Configuring Remote Desktop Services Profile settings for users



A user profile describes the configuration for a specific user, including the user’s environment and preference settings. You can specify a Remote Desktop Services-specific profile path and home folder for a user connecting to a Remote Desktop Session Host server. This profile and home folder will obviously only be used, when you connect to a server through Remote Desktop Services.

In this blog post we will look at a couple of ways to configure these settings for Active Directory users.

1. Using Active Directory Users and Computers

1.1 Open the properties sheet of a user account
1.2 Choose the Remote Desktop Services Profile tab
1.3 Here you can define the settings for a single user
tsprofile0

2. Configuring these settings for all users in an OU (and it’s child OUs)

As we all know, since the introduction of PowerShell 2.0, a PowerShell module for Active Directory was introduced. Sadly, there are no Remote Desktop Services Profile related attributes associated with a user object. Therefore we are not able to configure RDS profile settings with the Active Directory module, and we have to resort to using methods introduced with PowerShell 1.0 to achieve our goal.

The following script will change the profile Settings for all users in the User Accounts OU, to the settings specified in the script.

$ObjFilter = “(&(objectCategory=person)(objectCategory=User))”
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = “LDAP://ou=user accounts,dc=contoso,dc=com”
$objSearch.SearchScope = “OneLevel”
$AllObj = $objSearch.FindAll()
foreach ($Obj in $AllObj)
{
$objItemS = $Obj.Properties
$UserDN = $objItemS.distinguishedname
$userSAM = $objItems.samaccountname
$user = [ADSI] “LDAP://$userDN”
$TShdriveValue = “H:”
$TShdValue = “\\Server10\tshomedrive$\$usersam”
$TSppValue = “\\Server10\tsprofiles$\$usersam”
$user.psbase.invokeSet(“TerminalServicesProfilePath”,$TSppValue)
$user.psbase.invokeSet(“TerminalServicesHomeDirectory”,$TShdValue)
$user.psbase.invokeSet(“TerminalServicesHomeDrive”,$TShdriveValue)
$user.setinfo()
}

Taking a look at the script, you will quickly discover how you can change the script to fit your needs.

Here you can define in which OU, the users whos settings you want to change, reside in.

$objSearch.SearchRoot = “LDAP://ou=user accounts,dc=contoso,dc=com”

On the SearchScope, you can define OneLevel (will only change settings for users in the specified OU) or Subtree (will change settings for users in the specified OU and all of it’s child OUs).

$objSearch.SearchScope = “OneLevel”

This is where the settings are defined. They are pretty much self-explanatory

$TShdriveValue = “H:”
$TShdValue = “\\Server10\tshomedrive$\$usersam”
$TSppValue = “\\Server10\tsprofiles$\$usersam”

3. Using Group Policy

3.1 Browse to the following settings in a Group Policy Object

Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote
Desktop Session Host\Profiles

3.2 Settings for User Home Directory
tsprofile1

3.3 Settings for Roaming User Profile
tsprofile2

3.4 Settings for whether you want to define a mandatory profile or not
tsprofile3

3.5 Settings for Roaming User Profile Cache
tsprofile4

The settings defined in Group Policy, are as you can see, set in the Computer Configuration portion of a GPO, these settings are therefore applied to computers and not users. They will take precedence over settings specified for users (in AD Users and Groups).

Additional Resources
Technet: Searching Active Directory with PowerShell 1.0
Technet: User Profiles on Windows Server 2008 R2 Remote Desktop Services

This entry was posted in Active Directory, Microsoft, Powershell, Windows Server, Windows Server 2008R2 and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback.

Leave a Reply

Your email address will not be published. Required fields are marked *

Your email address will never be published.

Captcha * Time limit is exhausted. Please reload the CAPTCHA.