• Folder redirection
• Preferences
• Printer Management
Folder Redirection
• Folders that can be affected
– AppData
• Application specific user information
– Desktop
• Folders and shortcuts on the desktop
– Start Menu
• Program groups and shortcuts to programs
– Documents
• Default place to save and retrieve files
– Favorites
• Favorites
– Links
Folder Redirection
• Benefits
– Users that log into several different systems
– Content of these folders can be backed up
regularly
– Standardization of user desktops as it relates to
Desktop and Start Menu folders
Folder Redirection
• Basic Redirection: allows you to configure all
users to redirect to a common location
• Advanced Redirection: allows you to specify
unique paths for different groups.
Folder Redirection
• Redirect to the users home directory: redirects to
users home directory. Does not create a
subfolder
• Create a folder for each user under the root path:
this creates a folder after the redirected folder
within the path you specify
• Redirect to the following location: all users share
the same folder
• Redirect to the local user profile location: this
forces the folder back to the local profile
Folder Redirection
Folder Redirection
Group Policy Software Installation
• Group Policy Software Installation (GPSI)
– Install software packages via GPO
– Must contain *.MSI (Microsoft Software
Installation File)
– Can deploy to user or computer
– Two types of deployment:
• Assigned—Software is installed and completed when
the user runs the application for the first time
• Published—Software is made available in the Programs
application within Control Panel
Group Policy Software Installation
• Office Products:
– 2000-2003—No problems
– 2007-2010—crazy weird
• 2007 can only be installed to computer configuration
without issue
• Cannot create a MST file, must edit a config.xml file and
put it in the root directory of the deployment share
Printer Management Console
• Need to add the Print and Document Services
Role
• Features
– Add new drivers
– View printers with custom filters
– Manage printer settings and drivers
– Monitor printer status and configure alerts
– Connect to remote print servers
– Deploy printers via group policy
Remote Server Administration
• Remote Desktop Services
• Remote Desktop Connection
• Remote Desktop Protocol
• Remote Assistance
• Remote Server Administration T0ols.
Remote Desktop for Administration
• Default implementation of Remote Desktop
Services (formerly known as Terminal Services
in 2003 ((formerly formerly known as Terminal
Services-Remote Administration Mode in
Server 2000))
• Two administrators can be logged onto a
server a the same time performing remote
administration
Remote Desktop for Administration
• It’s also possible to configure a server as a
Remote Desktop Session Host server so that it
can run desktop applications for remote users.
– This is Terminal Services renamed!
• Two primary tools used for RDA are:
– Remote Desktop Connection
– Remote Desktop
Remote Desktop for Administration
• Three options
1. Don’t allow Connections to this computer: Obvious
2. Allow connections from computers running any version of
Remote Desktop (less secure): will allow RDC connections
from clients older than 6.0. Supports users connecting via
XP with older RDC.
3. Allow connections only from computers running Remote
Desktop with Network Level Authentication (more secure):
RDC 6.0 or higher available on Vista and Windows 7, can be
installed on XP running SP2 or later.
Remote Desktop for Administration
Remote Desktop for Administration
• When enabled, an exception is automagically
created in the firewall on the local system.
– Still uses port 3389
• Can be launched via command line or Run line
by using mstsc.exe
Mstsc.exe /v:svreddc1 Connect to server named svreddc1
Mstsc.exe /f Connect in full screen mode
Mstsc.exe /span Connect utilizing multiple monitors
Remote Desktop(RD) Gateway
• RD Gateway is used to allow connections to an
internal network via the Internet.
• When RD Gateway is enabled, users can
connect to resources on the internal network
from any Internet-connected device
• RD Gateway uses the RDP over HTTPS to
establish a secure, encrypted connection
between remote users and internal resources.
• Used to be named Terminal Services Gateway
on 2003
Remote Desktops
• A tool used to connect to remote computers
• Allows you to connect to multiple computers
at the same time and switch between
connections
• Can run one instance of the program with
multiple connections versus only one
connection in RDC.
• Must add feature through Remote Server
Administration Tools
Remote Desktops
Remote Assistance
• Used to be primarily used for desktop systems
• Not enabled by default on 2008 R2
• Useful for remote office support for servers
• Allows for remote control of system
• Generates invitation with password that can’t
be changed.
Remote Assistance
Windows Remote Management
Services
• Windows Remote Management Services
(WinRM) will allow you to issue any
command-line command from one computer
against another. It utilizes two commands
– The WinRM tool is executed on the remote server and
enables the server to listen and respond to WinRS
requests
– The WinRS tool is executed from the command line on a
desktop or other server accessed by an administrator. It
allows the administrator to execute any command-line
commands against the remote server
Windows Remote Services
• Enabling WinRM
– It is not enabled by default.
– RD Gateway enables WinRM
– Enabled by doing the following:
C:\WinRM quickconfig
– Prompts to allow following changes
• Create WinRM listener on http://* to access WS-Man
requests to any IP on this machine
• Enable the WinRM firewall exception
• Configure LocalAccountTokenFilterPolicy to grant
administrative rights remotely to local users.
Windows Remote Services
Verify settings by typing:
C:\WinRM enumerate WinRM/config/listener
Windows Remote Services
• Connect to server by typing:
C:\winrs –r:servername command
C:\winrs –r:w2k8r201 cmd
Remote Server Administration Tools
• RSAT replaces adminpack.
• Available in 32bit and 64bit
• Full access to administer network at your
desktop
• Can be used to administer 2003 domains, but
cannot use Active Directory Administrative
Center inherently. Requires secure web
services.