Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unique Desktop/Start Menu for each group? 1

Status
Not open for further replies.
Ashaman074

Ashaman074

MIS
Oct 22, 2001
49
US
Hi,

We have been running Citrix Metaframe XP in a Windows 2000 Domain for a couple years now. The remote users use the ICA client to log in. Rather than create desktop & start menu shortcuts for each user, I set up one user & then moved their shortcuts to the "All Users" folder under documents & settings.

This worked fine, but recently the need has come up to divide up into two unique groups. My goal now is to create two unique environments so that when one group logs in, they have Desktop/Start Menu #1 & the second group sees Desktop/Start Menu #2 so that the end result is that it would appear they are two separate servers.

I wanted to know what the best method would be to accomplish this? Can it be done by Group policy? Network mappings & file permissions themselves aren't a problem of course, I am just looking for a way to give each group their necessary shortcuts.

TIA!
 
Sort by date Sort by votes
Group policies would be a great way to do it. You can define a user's start menu and/or desktop path in the policy. Then just assign the policies by group.
 
Upvote 0 Downvote
I know exactly how you feel. I have gone through the same procedure. I have taken mine to the whole new level. Or at least that is how I felt about it.

It got pretty complex, but it works like a charm and it has been used for about a year now.

My solution involves DFS and Kixtart. You don't need to use DFS shares, we did because we were doing logon across domains.

What I have done is put the Citrix Servers in their own OU. I have applied a goup policy to it. In the group policy I call a logon script. The script is a kixtart script. I also have implemented the start menu group policy to point to \\server\share\%username%\profile\start.
And desktop to \\server\share\%username%\profile\desktop.

Everything is group based and even domain based.

Using kixtart I check to see if the user is in TS_Desktop group. If they are in that group then I know I have to create a desktop and startmenu for that user. The script then creates a folder \\server\share\%username%\profile\start\programs.

I have also created a folder \\server\share\termserv\icon
That folder contains all the icons that any of the users would ever use.

Now based on group membership I copy icons from \termserv\icon to \start\programs

There is also not a problem with creating subdirectories.

Now I have also put in a logoff script that when the users log off it will delete the folder \\server\share\%username%\start\programs

Now this will dynamically create the startmenu every time the user logs on. So if group membership changes, the next time they log on they will have a new start menu.

If you have any more questions let me know. I can provide you with the logon and logoff kixtart scripts if you want.

Good luck.

-Matt
 
Upvote 0 Downvote
Thanks for the replies. I did use group policy to do this, but quickly realized the limitations it imposed. Users cannot save to the desktop, etc.

Thanks for the tip on Kixstart, I am checking into it as it sounds interesting. It also seems a bit involved & perhaps complicated...but I want to find out more about it.

Thanks,

Joshua Lawrence
 
Upvote 0 Downvote
Users should be able to save to their desktop with out a problem. Just make sure the folders have the correct security permissions. Another idea to look into is roaming profiles.

One other up important thing to look into is the loopback policy. in ComputerConfiuration\Administrative Templates\System\Group Policies.

The loopback policy is funky, and it took a little to understand it. But I'll try to explain. The idea behind the loopback policy is: Your users have GPO's set to them based on group membership. So when a user in GroupA logs into ANY machine on the domain they will get the GPO applied to them. Well there are times when you don't want that GPO applied when they log into certain machine. For example, citrix servers. So you apply the Loopback policy, to the citrix servers. When your users log into the citrix server ALL other GPO will be stripped from the user and only thoes that are part of the loopback and are assigned to that server will get applied.

Kixtart is an amzing free tool. It is very powerful and there are some complex things about it. But it doesn't have to be.

Goodluck,

-matt
 
Upvote 0 Downvote
Interesting, thanks for the additional information. Maybe the problem is in the way I went about it...

I basically divided the employees into groups, then applied group policy to redirect the start menu & desktop based on which group I assigned them to.

It did work, but the problem was then that since say, 5 users in group A are redirected to the same point they cannot customize the desktop. (If I allowed them to it would change the desktop for all 5 users)

Originally, I was thinking that the redirected location would combine with their personal layout...which looking back was kinda silly.

If there is a better way to do this, I would appreciate it. I worked on this till 5 at the end of last week & haven't yet ventured back in to resume the battle :)

Thanks!
 
Upvote 0 Downvote
use the variable %username%. That will give each user their OWN directory. So it would be \\server\share\profiles\desktops\%username%. With that if the username was jdoe then he would have a folder on \\server\share\profiles\desktops\jdoe.

Instead of just the desktop or start menus.. you can try roaming profiles. That would move EVERYTHING. That is set under the properties of the user. Turn on roaming profiles and then select where the profile will sit on a server.

so now you would just have
\\server\share\profiles\%username% now all the user's info would be stored in there.

It might also be worth a shot. I am not sure how your situation will limit the use of roaming profiles, but it might work for ya.

Let me know if you have any more questions

Good luck.

-Matt
 
Upvote 0 Downvote
grr I wish there was a way to edit a post. By roaming profiles I wanted to clarify I ment to say "Terminal Serivces Profile" put the path in the User Profile area. So the User Profile would be:
\\server\share\ts_profile\%username%

-Matt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

vgulielmus
  • Locked
  • Question
Windows 10 Pro - cannot use the start button
Replies
5
Views
629
DrB0b
DrB0b
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
352
wavestar69
wavestar69
MartijnNL
  • Locked
  • Question
searching for files reaching file version limit
Replies
2
Views
273
MartijnNL
MartijnNL
MartijnNL
  • Locked
  • Question
DCL: Counting number of user processes for a period of time
Replies
1
Views
225
yamyam
yamyam
GeoffWilkins1962
  • Locked
  • Question
Desktop 5.6 and HP Protect
Replies
0
Views
129
GeoffWilkins1962
GeoffWilkins1962

Part and Inventory Search

Sponsor

Back
Top