0

We are testing a Windows Server 2008 Standard Terminal Services mini-farm set up in VMWare to help manage a single application remote deployment. This application stores a LOT of settings in the per-user registry so we lose a lot of the benefits of terminal services (centralized app management, less user headaches, etc.) if we have the users log in as themselves. So, we have a single domain login (termsvc) that all the users login with. This feels bad for obvious reasons.

So, is there a way we can install (and more importantly: configure and continue to upgrade) this app ONCE and then "share" the registry with all the users so they can log in as themselves instead of all sharing a single login? Maybe have a single terminal services profile that these users share? What are our options here?

Thanks!

Matt Rogish
  • 1,512
  • 6
  • 25
  • 41

2 Answers2

2

Perhaps I am over-simplifying, but ...

1- ID the registry changes -- see this question for suggestions on how to do so. Edit out the "machine" section of the changes.

2- Use GPO or login script to publish those changes as each user logs on.

Community
  • 1
tomjedrz
  • 5,964
  • 1
  • 15
  • 26
  • 1
    This is a better idea than my "hack" answer, but I thought I'd give an alternative perspective for fun. *smile* – Evan Anderson Jun 24 '09 at 00:17
  • @evan .. thanks. It is kind of a hack as well. I suspect there is a TS way to publish an app just as they would like, but I don't know what it is. – tomjedrz Jun 24 '09 at 13:57
  • This is probably the way to go. Too bad implementing "ID the registry changes" isn't easier... Ugh. Thanks !! – Matt Rogish Jun 24 '09 at 19:15
2

I've done this with standard roaming user profiles and I have no reason to believe this won't work with a TS roaming profile. I'd love to hear what you find, though:

  • Assign a roaming profile to a test user.
  • Logon as the test user and prepare the profile as you'd like it to be.
  • Logoff and logon as an "Administrator" on some box.
  • Using RegEdit's "Load Hive" functionality, attach the "NTUSER.DAT" from the test user's roaming user profile to "HKEY_LOCAL_MACHINE\somethingorother" on some box.
  • Modify the permission on HKEY_LOCAL_MACHINE\somethingorother to include "Users - Full Control". Detach the hive.
  • Rename the "NTUSER.DAT" file in the test user's roaming user profile to "NTUSER.MAN".
  • Alter the permission on the test user's roaming user profile directory such that all the users to share the profile can read the folder and files (preferrably by using a group).
  • Assign the test user's roaming profile folder to one of the other affected users as a TS roaming profile.
  • Logon as the affected user with the TS roaming profile specified. Verify that they get the specially-prepared environment and that changes they make are not propogated back to the roaming user profile.

That should do what you want. I haven't done this little hack in a few years-- hopefully no service packs or other code changes "broke" the functionality. Give it a try and see.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328