Just publish that application in particular on those 2 servers to those 2 groups from AD within Citrix.
Hi,
I'm assuming you want to direct particular AD group members to a desktop session on a target server intended for that AD group - not for publishing individual applications (not pretty with pure TS on W2K3).
If so, you could use a logon script (in a GPO that's attached to the OU containing the user group) that maps a network drive containing an RDP connection file that targets the appropriate TS server. Alternatively, you could have the logon script copy an RDP connection file to the client Desktop folder.
REM Example Accounting Logon Script:
@echo off
copy /y \\server\share\accounting.rdp %userprofile%\Desktop\StartTS.rdp
REM Optionally auto-launch a connection - just remove REM
REM mstsc /v:%userprofile%\Desktop\StartTS.rdp
I'd really encourage you to look at upgrading to Windows Server 2008 R2 (when available) as you'll get a whole lot closer to Citrix capabilites if you do.
Alan Osborne
President (MCSE, CCNA, VCP, CCA)
VCIT Consulting - Citrix/Terminal Services Remote Desktop Solutions for SMB
VCIT website My Blog
Thanks for the replies, guys.
Alan, that's correct, I am looking to host specific users' sessions on a particular server; not for app publishing needs.
If I auto-launch the RDP session in the script as you've described, wouldn't that create a session-with-a-session, because the user has already logged into the first session to get this logon script?
Thanks for your help,
Jeff
Not if you run the script on the client-side only :-)
You just need to make sure that you're not running the script within the user session on the TS servers, only on the client machines. You can do that via Group Policy.
If the client machines are not joined to your domain, there are a number of ways you can distribute the RDP files. One option would be to use a local logon script to retrieve an RDP file from a remote web server. Other options - email, web server, replication software (i.e. Windows Live Sync), etc.
Remote Desktop Web Connection (sometimes called TSWeb) is another option, although to be honest it's not very good out of the box:
http://www.petri.co.il/install_remote_desktp_web_connection_on_windows_server_2003.htm
http://www.microsoft.com/downloads/details.aspx?familyid=e2ff8fb5-97ff-47bc-bacc-92283b52b310
I haven't used it in a long time, but my recollection is that the sample website has a drop down box to choose the screen size. If you select a screen size, the RDP session is embedded within the IE browser window. However, if you do not select a screen size, the RDP session will run full screen. The sample website could be recoded to include connection areas for each of your departments.
Here are a few ideas on how to customize it:
http://www.datadr.net/index.php?option=com_content&task=view&id=15&Itemid=35
Thanks, Alan, for the info there - It's been a long time since I've used TSWeb, so I will take a look again and see if I can get some use out of it.
My workstation clients are becoming mostly Linux-OS based (PXE boot) and increasingly remote, so a GPO is out, since the underlying OS will be enough Ubuntu to provide an RDP session (we're using the open-source MultiFrame). However, I might be able to front-end the RDP session with a MultiFrame-generated logon box that then runs a script that checks AD group membership (via LDAP calls) and does a pass-thru (cached credentials) logon to the server/farm of my choice, based upon the AD group.
I am also going to demo Win2k8R2 to see how that goes.
Thanks for your suggestions and valuable info!
You're welcome, good luck with the project. I'm available for consulting if you feel you could use some assistance. You can reach me via the contact page of my website below.