Sign in with
Sign up | Sign in
Your question

GPO Desktop Icon issues with Win 2003 Adv / Remote Desktop

Last response: in Windows 2000/NT
Share
March 29, 2006 9:24:48 PM

Good Afternoon,

After scouring through the various postings and Googling the internet, I cannot seem to locate an answer for my problem.

Recently, I was working on a customer's network which uses Windows 2003 Adv Server and Active Directory. Their users connect to one of three 2003 servers to access various applications via Remote Desktop.

Using an existing GPO for the domain, we went into User Configuration > Administrative Templates > Desktop > Active Desktop, and enabled the feature "Add/Delete items". With this setting enabled, we pointed to a specific network share that had several desktop shorcuts. The intent of this was to replace icons that end users may delete from their desktop. We gave Domain Admins R/W access, and everyone else R/O access to this folder, to prevent modification by an end user.

Our customer then decided that they no longer wished to use this feature, so we disabled it (and deleted the folder containing the shortcuts).

Here's the issue: An Administrator for the network has several shorcuts on their desktop (logged in under their User account - not Administrator). For some reason, all of their desktop icons are now replicating to other administrators' desktops.

I have checked on the AD Server and the other 3 servers (under Documents and Settings > All Users > Desktop and under Documents and Settings > All Users > Desktop), and cannot find these icons. I checked the GPO and cannot locate a problem causing this.

I'm at a complete loss, and the customer is wanting this resolved.

Anyone have a clue as to what has caused this?
March 31, 2006 6:15:12 PM

If you're using roaming profiles or a mandatory profile you could see this happen.

In that case, delete from the profile location. It may not be copying back up to delete the files on the roaming profile.

...

So someone logs in and they have the same icons as this other person?

I haven't touched GPOs in over a year but there might be one saying to use a certain Account for a standard desktop.

Try creating a test account and logging in to see if the icons appear. Log in locally to the computer, then into the domain to find out when the icons appear.
March 31, 2006 9:24:47 PM

This still appears to impact all users, logged on locally, or commected to the server via Remote Desktop. I have re-created the GPO from scratch (deleting the old GPO), and cannot resolve the issue.

However, it appears as if the Desktop is "mapped" to the folder where the desktop icons were being stored.

Let's say that a folder called "C:D esktop_Icons" exists on Server_B. The Group policy that "was" in place on Server_A said "Place icons on every user's desktop, using the icons located at \Server_BC$Desktop_Icons". Now that the policy no longer exists, no matter who logs on, it's as though everyone's desktop folder is stored directly on "C:D esktop_Icons"

I'm at a loss on this....
Related resources
April 3, 2006 4:46:47 AM

Change it to look locally.. where you mapped it to look at a share.. map it to look C:D oc & settingsall users.....

From the server, run gpupdate /f (that should force the update for everyone)
April 3, 2006 1:10:59 PM

No good. Set the GPO to point to the user's profile, then did a gpupdate /force. Had users logoff, and problems persist.

Any other ideas?
April 5, 2006 6:18:24 PM

You're adjusting the GPO at the highest level domain controller? Make sure that your other servers' GPOs aren't over writing the other one..

If you remove the GPO completely, does the problem go away?
April 5, 2006 6:41:39 PM

It's a small company, and only one Domain Controller. The GPO has been completely removed, and the issue is not resolved.

I actually had to hack the Registry. I went to (Among several other keys):

HKLM>Software>Microsoft>Windows>CurrentVersion>Explorer>User Shell Folders

...and changed the Desktop String to "%USERPROFILE%Desktop"

However, every time the registry editor was closed, the settings revert back (as if the GPO is still in place). To resolve this issue, I had to lock down permissions on the registry keys being modified. It's a crude way to resolve the issue, but it did the job.

I would be interested in other methods for resolving the issue though.
!