You may use the following Group Policy Object (GPO) settings to configure the Remote Desktop Protocol (RDP) settings in a Windows Server 2003 R2 Active Directory (AD) domain.

To configure the Remote Desktop Protocol settings open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Remote Desktop Protocol. Right click the newly created GPO and select Edit…from the context menu. Once the GPO opens navigate to the following setting.

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Enable the setting to “Allow users to connect remotely using Remote Desktop Services“.

Additionally, you may add users or groups to the BUILTIN\Remote Desktop Users group. This will allow all of the users in that group to utilize Remote Desktop Services. To do so, navigate to the following setting.

Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups

Right click Restricted Groups and select the option to Add Group…. In the Add Group dialog box click click Browse …. Type Remote Desktop Users in the dialog box and then click Check Names and OK. Again, you will click OK in the Add Group dialog box. Please keep in mind that this GPO is utilizing the Builtin\Remote Desktop Users group for simplicity.

In the Remote Desktop Users Properties dialog box you may add groups that you have created or make the Remote Desktop Users group a member of another group. Choose the option that works best for your environment. I recommend creating a group or group(s) and nesting them in the Remote Desktop Users group to simply the administration of your Active Directory environment.

Enjoy!

You may use the following Group Policy Object (GPO) settings to configure folder redirection in a Windows Server 2008 R2 environment. Folder redirection gives a systems administration the ability to redirect the path of a folder to a location that he or she specifies. In this example the desktop folder will be redirected to a distributed file system (DFS) path of \\FS1.DOMAIN.NET\SHARES\HOMES.

The benefits of folder redirection include but are not limited to the following:

1. It limits your users from being tied to a single computer in your enviornment since their folders are not stored on the local computer.

2. It allows a systems administrator to redirect the folders to a storage technology such as a Storage Area Network (SAN).

3. The central location of the redirected folders allows for more managable backups.

To redirect a user’s desktop folder open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Folder Redirection. Right click the newly created GPO and select Edit… from the context menu. Once the GPO opens navigate to the following setting.

User Configuration > Policies > Windows Settings > Folder Redirection > Desktop

Right click the Desktop folder and select properties from the context menu to bring up the Desktop Properties dialog box. On the Target tab select Basic – Redirect everyone’s folder to the same location in the Setting: pull down menu. Under Target folder location specify the Create a folder for each user under the root path. The Root Path: will be \\FS1.DOMAIN.NET\SHARES\HOMES. On the Settings tab select the checkbox for the Grant the user exclusive rights to the Desktop and Move the contents of the Desktop to the new location settings.

Lastly, test the configuration by having the user(s) login to their desktop, open the Windows command prompt and type the following command gpupdate /force /logoff. Once the user logs back in create a folder on the desktop and specify that the folder is being redirected to \\FS1.DOMAIN.NET\SHARES\HOMES\user\folder name.

Enjoy!