No announcement yet.

Issue with Start Menu Folder Redirection and Terminal Services

  • Filter
  • Time
  • Show
Clear All
new posts

  • Issue with Start Menu Folder Redirection and Terminal Services

    Hi all

    Hope someone can point me in the right direction with this, as can't find anything in the forums, and can't see anyone on the net with a similar issue.

    Basically I have recently joined a new company who have x24 Server 2000 Terminal Servers running Citrix PS4, but have mutiple clients accessing different published desktops distributed across the farm. Also a third party 1st line support company have a published desktop, on which their start menu, profiles and desktops are all managed by folder redirection through GPO's.
    All Start Menus are stored on each of the terminal servers, with the policy pointing to \.\%Computername%\Start_Menus$\Named_Company (note "\.\" is to stop the thread picking it up as a URL link). Also no other desktops or applications are published on these servers, so only the third party support company connect to these few servers.

    In the past this has worked fine, until one user suddenly reported having access to the whole start menu, including "Shut Down" and "Run" etc, ie all the things we don't want them to have access to.
    Then another day more people reported the same issue, while yesterday I believe most of the OU now have full access. Its also worth mentioning the OU the Support Company reside in, has 'Blocked Inheritance' enabled, and only this one policy applied.

    As a test, I have created a brand new OU, placed only a test account within it, blocked inheritance and applied a single GPO only performing folder redirection for the start menu (now located on my laptop share). I have also copied their start menu items locally to my laptop and created a share to the area, given the account full permission and ensured it can access the location.

    Now the issue is when logging in, the user gets the full Server start menu, whereas the event logs confirm a successful redirection, and the registry confirms the redirection has been applied. Although it seems as thoguh the GPO has merged the policy Start Menu with the server start menu and displayed the full thing to the end user, as checking the properties of the 'Programs' folder confirms that is located in the new area.

    I have come across a few posts mentioning Loopback, but can't see anything applied through any other policies, and don't want to start playing with policies affecting the servers as they are currently in the production environment.

    Hope that makes sense, have tried to fit as much information in as possible.
    I hope someone can at least point me in the right direction with this.