Designing Managed Multi-User Desktops
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
A multi-user desktop is a managed desktop that many users can use. In this configuration, users can partially configure the desktop. The multi-user desktop is ideal for computers that are set up for public access, such as computers in a library or school. The multi-user desktop gets heavy traffic and must be reliable and unbreakable. It must also be flexible enough to allow some customization. For example, students might need access to customized applications for instructional purposes and need to install applications that the network administrator publishes. You might also want to allow users to change their desktop wallpaper and color scheme.
However, you need to control the configuration of hardware and connection settings to maintain security. Multi-user computers often require certain tools, such as word processing software, spreadsheet software, or a development studio.
With the multi-user desktop configuration, users can do the following tasks:
Modify Internet Explorer and the desktop
Run assigned or published applications
Configure some Control Panel options
However, users cannot:
Use the Run command on the Start menuor at a command prompt.
Add, remove, or modify hardware devices.
In the multi-user environment, a user is unlikely to return to the same computer. Therefore, local copies of roaming user profiles that are cached on the computer are removed after the user logs off if the roaming user profile settings are successfully synchronized back to the server. Roaming user profiles use the My Documents and Application Data folders that are redirected to a network folder. However, users can log on even if their network profile is not available. In this case, the user receives a temporary profile that is based on the default profile.
The multi-user computer is assigned a set of core applications that is available to all users who log on to that particular computer. In addition, a wide variety of applications can be assigned to or published for users. Users cannot install from a disk, a CD-ROM, or an Internet location. To conserve disk space on the workstation, most applications must be configured to run from a network server. Start menu shortcuts and registry-based settings are configured when the user selects an application to install, but most of the files that are associated with an application remain on the server. The shared folders that store the applications can be configured for automatic caching for programs so that application files are cached at the workstation on first use.
Table 7.4 shows the desktop management features that are used to create a multi-user computing environment.
Table 7.4 Features of a Multi-User Desktop Configuration
| Feature | Specifics | Explanation |
|---|---|---|
Multiple users |
Per-user logon accounts |
Users share this computer at different times. Each user has a unique logon account. |
Roaming User Profiles |
Yes |
User settings are available from any computer and administrators can easily replace computers without losing their configuration. When the user logs off, the local cached version of the profile is removed to preserve disk space. |
Folder Redirection |
My Documents, Desktop, and Application Data folders |
User data is saved in shared folders on the network, and Group Policy prevents users from storing data locally. |
Ability for user to customize |
Some |
Most of the system is locked down, but some personal settings are available. |
Assigned applications |
Multiple |
Core applications that are common to all users are assigned to the computer. Other applications are available for on-demand installation by means of user assignment. |
Published applications |
Multiple |
Applications are available for users to install from Add or Remove Programs in Control Panel. |
Group Policy settings |
Yes |
Group Policy settings are used to create the managed environment. |