Description: C:\Users\Graeme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\Candy Technote-small.jpgCandy and Servers

Introduction

This is an accumulation of Microsoft products and features that can be used to run Candy in a Remote Desktop or Virtual Environment.

Domain Controller

A domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain.

Active Directory

An Active Directory Structure is an arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups).

Active Directory Users and Computers

This is where you will find a list of Users & Computers in a domain.

Users can be created, removed or modified here.

Security Groups can also be created here to create permissions for users at a later stage e.g. network shares, remote logins or group policies.

There are a number of default groups and users created in AD by default but an administrator can create their own.

Example

In the Example below the domains name is Arthur.lab there are a number of groups that have been created besides the default. Users have also been created and been assigned to groups.

Tree Structure

List of objects in the Users folder.


Users who are a member of the South Security Group.

Roaming Profiles and Folder Redirection

User settings and user files are typically stored in the local user profile, under the Users folder. The files in local user profiles can be accessed only from the current computer, which makes it difficult for users who use more than one computer to work with their data and synchronize settings between multiple computers. Two technologies exist to address this problem: Roaming Profiles and Folder Redirection. Both technologies have their advantages, and they can be used separately or together to create a seamless user experience from one computer to another. They also provide additional options for administrators managing user data.

Folder Redirection lets administrators redirect the path of a folder to a new location. The location can be a folder on the local computer or a directory on a network file share. Users can work with documents on a server as if the documents were based on a local drive. The documents in the folder are available to the user from any computer on the network. Folder Redirection is located under Windows Settings in the console tree when you edit domain-based Group Policy by using the Group Policy Management Console (GPMC). The path is [Group Policy Object Name]\User Configuration\Policies\Windows Settings\Folder Redirection.

Profile redirection

Profile redirection can be done from Active Directory Users and Computers. Multiple users can be redirected to the same location by selecting multiple users in the object window and then going to properties and then the profile tab.

This is an example of a single user profile (E1) which has been redirected to a network location. The user has also been given a network home folder mapped to drive H:

Folder redirection

This can be used for the windows user folders shown in the tree structure below. Redirecting user folders can be useful if you do not want all the users large data e.g. pictures, documents and videos to be stored in the same location as their profile settings e.g. desktop background, folder view settings and other windows settings.

Remote Desktop Services

 

Registry Settings

Using a Group Policy it is possible to create, update, replace or delete a registry setting for a user, group of users or computer.

 

Detecting Roaming profiles and other useful settings

Very good info about user profile structure: https://technet.microsoft.com/en-us/library/cc775560(v=ws.10).aspx

Local Machine is set to clear Roaming cache at logoff
Registry key used to delete a Roaming profile after logout. HKLM\Software\Policies\Microsoft\Windows\System\DeleteRoamingCache

Possible ways to check for a roaming profile programmatically

https://social.technet.microsoft.com/Forums/windowsserver/en-US/efa7a5b9-aeeb-4961-b2f2-88ee70d065f1/detect-roaming-profile?forum=winservergen

http://stackoverflow.com/questions/1200173/how-to-check-if-the-currently-logged-on-user-is-using-roaming-profile