[gptalk] Re: GPO Isolation / Folder Redirection Help...

  • From: HBooGz <hboogz@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Wed, 1 Nov 2006 11:13:49 -0500

Darren -

Thanks for taking the time and answering. I do appreciate it and you've
defintely cleared up my initial question about security groups and GPO's.

My concern with regard to folder redirection, especially in my Citrix/TS
environment, is within office applications when a user
accidentally/purposely wants to save to the "desktop" or "my documents"
these everyday folders are redirected to a share where i've assigned -
That's what i would like accomplished.

I still like roaming profiles but sometimes their my documents folder could
accumulate over 100 MB, and i wouldn't want that profile to be carried
everywhere. How can i combat this and implement a logically roaming profile
with folder redirection scenario.

With regard to loopback processing, i would set it to replace within the
Citrix/TS GPO policy and make sure that policy has NO OVERRIDE enabled. If i
just want that policy applied to whoever logs into the Citrix/TS
box...correct ?

Do you recommend applying both user and computer GPO's in one GPO for this
scenario ?

Thanks again,

On 11/1/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:

 Most often what people do in Citrix/TS environment is use "loopback"
policy processing to ensure that user settings are different for users
logging into those TS boxes. As for your question about apply a GPO to an OU
that contains security groups with a few users--GP is not processed by
security groups--only by user and computer objects. You can filter
application to these user and computer objects using sec. groups, but when
you link a GPO, you need to link it somewhere that contains user and
computer objects, not just groups.

Roaming Profiles and folder redirection are complimentary. Typically you
set up a roaming profile to have a user's documents and settings follow them
from machine to machine. This is ok if they don't have a lot of data in, for
example, their My Documents folder. However, if they do and they move around
to a lot of different machines, the downloading and uploading of this data
from/to their roaming profiles can take time. In those cases, its useful to
combine the roaming profile with Folder Redirection. This basically takes
the data out of the profile and puts it on a server share somewhere. If you
also let the user cached their redirected folders for offline use, then they
have full availability to their data if, for example, they are on a laptop
and are offline.

Let us know what other specific info you need.


*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
Behalf Of *HBooGz
*Sent:* Wednesday, November 01, 2006 7:11 AM
*To:* gptalk@xxxxxxxxxxxxx
*Subject:* [gptalk] GPO Isolation / Folder Redirection Help...

I'm currently running Windows 2003 R2 AD

I would like to implement folder redirection(excluding app data) i've read
and heard that regardless of the environment it isn't a good idea to
redirect app data.

In the past, i've applied the User and Computer settings of the GPO within
one GPO and applied that to an OU that only contains the Citrix Server. I've
done this because i don't want GPO settings applied to a TS/Citrix server to
be applied elsewhere.

Is this a methodology that is commonly used ?

I've had issues in the past applying a GPO to an OU that only contained a
security group with a few users -- is that supported ?

I also could use some pointers on roaming profile setup and
configuration..As i've never implemented folder redirection.




Other related posts: