2012 R2 RDS Shadowing "Permissions"

Similar Messages

• 2012 R2 RDS Shadowing from Server Manager - how to view client computer names

  Hello,
  I have a 2012R2 RDS session based deployment. We have a few generic user accounts for a production environment where a group of users uses the same username to start multiple RDS sessions. This creates a bit of a challenge when support has to shadow one
  of those sessions because they all appear with the same name: domain\username. The Connections pane in RDS (Server manager) does not list client computer name, which would be the distinguishing factor. The old version of the RDS console (remote
  desktop manager) had this information. Citrix appears to have it as well. Is there a way around this limitation in 2012R2 Server Manager?
  Thanks

  Hi,
  As far as I know, there are two ways.
  1. Use the Task Manager. In the Users Tab, you can see the client name.
  http://social.technet.microsoft.com/Forums/en-US/1d571c01-69ff-4508-af0f-d7eeecd806b6/forum-faq-how-to-manage-rds-user-connections-and-processes-in-a-rds-2012-deployment?forum=winserverTS
  2. Use the Terminal Services PowerShell Module. With the Get-TSSession in PowerShell, we can get the detailed information.
  http://archive.msdn.microsoft.com/PSTerminalServices
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Windows Server 2012 R2 RDS: RDS Users are unable to delete files from their desktop

  Hello,
  We are working with Windows Server 2012 R2 RDS. We also implemented User Profile Disks. This is all working fine without problems. The only issue I have is that normal users are unable to delete files from their desktop. They are getting a message:
  you'll need administrator permission to delete this file, with the prompt for administrator access.
  They can edit, copy, rename, cut and paste files. But they cannot delete a file from their desktop.
  I checked the security permissions of the files on the desktop (for example a normal self-created PDF file) and the users are owner and have "Full Control" over the files.
  I checked the file permissions and took a look under "Advanced", selecting the specific domain user and checked the "Advanced Permissions" and the user has the "Delete" option checked. So he should be able to delete the
  file.
  I am guessing this is UPD related issue, or something in GPO. But I already unlinked the GPO objects, that I felt could be the source of this problem, but without results.
  Could someone give me a hint on where to look? It's kinda annoying to users, that they can't delete their own files.

  Hello Bria,
  What you should check first, is the NTFS permissions on the User Profile Disk to begin with. See if the user has full control over the items that are in the UPD.
  Also check the GPO's that are enabled for the user and computer account. You can check that by running: gpresult /h <path>\gpresult.html
  There are two GPO settings that could prevent the user from deleting his/her own items: 
  User
  Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows Explorer\
  Hide these specified drives in My Computer
  Prevent access to specified drives in My
  Computer
  There might be other GPO settings, that block deleting items on the UPD, but can't think of any out of my head.
  I can only think NTFS and GPO settings that might prevent the user from deleting items. In my case it was a GPO setting, that I didn't suspect.

• Server 2012 R2 RDS, User Profile Disks are created but local profiles are created as well. The UPDs aren't mounting correctly.

  2012 R2 RDS Deployment with RDCB HA and UPDs enabled. Everything was working fine with no issues until users started getting temporary profiles. Around the same time UPDs were being created but at the same time a user profile was created in C:\Users. 
  I actually rebuilt the entire RDS configuration except the SQL Server. It took about 5 hours and was not that big a deal but.... we still have the same issue! 
  Does anybody have the solution for this?

  Hi,
  In most cases, the issue is caused by locked UPD. And the workaround is to log off the user. Please check if it is the case.
  For example:
  RDS user profile disks - getting error temporary profile are being used as UPD are not accessible
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d4b66fc-b53f-435e-b036-142b6ed15d0b/rds-user-profile-disks-getting-error-temporary-profile-are-being-used-as-upd-are-not-accesible?forum=winserverTS
  Also, please check if you will get the temporary profile when logging on with a local account of the session host server.
  If issue persists, please check if there is any related error in Event Viewer and provide us for further research.
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• File Associations in 2012 R2 RDS Server using Roaming Profiles

  Background Information
  We recently moved from using 2008 R2 RDS servers to 2012 R2 RDS Servers. All of our users
  have roaming profiles. When we migrated from the old terminal servers to the
  new terminal servers, the users got completely new profiles. The only thing
  moved from their old profiles were documents and items on their desktops. We
  have multiple PDF viewers/editors installed on our RDS servers. Mostly due to
  the cost difference between Adobe Acrobat and other, cheaper products that a
  lot of our users can get away with using that don't need the functionality of
  Adobe Acrobat.
  The Problem
  Ever since moving to the new 2012 R2 RDS servers, whenever our users log off terminal
  server, the next time they log in their default PDF Viewer association doesn't
  load, and they have to go through the process of choosing a default PDF viewer.
  This only occurs when there's more than one PDF viewer installed on the server.
  We've tested it with only one PDF viewer program, and the setting remains after
  logging off and back on. The problem we've found is that the registry key that
  houses the default user choice:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice
  when set during the session, to Adobe Acrobat 11 for example, reads as such
  inside that registry key. For example, the Progid key will say
  Acrobat.Document.11 and this setting will persist until the user logs off. Upon
  logging off and back on to the terminal servers, if you look at that same
  Progid key, it has been converted in to a Hash value, and the Operating System
  is unable to read the hashed value and determine what that user's default PDF
  Viewer choice is, causing them to have to go through the process of setting it
  again.
  Things we've tried
  We created a GPO that runs a script that exports the registry key upon log off that has
  the non-hashed value, and have it set to import that value on log on. However,
  by default this registry key has the DENY WRITE permission applied to it, so
  when the system tries to import the registry key through the login script it is
  unable to do so. 
  Summary
  This issue only started happening once we moved over to 2012 R2 RDS servers. It only
  occurs for users using Roaming Profiles. It only occurs when we have multiple
  PDF Viewers installed on the servers. Any insight on why this is happening or
  how to resolve it would be greatly appreciated.

  I would use GPP to push the value, 'not hashed'. You can give right to the registry too, so like adding everyone group to that registry branch. (https://technet.microsoft.com/en-ca/library/cc753092.aspx)
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Deploy 2012 R2 RDS DMZ

  Hi,
  We are Looking to deploy 2012 R2 RDS  Environment in our compamy by deploying the Gateway and Web server in the DMZ and Host and in the Internal network   but would like to authenticate using the internal  DC  so  my question is
  can we just use a Secure LDAP  hole to make the RDS  login process work?
  Leroy Wisdom

  Hi Leroy,
  Thank you for posting in Windows Server Forum.
  Firewall rules between the perimeter network (RD Gateway) and the internal network (domain controller) to authorize the user: 
  Server Protocol = LDAP 
  For LDAP: Port = TCP: 389, UDP: 389 
  You can go through following article for step guides to setup RD Gateway deployment in perimeter network.
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Users Cannot Change Passwords on a Server 2012 R2 RDS Farm

  Hello I have a Server 2012 R2 RDS Farm consisting of 1 server that has connection broker and gateway configured and 4 RDS Session Hosts. The works great I even have a separate remote app farm to distribute the apps to the servers, my main issue is passwords
  and the lack of the EU ability to change these, listed below are my symptoms.
  Users password has expired denied logon instantly with no ability to change password.
  User tries to change password whilst in 30 day warning period using ctrl alt end the user is advised the password does not meet complexity requirements I have checked this and they do meet them.
  Expired passwords can be changed via the RDWeb site however this is not an option for us.
  Chris

  Hi,
  Firstly, based on my knowledge, remote users may have to change their passwords before expired. If not, they have to use OWA or logon on locally to change their passwords.
  Regarding the issue, please let us know if the following policies are enabled in your domain.
  Enforce password history
  Minimum password age
  Also, does a local domain user have the same issue?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Resizing User Profile Disks in Existing Server 2012 R2 RDS Deployment Question

  Once the initial maximum size is set and the VHDXs have been created in a Server 2012 R2 RDS deployment, will attempting to increase Collection's maximum UPD size by say.. issuing a Powershell command of:
  Set-RDSessionCollectionConfiguration -CollectionName MySpiffyNewCollection -MaxUserProfileDiskSizeGB 10
  over-write the existing VHDXs instead of simply increasing their size? (max size is currently 5GB)
  I'm not at a point where I can test this in a lab condition to find out, and I have not found this question asked (or at least not definitively answered) in this forum yet.
  -G

  Hi,
  Thank you for posting in Windows Server Forum.
  We can resize the UPD file with below command:
  Resize-VHD –Path c:\BaseVHDX.vhdx –SizeBytes 1TB
  After running this mount the .vhdx file and open disk manager and there will be unallocated disk, and then you can click extend disk/volume and its done.
  You can refer following article for more information.
  Resize User Profile Disks
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Multiple printers In Window 2012 R2 RDS

  Hi All,
  I have a windows server 2012 R2 RDS server.
  For some reason when users log in to the RDS server they see 100 printers in the Devices and printers.
  I had a look and all these printers belongs to all the users that connected on the network on other RDS servers.
  Do you know how I can remove them ?
  Regards,
  MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization,CCNA

  Hi Shimon,
  Thank you for posting in Windows Server Forum.
  In respect to your issue there is one KB but it’s for server 2008 R2. Are you using Remote Desktop Easy Print for your environment?
  This issue occurs because the Print Spooler adds a registry entry for each redirected printer under the following registry subkey for the user, and for all users logged on to the RD Session Host server:
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices
  This behavior occurs if you do not use the Remote Desktop Easy Print feature.
  More information for reference.
  KB 2620656
  In addition, you can configure GPO policy where we can set the default printer per user session. For more information refer
  this article.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• How to add Windows 2012 R2 RDS to Existing Windows 2008 R2 Terminal Server

  I currently have a Windows 2008 R2 Terminal Server running and I am looking to add a Windows Server 2012 R2 server to it. All I see when I google the setup is only for Windows Server 2012 R2 RDS, cant find anything to integrate with a current 2008 R2 Terminal
  Server.
  Can anyone help with this or point me to a blog I possibly missed?
  Thanks.

  Hi,
  Thanks for your comment.
  Yeah, agree with diramoh; as already commented. If you want user session from RDS Server 2012 R2 then you need to  install RDS License role on server 2012 R2, purchase and install RDS CAL (per user or per device) according your requirement and then you
  can use user session for server 2012 R2 and also for lower version. 
  But as you already have Server 2008 R2 RDS CAL, then with that you can simply access lower version but can’t manage Server 2012\R2. 
  For more information, you can refer following document.
  Licensing
  Windows Server 2012 R2 Remote Desktop Services
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• 2012 r2 rds deployment cannot connect to sql server after reboot

  We have a ha connection broker setup with 2 connection brokers and everything was working fine up untill the servers were rebooted for updates. Now users cannot connect to thier collections and I have an error in the event log that the deployment could not
  connect to the sql database.
  at this point I am assume that the issue is related to security. I am able to query the database as admin from the effected servers and other services that use other databases in the same sql instance are no5 having issues.
  I have checked the security group that both cb servers should be in and they are in the group and the group has sysadmin and dbo within sql
  any ideas?
  Please remember to mark my replies as answers if they help

  Hi,
  Thank you for posting in Windows Server Forum.
  Can you please create the database manually with below command and verify.
  PS C:\> Set-RDConnectionBrokerHighAvailability –DatabaseConnectionString
   "DRIVER=SQL Server Native Client 11.0;SERVER=<SQL Server
   Name>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;
  DATABASE=<DB Name>" -DatabaseFilePath "C:\DbFiles\<DbName>.mdf"
   -ClientAccessName "<DNS RR Name>"
  Grant DBO permissions to the service account on the RDS server and try to run your wizard again.
  More information.
  RD Connection Broker High Availability in Windows Server 2012
  http://blogs.msdn.com/b/rds/archive/2012/06/27/rd-connection-broker-high-availability-in-windows-server-2012.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Windows Server 2012 R2 RDS + User profile Disks + App-V = Explorer.exe crashing all of the time

  I have built a new RDS farm on Windows Server 2012 R2 with two Session Hosts and a combined Connect Broker/Web Access server. I had the farm up and running with User Profile Disks and all seemed OK. However, as soon as I installed the App-V 5.0 SP2 RDS
  client on the session hosts, the explorer.exe process started crashing for any user logging in via the Web Access site. The process crashes and restarts every five to ten seconds. It's the same for administrators. If they log in via Web Access explorer.exe
  crashes, but if they RDP directly to one of the session hosts explorer.exe is fine. If I reboot the session hosts, then the first user to log in via Web Access has a stable desktop session (and appears to have a new profile as well). However, if that user
  logs out and back in again, explorer.exe starts crashing again. The only applications I have packaged at the moment are Office 2013 and Firefox.
  I tried disabling User Profile Disks, but this caused a whole bunch of other problems and I eventually lost the ability to log in at all via Web Access (errors about the user profile service). As this is a small pre-production environment I completed scrapped
  all of the servers and rebuilt from scratch. Again, everything appeared fine until I installed the App-V client, then explorer.exe started crashing repeatedly for all users.
  Has anyone come across this issue before? I have tried installing the App-V 5.0 SP2 Hotfix Package 2, but this didn't help. I have read in a few forums that App-V doesn't work very well with User Profile Desks, but I have not heard of this particular issue.
  Similarly, SP2 seems to have a lot of problems, so I am going to try removing App-V RDp Client SP2 and installing SP1. I ahev also deleted User Profile Disks for the test users to recreate their profiles, but this didn't help either.
  Any other suggestions welcome!

  I forgot to include the application event log entry for explorer.exe crashing:
  Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
  Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
  Exception code: 0xc06d007e
  Fault offset: 0x0000000000005bf8
  Faulting process id: 0xae8
  Faulting application start time: 0x01cfab3a273787fd
  Faulting application path: C:\Windows\explorer.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: 69210d77-172d-11e4-80c6-0050560102d1
  Faulting package full name: 

• Error installing Office 2013 on Server 2012 R2 RDS - Error 25004: the product key you entered cannot be used on this machine

  Hi there,
  I really hope someone can help me as I am tearing my hair out trying to get this resolved!
  I am working on a Server 2012 R2 server with RDS running. Before it was turned into a RDS server it had a copy of Office 2010 running as a trial to see would it work for the accounting package that is running for users via Remote Desktop. Trial worked ok
  so it was converted into a RDS server. Now, as its a RDS it needs to run Office under a volume licence, which I have. However when trying to install I get the message: "Error 25004: the product key you entered cannot be used on this machine. this is most
  likely due to previous Office 2013 trials being installed on the system."
  In summary I have tried everything I can think of and find to remove all traces of the old Office from the machine but still this message persists. I have run the Fix It For Me uninstall from MS and it cannot find any Office installed. i have manually searched
  through all of the Windows directories including Program Files and AppData and removed all traces of Office from there, I have searched the registry and removed all I can find from there.
  Where or what file does the installer look at to see that a previous version was installed? 
  I cannot scrub this machine which I would have done long ago because there is another SQL Server based application running on it.
  Really really appreciate anyone that can help me on this,
  Thanks

  Hi,
  I have definitely heard your frustration, and I’ll try my best to help you.
  Since Office 2010 installed on it before, you need to remove Office 2010 completely.
  KB about this error:
  http://support2.microsoft.com/kb/2792178
  A similar issue is addressed here. Although this method is based on Office 2010, but we can have a try:
  http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Q_28475448.html
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Greta Ge
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Server 2012 R2 RDS- Only want the Session Host, Connection Broker and Licensing Server!

  Hi all,
  Wondering if anyone has experience with implementing Remote Desktop Services (RDS) on Windows Server 2012 R2.
  I am doing an RDS design for a platform where we only need an RDS Session Host, Licensing Server and Connection Broker. We do not need web access as these servers will simply be jump boxes internally!
  However, implementing this correctly in our test environment has proved to be tricky. The options are:
  Use the Server Manager and do a traditional install via Roles and Features ( specifically add the Session Host, Licensing Server and Connection Broker). The installation process seems to go through ok in this scenario but when I head over to the Remote
  Desktop Services section of the Server Manager I simply get the message 'An RDS Deployment does not exist in the server pool. To create a deployment head to Roles and Features'.
  Use the specific ‘Remote Desktop Services installation’ option on the Server Manager and do a Session Based Desktop deployment and Quick Start. This installation process seems to go through correctly and the Remote Desktop Section seems to be working
  correctly via the Server Manager. However this process is ‘hard locked’ i.e. it installs the session host, web access and connection broker. I can then remove the web access component later from Roles/ Features.
  Is there a best practice (if any) for installation? i.e. Will there be any issues down the line if I remove RDS Web Access from my server while following method 2?
  There is a complete lack of documentation from Microsoft here so not sure what to do! Just need a basic RDS session based deployment.

  Hi,
  As I know from server 2012\R2 the best deployment skill is to perform via “Remote Desktop Services” installation mode with Standard deployment and don’t let single role to install. Because when we install through RDS mode, there are specific extra tools and
  services activated along with that deployment which you can’t find with single role installation. And that is for sure, when we install RDS role as of this, by default we will get install RDCB, RDSH and RDWA role installed.
  Sorry don’t have any option to try to remove that role as that role basically needed for RemoteApp and Desktop purpose. But if you want then you can try it with help of “Remove-RDServer”Powershell command.
  https://technet.microsoft.com/en-us/library/jj215506.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Server 2012 R2 RDS Personal Collection -reuse VM names after a partial job failure

  I am currently testing RDS on server 2012 R2, and as part of the test I have built and rebuilt multiple collections of VMs. I have noticed that when creating a new JOB to build a personal collection, sometimes I get VM build failures on one host. The build
  failures are usually due to a networking issue, which I then resolve, but when I go to add/create the VMs that failed, the name of the VMs increment from the last VM, and they don't re-use the failed names. I want to be able to reuse/build the VMs that
  failed.
  eg.
  VM-01, VM-02, VM-03 - On HOST-01 all work
  VM-04, VM-05, VM-06 - On HOST-02 fail
  VM-07, VM-08, VM-09 - On HOST-03 all work
  So on this example, when I re-run the job to build the missing/failed VMs, it would build  VM-10, VM-11, VM-12 on HOST-02.
  Is there a way to reset, or reuse the failed VM names, in the example above that would be VM-04, VM-05, and VM-06?
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  For a try you can use powershell command for RD VDI infrastructure.
  New-RDVirtualDesktopCollection -CollectionName "ITCamp" -PooledManaged -StorageType CentralSmbShareStorage -VirtualDesktopAllocation 5 -VirtualDesktopTemplateHostServer $VHost -VirtualDesktopTemplateName $VDITemplateVM -ConnectionBroker $RDBroker -Domain “contoso.com”
  -Force -MaxUserProfileDiskSizeGB 40 -CentralStoragePath”\\fileserver1\NormalVMs” -VirtualDesktopNamePrefix "ITC" -OU “VDICampUsers” -UserProfileDiskPath \\fileserver1\NormalProfiles
  More information.
  Lab Ops 7 – Setting up a pooled VDI collection in Windows Server 2012 R2
  http://blogs.technet.com/b/andrew/archive/2013/10/28/lab-ops-4-windows-8-1-windows-2012r2-vdi.aspx
  Also check that when setting up RDS, there needs to be a Physical NIC with IP for the creation of a RDS vSwitch. If this vswitch does not exist, the creation of the MV's will fail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki