After completed the installation of Remote Desktop Servers and configuration of Remote Desktop Farm and Load Balancing in previous Parts of Article it's time to give more atention in User Experience. All works fine until now but don't forget that Users need a User Interface like Windows 7 or 8.1. They aren't used to work in enviroments with no graphics like IT and Administrators.
Today i will explain how can achieve this and give the best solution in the users. When user login in Remote Desktop Servers he will works in Windows 7 or Windows 8.1 Enviroment base on the OS installation of Windows Remote Desktop Servers. Just a small reminder that for the Scenario we have use Windows Server 2008 R2. So the user will have a Windows 7 enviroment.
So let's start
Configure Roaming Profiles file Share and Permissions
User Profiles it is challenge for Remote Desktop Enviroment and must configure it with a way to avoid perfomance issue and Storage Problems.It's prefered to install Roaming Profiles with Folder Redirection instead to allow User Profiles in Remote Desktop Servers.
- Roaming Profiles are store in network enviroment and user can access his data from any Desktop/Laptop.
- IT can better control and enable Quota for every User Profile and avoid large user profiles with no sense.
Before start i would like to note that Roaming Profiles with Folder Redirections It's prefer to enable in separate Windows Serve with File Server Roler. If you want to know how can procced following steps to enable the file sharing.
- Create a separate Partition for the User Profiles.
- Create a New Folder with name RoamingProfiles.
- Right click in Folder , Click in Properties.
- Select Tab Sharing and click in Advance Sharing.
- Check Share This Folder and type in Sharename RoamingProfiles$ (we add $ to be hidden from browsing).
- Click in button Permissions. Remove Everyone and add the users or Group that will be connect in Remote Dektop Servers.
- Give Read and Modify Permissions
- Click OK , OK and again OK.
- Now with right click again .click Properties and select Tab Security.
- Clcik in Advanced, click Change Permissions
- Uncheck the option Include Inheritable permissions from this object parent.
- Click Add in the Warning.
- Configure Security base on the following Table.
|User Account||Minimum Permissions Required|
Full Control, Subfolders and Files Only
Security group of users needing to put data on share
List Folder/Read Data, Create Folders/Append Data - This Folder Only
Full Control, This Folder, Subfolders and Files
After apply the security you have finish with the Roaming Profile User Share and Permissions. Next step is to configure the Folder Redirection
Configure Folder Redirection file Share and Permissions
Folder Redirection redirect the path of a folder to a new location. After complete Roaming Profiles User Share it's time to proceed with the Folder Redirection. We have the ability to redirect all the folders of User Profiles like AppData,Contacts,Videos,Desktop,Documents. But for my opinion it's prefer to Redirect only important folders like Desktop,My Documents and Favorites. In this example we use only Desktop,My Documents and Favorites.
- Create a New Folder with name FolderRedirection.
- Right click in Folder , Click in Properties.
- Follow the Steps 3 - 13 from the previous Section Configure Roaming Profiles file Share and Permissions.
After apply the security you have finish with the Folder Redirection file Sharing and Permissions. Now you must create Group Policies to enable Roaming Profiles and Folder Redirection in the Users.
Create GPO for Roaming Profiles and Folder Redirection.
- Login in your Domain Controller and open the Group Policy Management.
- Create New Policy
Computer Configuration - - > Policies - - > Administrative Templates - - > Windows Componets - - > Remote Desktop Services - - > Remote Desktop Session Host - - > Profiles
From the right Side Enable Set Pah for Remote Desktop Service User Roaming Profile and give the UNC path of RoamingProfile$ folder.
- Because except from the user that own the User profile nobody has access in the Roaming User Profile folder you can enable the folloing GPO to has access in all Profiles.
Computer Configuration - - > Policies - - > Administrative Templates - - > System - - > User Profiles - - > Add the Administrator security group to roaming profiles.
- Go in the Organization Unit that has your Servers and Link the existing GPO and in the Security Filtering add the Computenames of Remote Desktop Servers.
- After create the GPO for Roaming Profiles create a new GPO for Folder Redirection
- User Configuration - - > Policies - - > Windows Settings - - > Folder Redirection
- Right Click in Desktop and select Properties
- In Settings Select the Basic - Redirect's Everyone folder in the same location.
- In Tareget folder Location go in Root Path and give the UNC of the FolderRedirection$ folder.
- Select Tab Settings and uncheck the Grant the user exclusive rights to AppData(Roaming)
- Click Ok.
Do the Same Steps for Documents and FavoritesFolders.
- After finish with the Folders of Folder Redirection go in Organiation Unit that has the Users which will be connected in Remote Desktop Servers and link the Folder Redirection Policy.
- Also go in Security Filtering of the Folder Redirection Policy and Add the Group or the users that will be connected in Remote Desktop Servers.
Enable Quota for User Profiles
This step is optional but will help to have better manage in User Profile Sizes. If you would like to enable Quota for every User profile then follow the instruction
- Right click in the Local Disk which keep Roaming Profile and Folder Redirection Folders.
- Click Properties and Select Tab Quota
- Click Show Quota Settings.
- Check Enable Quoata Management and if you want you can check the option Deny disk space to users exceeded quota limit.
- Check Limit Disk Space to and set the GB that you want to Limit your Disk space.
- Do the same thing for Set warning Level to..
- These Settings are for the Quota Limit for thespecific Partition.
- Click in Quota Entries and will see an entry with the Administrator User.
- For every user that will be login in Remote Desktop Servers and apply the Roaming Profiles and Folder Redirection Policy you will see a new entry with the username. Double click in the user and you can limit the size of User Profile.
Enable Aero Theme in Remote Desktop Servers.
Now it's time to give best User Experience. So to enable the Aero Theme follow the Steps.
Note that in Part 1 when Install RD Session Host Role Service we have enable Desktop Experience. If you don't you must enable Desktop Experience in your Remote Desktop Servers. Go back in Part 1 to read How to enable.
Follow the Steps to setup the Servers to support Aero Glass
- Enable Desktop Experience Feature from the Server Manager (Already Enable from the Part 1 )
- Start the Theme Service and set to Automatic
- Create a new Policy
ComputerConfiguration\AdministrativeTemplates\WindowsComponents\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment”
Enable the Allow desktop composition for remote desktop sessions.
Link the Group Policy in your Server Organization Unit and add the Computer Names of Remote Desktop Servers in Security Filtering
In Server Manager, go to RD Session Host Configuration under Remote Desktop Services role, right-click on the connection to bring up RDP-Tcp Properties
Uncheck Limit Maximum Color Deptt from Remote Desktop Session Host Configuration.
Follow the Steps to setup the Clients to support Aero Glass.
- Open the Remote Desktop Connect
- Click in Show Options and be sure that
In Tab Display it's selected Highest Quality (32bit)
In Tab Experience check all the options or choose the LAN (10Mbps or higher)
Enable Audio in Remote Desktop Servers
Follow the Steps to setup the Servers to support Audio
- Enable Audio and Vide Playback Feature from the Server Manager (Already Enable it from the Part 1 )
Follow the Steps to setup the Clients to support Audio.
- Open the Remote Desktop Connect
- Click in Show Options.
In Tab Local Resource in Remoe Audio click Settings and check the Play on this Computer.
Enable DPI Settings for the Remote Desktop Users
If you want to enable DPI Settings in Remote Desktop Servers you must setup a Hotfix from Microsoft. Just to know that after complete the installation must restart the Servers. Download the hotfix from https://support.microsoft.com/en-us/kb/2726399.
After DPI Settings will be available for every user separate.
Customize Outlook for better Perfomance
It's recommeneded to Disable all the unecessary Add-ins from the Outlook when Users works in Remote Desktop Enviroemnt to prevent perfomance issue. I have already done for 70 users believe i don;t have any problem with Outlook perfomance.
- Open the Outlook go in File - - > Options and select from the left Side Add-Ins.
- Click in the Button Go and Uncheck all the unecessary Add-Ins. Keep only the Microsoft Exchange Add-In and Microsoft VBA for Outlook Add-in.
This was the last Part. We are ready to move users in Remote Desktop Servers and give best User Experience with the Most Important to Keep good Perfomance. Of course the Perfomance in Remote Desktop Enviroments has to do with a lot of Options. But one of them is the right Configuration of all the Services and Options that need to work Remote Desktop Servers smoothly.
I have face situation with 50 users to connect 3 and 4 Remote Desktop Servers in Farm and has problems with Perfomance. So the first thing before start is the right Configuration of the Servers.
This is for now and i hope to enjoy and the 3 Parts of the Article.
Have a nice weekend !!!