuts into your custom Start Menu.

>

> > Effectively does

> > that update to the software hosted on the server even matter to

> > the redirected folder in this case?

>

> No.

>

> > Let me give my reasoning...

> >

> > 1) All users use a redirected Start Menu (that has been copied

> > and pasted from a given start menu, any start menu of the server

> > will do I guess, even ALL USERS). Permission to this is granted

> > for only read and execute. 2) Admin comes along and adds a bit

> > of software. The software writes a shortcut to the ALL USERS

> > start menu on the local TS Server. Admin does this on each TS

> > Server in the cluster. Therefore each ALL USERS folder on each

> > TS Server gets the new shortcut to the start menu for the new

> > software installed. 3) User logs on... pulls their read only

> > start menu from the network location (which i believe will NOT

> > have the new shortcuts to the new software) and at this point,

> > does the local ALL USERS start menu also merge with this network

> > located start menu to give the user shortcuts to all

> > applications hosted on the machine?

> >

> > In essence, what I'm saying is, in my situation do I even need

> > to redirect the start menu?

>

> No, you don't HAVE to use a redirected Start Menu, but you might

> want to use it because you want to remove items from the existing

> start menu for the users, while keeping them for the

> Administrators. It simply gives you more control over the start

> menu. And if you have multiple servers, you only have to make

> change in one place and can be sure that the Start Menu is always

> the same on all servers.

>

> > I guess I am relying on the fact

> > that each bit of software installed adds a shortcut to the Local

> > ALL USERS start menu so all users logging in can access

> > neccessary software. If a bit of software does not write to the

> > ALL USER area, then I guess I would have to paste a shortcut in

> > there myself into EITHER the ALL USERS local start menu OR the

> > Redirected Start Menu.

> >

> > I am also assuming I would only need to mess about with Start

> > Menu redirection when different group of users are supposed to

> > have different sets of start menus. In which case, wont I need

> > to ensure the ALL USERS area NEVER gets written to? and control

> > which shortcuts go into which groups of users Start Menu

> > manually by editing the network location of these redirected

> > Start Menus.... as this in this controlled state, if the ALL

> > USERS menu is always merged in, those software shortcuts might

> > have to be hidden to some groups of users

> >

> > If I haven't confused you... please do let me know, if I have a

> > point :)

> >

> > Lozza

> >

> > Lozza

> > "Vera Noest [MVP]" wrote:

> >

> >> "Lanwench [MVP - Exchange]"

> >> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

> >> wrote on 25 feb 2008 in

> >> microsoft.public.windows.terminal_services:

> >>

> >> > lozza <lozza@discussions.microsoft.com> wrote:

> >> >> Hey Lanwench,

> >> >>

> >> >> Thanks for response. As soon as I have figured out what I

> >> >> dont understand I will post. I think i'm struggling around

> >> >> the permissions of the share this folder is redirected to,

> >> >> whether one user changing the start menu will affect all

> >> >> users

> >> >

> >> > No - each user gets his/her own.

> >>

> >> Well, that depends on how you configure it.

> >> I have always used a single read-only redirected start menu.

> >> Users cannot change anything there.

> >>

> >> >> and how to update the redirected

> >> >> start menu when installing new programs...

> >> >

> >> > That should be the "all users" not the user's start menu

> >> > bits.

> >>

> >> That also depends. You can create different start menus for

> >> different user groups, and then you certainly don't want to put

> >> things in the All Users profile. Check here:

> >>

> >> How can I configure different TS desktops, based on user group

> >> membership?

> >> http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirect

> >> ion

> >>

> >> You can update the start menu and the All User profile by

> >> simply copying the necessary folders and shortcuts into it. You

> >> just have to make sure that the permissions are correct (Read +

> >> Execute will do in most cases).

> >>

> >> >> so new program groups are

> >> >> visible, and how to go about managing this without causing a

> >> >> nightmare for our support staff.

> >>

> >> If all users share the same read-only Start Menu, your support

> >> staff will have little to do in this area.

> >>

> >> > This would be good to test before deploying - you're wise to

> >> > be cautious.

> >> >>

> >> >> Thank you for confirming the procedure for me :)

> >> >>

> >> >> I will check the article out you supplied. One last thing

> >> >> you say :

> >> >>

> >> >> "You won't be using roaming profiles per se as these are TS

> >> >> users (but you do need to specify dedicated TS profile paths

> >> >> for everyone in their ADUC properties). As in,

> >> >> \\fileserver\tsprofiles$\%username%."

> >> >>

> >> >> I am using Group Policy... Machine Policy. To set the path

> >> >> CC\AT\WC\Terminal Services\Set Path for TS Roaming Profiles.

> >> >> And pointing this to the network location

> >> >> \\NAS\Share\TerminalServices\UserProfiles (Allowing the GPO

> >> >> to append the %username% folder)... I assume this has the

> >> >> same effect?

> >> >

> >> > Yes....check out the link. :)

> >> >>

> >> >> Thanks Again... hope what I am saying is making sense.

> >> >> Lozza

> >> >>

> >> >> "Lanwench [MVP - Exchange]" wrote:

> >> >>

> >> >>> lozza <lozza@discussions.microsoft.com> wrote:

> >> >>>> Hey Guys,

> >> >>>>

> >> >>>> Okay for th first part of my question... I have just found

> >> >>>> : http://support.microsoft.com/kb/274443

> >> >>>>

> >> >>>> Could an expert confirm this is correct procedure?

> >> >>>

> >> >>> I don't know if I'm an expert, but yes, it's the correct

> >> >>> procedure.

> >> >>>>

> >> >>>> I am still working on the second question regarding the

> >> >>>> controlling of the start menu through GP...so any help

> >> >>>> would be great! this somewhat confuses me. In fact the

> >> >>>> whole redirection of start menu confuses me, however I

> >> >>>> cannot think of a suitable question to ask that will

> >> >>>> assist me in understanding this... i;m sure i will soon

> >> >>>> enough ;)

> >> >>>

> >> >>> I don't redirect the Start Menu, myself (I do MyDocs,

> >> >>> Application Data, Desktop), but you certainly can. What

> >> >>> exactly are you having trouble with?

> >> >>>

> >> >>> Check out

> >> >>> http://www.windowsnetworking.com/articles_tutorials/Profile-

> >> >>> Fol der-Redirection-Windows-Server-2003.html for a good

> >> >>> start. You won't be using roaming profiles per se as these

> >> >>> are TS users (but you do need to specify dedicated TS

> >> >>> profile paths for everyone in their ADUC properties). As

> >> >>> in, \\fileserver\tsprofiles$\%username%.

> >> >>>

> >> >>>>

> >> >>>> Lozza

> >> >>>>

> >> >>>> "lozza" wrote:

> >> >>>>

> >> >>>>> Hi Guys,

> >> >>>>>

> >> >>>>> Currently have a NAS device with a root share that

> >> >>>>> everybody uses... \\NAS\Share. This is at present

> >> >>>>> configured for everyone full control. Which i believe is

> >> >>>>> the source of my problems... Under this Folder I have

> >> >>>>> created \\NAS\Share\TerminalServices. I have not created

> >> >>>>> a separate share for the TerminalServices folder as it is

> >> >>>>> accessible via \\NAS\Share. This is where I have

> >> >>>>> redirected all my folders to. However it seems all users

> >> >>>>> can access each others Redirected folders. Could you

> >> >>>>> guide me as to what Share and Security permissions are

> >> >>>>> required on the share \\NAS\Share\TerminalServices to

> >> >>>>> ensure these folders are locked down and the system is

> >> >>>>> able to create these redirected folders with permissions

> >> >>>>> for the user only? I dont want to pre-create everyones

> >> >>>>> folders as there are so many users...

> >> >>>>>

> >> >>>>> Also I am difficulty understanding Start Menu

> >> >>>>> redirection... from :

> >> >>>>> http://technet2.microsoft.com/windowsserver/en/library/2b2

> >> >>>>> 487 2a-05ca-41be-9887-33acc87a20561033.mspx?mfr=true

> >> >>>>>

> >> >>>>> It states "As a best practice for Windows XP-based

> >> >>>>> computers, do not use Folder Redirection to redirect the

> >> >>>>> Start Menu folder; instead, use Group Policy to control

> >> >>>>> what appears on the Start Menu" - How can one use Group

> >> >>>>> Policy to control what shortcuts/folders appear in a

> >> >>>>> users start menu?

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

February 26, 2008

RE: Folder Redirection and Permissions

http://www.msterminalservices.org/articles/Configure-Folder-Redirection.html

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

SE, West Coast USA & Canada

Quest Software, Provision Networks Division

Virtual Client Solutions

http://www.provisionnetworks.com