What:
Remote App server on Windows2008 R2
Problem:
Default installation needs a couple of tweaks to be usable.
Solution:
You can use group policy manager on your domain controller or local policy on Remote App server if it's only a single instance.
Redirect to RdWeb website:
==================================
1.Open IIS Manager and navigate to the level you want to manage (Default Web Site).
2.In Features View, double-click HTTP Redirect.
3.Instead of using "https://www.domain.com/RdWeb" use "/RDWeb/Pages/default.aspx" and change the redirect behaviour to:
Only redirect requests to content in this directory with a Permanent (301) status code.
Make login script to work:
==================================
1.Create logon.bat file and save it on RDGateway C drive, point in that file to original logon script i.e.:
\\domain.com\NETLOGON\logon.bat
2.Open up locally on RDGateway server gpedit.msc
User Configuration > Windows Settings > Scripts > Logon and add logon.bat script which you just created.
Hide C drive or prevent accessing it:
==================================
1. Open up gpedit.msc navigate to UserConf > Administrative Templates > Windows Components > Windows Explorer
2. Enable "Hide these specific drives in My Computer" or "Prevent access to drives in My Computer"
Hide Windows 7 Favorites, Libraries etc to help users to save files on the network shares:
==================================
1. Download WENPCFG.zip from http://www.s-inn.de/blog/post/remove-Libraries-Favorites-in-windows-explorer-navigation-pane.aspx
2.Copy it to RDGateway extract and use all hide switches except /HideComputer
Stop users from saving files to Desktop and Documents
==================================
In logon.bat script add:
icacls %userprofile%\Desktop /grant "%username%":(R) /inheritance:r
icacls %userprofile%\Documents /grant "%username%":(R) /inheritance:r
Allow time zone redirection from group policy
==================================
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
There you will find "Allow time zone redirection"
Office 2010 default open/save location
==================================
1. Download Office 2010 Administrative Template files and extract
2. Open up gpedit.msc navigate to UserConf>AdministrativeTemplates right click and add ADM files
3. Configure Excel, Word "Defualt file location" to network drive i.e. S:\ (it is in options and advanced options)
4. Restart server to apply GPO settings.
Internet Explorer cache size, for RDP users
==================================
Install GPO
http://www.petri.co.il/software/ie_cachesize.zip
Set it in gpedit.msc
Set up loopback policy to overwrite group policy when logged on to RemoteApp server
==================================
gpedit.msc
Navigate to Computer Configuration>Administrative Templates>Group Policy
Find "User Group Policy loopback processing mode" and set it to Enabled - Merge
We had screen saver which wanted to turn off only for RemoteApps so:
UserConf>Administrative Templates>Control Panel>Personalization
Password protect the screen saver - Disabled
Screen saver timeout - Enabled = 0
Enable print logging for redirected printers
=================================
Start>run
Type in "eventvwr" hit enter
Navigate to Windows Logs > Applications and Services Logs > Microsoft > Windows > PrintService
Right click Operational and select Properties, enable logging.
Filter by event id 307
Publish network shared folder, S: drive
=================================
In RemoteApp manager, publish new application and set following settings:
- Location: C:\Windows\Explorer.exe
- Always use the following command-line argument: /e,s:
or
- Always use the following command-line argument: /e,"s:\folder\my folder"
Optimize for best performance via group policy
==================================
Computer Configuration > Administrative Templates > Windows Components > Desktop Window Manager and set below to Enabled:
- Do not allow window animations
- Do not allow desktop composition
- Do not allowFlip3D invocation
Logon.bat content:
if /i %username% == administrator goto skipme
icacls %userprofile%\Desktop /grant "%username%":(R) /inheritance:r
icacls %userprofile%\Documents /grant "%username%":(R) /inheritance:r
:skipme
\\domain.com\NETLOGON\logon.bat
No comments:
Post a Comment