Hi All,
I am setting up a new citrix farm and have an issue with my folder redirection in TS. It seems like i had this problem on another test farm but I cannot rememeber what I did to resolve it. I had read the docs on using GPO to redirect users home folder and the permissions and such. when a user is logged into citrix, in the tshome folder two directories are created. one directory is username.domain and the other is just username
My understanding is that TS first looks user an existing username.domain and it if its there uses it. if not, it creates it. i am a little stumped as to why the username without the .domain is being created. Can someone point me in the right direction?
Thanks,
R
Hi,
This typically occurs when you grant anything less than FC NTFS perms to the user on the redirected folder. You'll likely find that the folder with the domain name appended is created by the OS with the user receiving FC NTFS permissions and that it has only a WINDOWS sub-folder within it. I guess the user needs FC to the WINDOWS folder.
So, I typically setup the root folder that will contain user redirected folders with the following NTFS permissions:
Everyone - Create Folder/Append Data (This Folder Only) Everyone - List Folder/Read Data (This Folder Only) Everyone - Read Attributes (This Folder Only) Everyone - Traverse Folder/Execute File (This Folder Only) CREATOR OWNER - Full Control (Subfolders and Files Only) System - Full Control (This Folder, Subfolders and Files) Domain Admins - Full Control (This Folder, Subfolders and Files)
With the parent folder created, DO NOT create ANY folders for each user - let folder redirection create the folders for you. The above NTFS permissions on the parent folder will give the user FC rights on their own folders and no rights on any other user's folders.
Having said that, sometimes you don't want users to have FC NTFS permissions to their own folders. One example would be locking things down so that users cannot run executables from their own folders. A consequence of changing the permissions to accommodate this; however, is the issue you outlined in your post.
Alan OsbornePresident (MCSE, CCNA, VCP, CCA)VCIT Consulting - Citrix/Terminal Services Remote Desktop Solutions for SMBp: 604-288-7325c: 778-836-8025web: http://www.vcit.cablog: http://www.vcit.ca/wordpress
Hi Alan,
I actually have my tshome folder setup with those permission exactly, which is why i cannot understand why i am seeing this behaviour. And you are right the folder created with the .domain only has the windows folder in it. So I have been beating my head against a wall trying to figure out why this is happening when i do have my permissions set correctly.
Microsoft "fixed" this to deal with the situation where two users with identical user names from different domains have their TS profile folder or TS Home Folder in a common share:
http://support.microsoft.com/kb/821929/en-us
Towards the end of the KB article, you'll find a reference to the permission checking I mentioned. I believe they first incorporated this hotfix into a service pack with SP1.
I'm pretty sure MS changed TS Home Folder naming the same way, but that isn't mentioned in the article. This naming convention is only used when using Group Policy to assign the TS Home Folder. If you instead configure TS Home Folder location within the user object properties, you would manually specify \\server\sharename\%username% and thus no domain name is appended when the folder is created.
I've learned to live with having the TS Home Folder name in the format username.domain as I prefer to set this via Group Policy. The other option is to adhere to this same naming convention when you configure folder redirection if you want everything in the same place.
hmm...i am slightly confused by this. just for kicks, i assigned the everyone group FC of this share and the tshome folder. well, i am still getting two folders created!!
I am setting the TS home folder in my GPO, so it should be username.domain, i just cannot figure out why the other folder is also being created. i dont get it.
If you use a basic folder redirection policy, you specify the root folder under which all user redirected folders will be created. In this case, the folder name will be just the user name - no domain name appended.
I haven't tried it before, but if you want to have the user redirected folder in the format username.domain, then you should be able to use the option under basic folder redirection labelled "Redirect to the following location" and specify the path as:
\\server\share\%username%.%userdomain%
Rather than using the basic folder redirection option "Create a folder for each user under the root path" and specifying just the root path \\server\share
Good luck!
I must be missing something. I am using basic folder redirection with redirect everyone to same location and then create a folder for each user under the root path. I then supply the root path to the tshome directory.
I simply cannot understand why both folders are being created. I am replicating the EXACT same setup that I have in my production environment, but in the tshome those two folders are being created for one user, it just doesnt make any sense.
I'm having a similar issue in one of my clients' environment (although in others past, I've set the same GPO settings and haven't had any username.domain folders). I'm curious if the "username" folder that you're seeing created is actually your roaming profile folder.
That's the scenario I'm working through now. I've got the user profile set via GPO to "\\server\share\%username%\TSPROFILE" and the TSHome Folder set to "\\server\share" (which has worked in the past to give me a single, auto-creatd folder with both the profile and the TSHOME in the same directory AND map the TSHOME on first login).
I imagine if this were the case, you could test by disabling the roaming profile gpo and you'd see only a single folder created.