0

Windows Server 2003 Domain Controller and Windows XP workstations:

Active Directory Users and Computers/Users/User/Properties/Environment/Client devices
Connect client drives at logon
Connect client printers at logon

Shouldn't the above Terminal Services settings in Active Directory override the end user Remote Desktop client settings?

In our environment the end user Remote Desktop Client settings take precedence. If printing is disabled on the client but enabled in the user's AD profile then printing is not available.

Is this working by design or can I change something to allow the user environment settings in AD to override the end user settings RDC settings?

caleban
  • 1,116
  • 4
  • 18
  • 34
  • is the user in the correct ou? – tony roth Jun 15 '10 at 19:03
  • Yes. The user is in the correct OU. I've tried with several users and created a new user to test. But does this matter? I don't think it would but perhaps I'm wrong. The settings I'm referring to aren't in a GPO they're in the actual user's AD Users and Computers User properties. – caleban Jun 15 '10 at 19:14
  • darn your right, don't work with ts properties much! – tony roth Jun 15 '10 at 20:48

2 Answers2

1

AFAIK, you can disable things through group policies, and user TS settings, but there is no way to force them to be enabled. If client device connections is disabled anywhere, then it will be disabled. This is basically a case where a DENY will take precedence.

With 2008r2 servers and the TS gateway I believe you can force recent (win 7) clients to enable device mapping or they will not be able to connect at all, but since your using Windows 2003 and XP I don't believe there is anything you can do on the server to force them to allow client device mapping.

How are your users connecting to the terminal server? Why don't you just give them an RDP file that has the client settings configured the way you want it?

Zoredache
  • 128,755
  • 40
  • 271
  • 413
1

The setting is "cooperative" in the sense that if you set the ADUC property to enabled and the user sets it to disabled in the RDP client, then it's disabled. You're setting it in ADUC, or GP, or TS so that the user is "allowed" access to that functionality but that doesn't "force" the setting in the RDP client.

"You can lead a horse to water but you can't make it drink."

Enabled settings need a corrsponding selection on the client side (drive redirection, printer redirection, etc).

Disabled settings are controlled strictly on the server side via ADUC, GP, or TS.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171