For anyone out there building a new RDS or Citrix environment based on Windows Server 2016, there is something you should know. Microsoft has decided to change some functionality, specifically for RDS.
In the olden days, the main way to configure and control the user environment was via the user profile and the home Directory. Using these two pieces of information, you could control all settings and where they lived. When Terminal Services, Remote Desktop Services and Citrix XenApp (previously, Presentation Server, and MetaFrame) started to take off, the need arose for a separate location for these items. The main reason simple incompatibility between the desktop operating system profile and the server one.
Microsoft realized this and somewhere along the way added in a new tab for all user accounts in AD that allowed you to specify an alternate Profile and Home Directory location. This tab was used for years by many an admin and served its purpose well. Over the past few years, Microsoft introduced the ability to set these settings via Group Policy, which is much more convenient and allows a lot more flexibility as well.
Still in all, if you are an old timer and are still doing things at the user level, watch out, Windows 2016 ignores our trusty Remote Desktop Services Profile tab, sad I know! For some reason, Microsoft has decided not to query this tab anymore when users login. Now for most of you this will not mean much, but for those that are using this tab, this could have catastrophic repercussions. Everything from the desktop look and feel to roaming profiles suddenly not working and all users winding up with local profiles.
If you fall into this category, fear not! Microsoft has not completely abandoned you, you can actually turn this functionality back on! A simple registry entry will tell Windows to query this tab just like old times. Simple add in this registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp\
Name: fQueryUserConfigFromDC
Type: Reg_DWORD
Value: 1 (Decimal)
Once this value is back in place, the following will take place during each user logon:
- Query the Terminal Services registry key for the fQueryUserConfigFromDC value.
- If the value is found and it is set to 1, contact the DC to get the user configuration information.
With the system now contacting the DC for the RDS specific properties, the following value will once again come alive:
- Profile Path
- Home Folder
- Deny Logon to the RDSH server
For more information, see the Microsoft article here:
No comments:
Post a Comment