Not that easy with published apps to be fair, and apps that don't exit properly at some times. Some users have published apps with local file associations, some users have a blend of streamed, local and remote apps. And sometimes you can end up with disconnected sessions the users are unaware of in a big and/or complicated environment.
Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY -----Original Message----- From: Ken Cornetet <ken.corne...@kimball.com> Date: Fri, 22 Feb 2013 17:28:53 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Reply-To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Well, if you mean "corruption" as in the last session to write the profile "wins", that's true, but it is handled by user education. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, February 22, 2013 10:31 AM To: NT System Admin Issues Subject: Re: Remote Desktop Server (Formerly known as Terminal Server) Multiple sessions also tend to cause corruption issues IMHO Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> Date: Fri, 22 Feb 2013 15:11:50 +0000 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Using Roaming Profiles in a large enterprise environment with sub-par WAN links makes for problematic roaming profile issues. Also some people forget to implement folder redirection with roaming profiles and you get profile bloat and a very bad user logon/off experience. Also, not everyone does the share and folder permissions properly for roaming profiles and or folder redirection and that can really screw things up. Thanks Webster From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, February 22, 2013 9:03 AM To: NT System Admin Issues Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) I'm using roaming profiles in a XenApp 5 system with around 1000 users. No problems whatsoever. I think a lot of the common "wisdom" about not using roaming profiles is a combination of bad history and FUD spread by vendors of profile management software. Not using roaming profiles sounds good in theory, but may be problematic in practice. If you have a user base with very simple requirements, a mandatory profile can work well - you only need to back up and restore a few settings from the registry (Outlook profiles, default printer, etc). Otherwise, roaming profiles make life much easier. I'll try to highlight the group policy I have in place: User lockdown - implemented via loopback - Set security to deny apply of this GP for admin users. Turns off most of the things in control panel Hide Desktop "network locations" Hide network connection settings Disable offline files Disable connection wizard Remove shutdown, sleep, and hibernate from start button. Turn off "Getting Started". Hide A,B,C, and D drives in "My Computer". Hide the C drive in file dialog boxes (This can cause error messages in Office apps). Hide Windows update. System policies Turn off Customer Experience Improvement Program and error reporting. Add "Administrators" security to roaming profiles. Delete cached profiles. Do not check for ownership of roaming profiles. Turn on timezone redirection. Set the roaming profile path. Turn off Windows Defender. Registry settings policy Create HKLM\CurrentControlSet\Control\Print\DisableWERLogging DWORD 1 (if you don't do this, the print spooler will occasionally fill your C: disk up with error logs). Create HKLM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate DWORD 1 - NOTE! You may not want to do this - research before implementing. DELETE this key HKEY_USERS\.DEFAULT\Software\Hewlett-Packard - Do this if you use HP printers. Trust me. DELETE this key HKCU\Software\Hewlett-Packard - Ditto User settings - implemented via loopback Set folder redirection Create HKCU\Softare\Policies\Microsoft\Office\12.0\Common\Toolbars\QuickAccessToolbarRoaming DWORD 1 See http://support.microsoft.com/kb/958062 for details. Create HKCU\Softare\Policies\Microsoft\Office\14.0\Common\Toolbars\CustomUIRoaming DWORD 1 See http://support.microsoft.com/kb/958062 for details. Create HKCU\ Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10 DWORD 1 - This sets IE privacy to default Application blacklist Blacklist all of the common updaters (Java, Adobe, etc) Blacklist VMWare tools (if you are running under VMWare) Blacklist your Antivirus user interface agent (you don't want users kicking off scans of your C: drive) Blacklist c:\windows\syswow64\IME\IMEJP10\IMJPDSVR.EXE - It eats CPU. I'd be happy to export my policies and email them to you, if you like. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin