MessageI'll second that. Excellent tip Rick! Mike -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Nick Smith Sent: Saturday, March 25, 2006 8:42 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Office apps show my user having documents locked Wow! Some answer! Thanks for taking the time on that. *very* helpful! Nick ---------------------------------------------------------------------------- -- From: Rick Mack [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Mack Sent: 25 March 2006 08:05 To: thin@xxxxxxxxxxxxx Subject: RE: [THIN] Re: Office apps show my user having documents locked Hi Nick, You've got a few alternatives: 1) Don't do anything and watch for interesting changes to appear in your environment. Since interesting means helpdesk calls by annoyed users, this isn't a good option. 2) Manage the shadow key. Your idea of using the shadow key and propagating it isn't a bad one, but you have to make a point of making sure you know what's being propagated or you're back to option 1. There are 2 utilities (RDT/SDT read date time, set date time from http://www.brianmadden.com/attachments/rdt-sdt.zip) available to help you query and set shadow key timestamps. 3) Delete the shadow key and manage application settings some other way. This is really the preferred path. It takes a bit more work, but you then know exactly what you're dealing with. You can use scripting, group policies (with custom policy templates) or desktop management software from Appsense, Triceart, Scriptlogic etc. Scripting includes: - using the legacy application compatibility scripts that come with TS - applying reg files or using regini on logon or custom Kix or VB scripts. This lets you manage settings basd on groups etc The "easiest" way to manage application settings is with a produc like Appsense Environment Manager (or the Tricerat etc equivalent). Sorry if I've missed anyone but there are quite a few good products out there. If you can't go that way, then custom group policies are a good alternative. Use regtoadm (NUTS http://vizhar.mvps.org/files/nuts.exe, freeware) to get a basic skeleton of the custom policy just by exporting and converting a registry key. Then use regshot (http://www.majorgeeks.com/downloadload965.html, freeware) to find out what really matters (find out what you can keep and more importantly delete) and if you're serious about improving on the custom policy, get a copy of the ADM template editor (http://www.sysprosoft.com, costs about $60). regards, Rick Ulrich Mack Volante Systems ---------------------------------------------------------------------------- -- From: thin-bounce@xxxxxxxxxxxxx on behalf of Nick Smith Sent: Sat 25/03/2006 17:31 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Office apps show my user having documents locked Rick, Thanks for this very clear explanation. I've got away recently with single servers but am now planning for multiple TSes. Presumably I therefore need to export the Shadow Key to any new servers. How does the time-stamp on this work? Presumably it takes the time of the import of the key and compares it to the user (roaming profile) settings? How do I prevent the Shadow key overwriting user settings in this scenario? Nick If a software installation is done in "install" mode and it updates any keys under HKCU\Software, the values will be copied to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software (otherwise known as the shadow key). If an admin session is in "install" mode when the admin runs up an changes any app settings, these settings will also be copied to the shadow key. When a user runs up an application, if the appropriate registry values aren't already there or they are older than the values in the shadow key, they'll get populated from the shadow key. In single server scenarios, this is can be a really usefull way to propagate application settings. However if the shadow key isn't identical on all your servers and has a different timestamp on each server, then things can get interesting. ########################################################################## ########### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ########################################################################## ###########