Forum Discussion
Start Menu Layout Group Policy
According to your screenshot, you try to use the layout.xml for your terminal servers. Some things to consider that might give your troubles:
- Make sure all users that logon to your session hosts have read access to the fileshare
- Make sure that you enabled group policy loopback processing for the session host computers. To apply a user policy to all users that logon to a specific computer, you have to place the policy-object in the OU-path of the computer and set gpo-loopback processing accordingly on the computer-policy for the computer.
- Check for a user who gets the layout not applied if the gpo is applied at least (use gpresult /r as the problematic user)
- Change the timestamp on the xml-file. If a user already got a layout-xml applied (does not matter when or where), it will only reapply a new layout.xml if the timestamp on the file is newer than the previous one that got applied. You can use (get-item <pathtoxml>).LastWriteTime = Get-Date for this.
Thank you for your help!
1. For the folder and XML file, I have sharing for Everyone set to Read
2. Not sure how to set the loopback, I read about setting it in GPO but I could not find the option to set loopback. Any help here please?
3. Here is what it shows when I do gpresult /r
4.
The command for the file-timestamp is wrong in your screenshot (you missed a dot and there should be = instead of - 😞
(Get-Item \\DC01\Shared\IT\Layouts\layout.xml).LastWriteTime = Get-DateIf "Local Group Policy" is the only applied user policy, then missing loopback-processing may be your problem. As the startmenu layout setting is a user-policy, it need to be applied to user-objects, not computer-objects.
If you want to apply it for users only when logging on to your session hosts, you have to use loopbackup processing. This in effect tells a user account logging on to the computer to process any user-policy in the OU-Path of the computer-object. Be careful if you have more user-policies in this path, as all of them will apply to the user when you enable loopback processing.
To enable this set in the session-hosts computer-policy object the following:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy -> Configure user Group Policy loopback processing modeSet this to enabled and the mode to "Merge". This will process any user-policy object in the path of your session host for all users logging on to it. The user policies will get merged with your normal user policies. Be careful if you never worked with loopback processing before. Check all GPOs that lie in the OU-Path of your session hosts AND your users for any user-policy-setting you might not be aware of.
To sum it up: Apply a gpo with the above setting to your session host computers. Then apply a gpo with the user setting for the start menu layout xml anywhere in the OU-path of your session hosts. This should apply the gpo to all users logging on to the session host (after running gpupdate /force on the session hosts of course).
I corrected the command in PowerShell and now it says cannot access due to another process accessing the file. I am assuming that is the GPO?
For the Loopback GPO, do I want to make a GPO just for the Loopback or can I add the Loopback policy to the Start Menu GPO that I made?
The File is open as long as a user is logged on and using it. You can only alter the xml-file when no user is using it.
Regarding where to put the policy setting: For best practices you should never mix computer-policies and user polices. You should use seperate user-policy objects and seperate computer-policy objects.
GPO-Design is a complicated topic though and as I can't know your adds- and gpo-design principals I really can't tell you where to put it in your environment.
It will work if you put it in the same gpo as the startmenu setting and then make sure you apply this policy to all your session hosts. The session host itself is a computer-object, and as such will only apply the computer-policies from the gpo (the loopback-processing setting). Every user that logs on to the session host will evaluate all user-policy settings that can be found in the path to the session host object in ADDS and apply them (the startmenu layout setting).