Installing and configuring a terminal server on Windows Server + Optimizing settings for 1C part 2

Foreword

In the first part, we successfully deployed the "Windows Terminal Server" role and started configuring it. We figured out the methods of organizing the storage of user data and decided which of this we will use. Let's get started with the setup.





Configuring storage of personal data of users

To activate user profile disks, go to Remote Desktop Services> in the Properties section, open the Tasks menu> edit properties> User profile disks





We put the flag opposite "Enable user profile disks"





We indicate the path to the directory on the file server where the VXDX profile disks will be stored, and indicate the size of 1 GB (We do not need more space, since very little data will be stored in the disk, but you cannot make less than 1 GB) and click Apply





As a result, a basic disk will be created in the specified directory on the basis of which profile disks will be created.





Fixing the problem with chrome





When using profile disks in Google Chrome, the Error COULD NOT GET TEMP DIRECTORY error occurs, this is due to the fact that chrome cannot access the shared TEMP folder, therefore we will move it to another location and give it rights





You need to configure a GPO that does two things:





, , C: TEMP TEMP TMP , .





1 - TEMP:





2 - :





" "









> > Windows >





>









  • .









  • (!: )





" "









. .





> > > windows > > >





















> > > Windows >









  • Windows,









  • « » «»





  • «» «»





  • «»





  • « » « »





  • « » « »





  • « »





  • «» «»





.









> > > ""





, . , , .





2





1

" Windows" exe "





, ( windows )









  • , EXE ( CryptoPro, .)





  • " " ,





  • ( exe, ? )

















> > > " Windows"









> "" > . , .









> > Windows > > >





. ! " " ...."













- , " " "





" " ( )





2

AppLocker





. , .





,





> Windows > > >applocker > >













> Windows > > >applocker " "













> Microsoft > Windows > AppLocker > EXE DLL ,













>





, , ,





























>





,





After that, in the properties of the applocker, switch "Audit only" to "Enforcement of rules"





As a result of these actions, we have effective storage of user data, and the initially configured security of the terminal server









And again I ran out of letters) we will continue in the next part, consider setting up 1c, differentiating access to databases, increase the performance of 1c on the terminal server in two, in general we will continue in the next part




















All Articles