Preventing GPO applying to Terminal Services login

Hello

A group policy for redirecting "My documents" to a network share runs at logon. It also applies to terminal services logons.


I dont want it to apply to TS users so how can I stop it?

Ta

 

Well look who the cats drug up!

You can do it easily if you are doing it with a script that shows up in the normal startup locations. Otherwise give details from GPEDIT on exactly what you have set and where.

OK here is how. Actually you want to eliminate all unnecessary programs running in RDP sessions.

For example, as long as the Virus scanner is running on the console it does not need to be running in each session. Uses ram and CPU cycles.

D/L Mike Lin's StartupCPL Mike Lin's Home Page

While logged on to the day to day Administrator account on the Terminal server (hope it is not "THE" Administrator account) run StartupCPL and rt drag the sides untill tabs are side by side not stacked. Easier to see. Look at HKLM / Run. Everthing here will run in all Terminal Server sessions.

So what you want to do is rt click an entry you do not want to run on the RDP sessions and click "Send To" and send it to HKCU / Run which is the console session you see when in front of the computer.

I would advise to look closely here as it can make a big difference in performance on the RDP sessions, and move any thing not needed by the TS (RDP) sessions to HKCU.

I would send the Virus scanner to HKCU also. (Note some Virus scanners and other programs have been programed to run only in HKLM so will kick back into HKLM) recheck this after a reboot.

Another thing you can do to keep the system happy is to browse to Documents and settings\Username and delete all references to IE and OE and any other program that should not be run from a RDP TS session. This will ensure the users are not browsing the Internet inside the RDP (TS) sessions etc. IE and Email should be run locally from the Workstation.

Did your boss ever get you a souvenir from China? Like one of those little umberells that come with mixed drinks? Left you alone playing with water cars!

Mike

 

Mike

Thanks for the reply

I did better than a souvenir, I went out to Singapore myself last week, what a great place, and Business class is the way to go. Playing with water cars wasn't as much fun, engine overheated and EMS shut it down, had to be towed back in.

Although we are using Citrix over TS there are some useful tips there for improving performance. We are still only using 1 server for 20 users, plan to add a second, but for now shutting down unnecessary processes will help. IE is already disabled through content redirection, but I hadnt given any thought to moving AV sessions before.

The problem lies with a GPO that redirects My documents to a network location. This is used all the time for personal files and cannot be switched off.
Citrix users get it as well and until now it wasn't causing any problems. The Singapore users, who have redirection to a server in their own office, find that Citrix grinds to a halt as their UK based Citrix sessions try to pick up the share 8000 miles away. Again this is not so bad normally, just makes logging in a lttle slower, but one user has started running an app that uses a paradox database and it is trying to move all its data to temp files in My Documents across continents each time it is used. It is a 3rd party app and we cannot get into it to stop it doing this.

What I was hoping for was a TS GPO that would over-ride the domain one to enable me to redirect My documents to another location or to ignore it all together. I may have found a solution with something called loopback processing, but will have to read up on it to understand it and work out if it is what I need.

Hope all this makes sense

Ta

Andy

 

Hi Andy

I don't think using a system wide GPO for this is the best way to do this.

Have you created a Remote users Group and excluded them?

Don't marry the GPO you already have, look at the below for alternatives.

This one is related directly to Citrix.
Support Forums - Citrix Knowledge Center

redirect my documents folder to a network drive - Google Search

Also see folder redirection - Google Search

And excluding remote rdp users from gpo - Google Search

Good luck, let me know.

Mike