Controlling permissions to applications available via redirected desktop or start menu

Reading Time: 2 minutes

I have seen lots of environments where administrators have setup several start menu or desktop redirected folders for different departments with an organisation.

For example:
Sage Payroll should only be available for the Payroll department, so therefore a redirected start menu folder is setup for the payroll department. Another redirected start menu folder may be setup for the I.T department and so on. At the end you may have several redirected start menu and desktop folders which can look messy and become difficult to manage.

Microsoft do have a tool available which will make your life much easier and allow you to use one start menu or desktop folder for all users. You can make shortcuts available to users depending on what security groups they are part of. So you have one redirected start menu folder for all users but only make apps available which they need to use, and this is all controlled by Security Groups.

The tool is Share and Storage Management which is part of Windows Server 2008 and replaces File Server Management tool in Windows Server 2003.

To add the feature to a Windows 2008 server:

1. Start the Server Manager
2. Click Roles
3. Click Add Roles
4. Select File Services and click the Next button
5. Select File Server Resource Manager
6. Decide which volumes you would like to monitor and configure the rest as required
7. When done, the File Server Resource Manager and the Share and Storage Management tools are installed

To configure the feature

1. Access Share and Storage Management tools via programs, administrative tools
2. Right click on the share, for example startmenu if you have one
3. Click Properties
4. Click the advanced button
5. Click ‘Enable Access-Based enumeration’ and click OK
6. Click the permissions tab and setup share permissions and NTFS permission as required. If its for a redirected start or desktop folder, you may want to allow users
read only access.
7. Click OK when done
8. Now access your redirected start menu folder where ever it is setup, right click on a shortcut, for example Sage Payroll and add the Sage Security Group to the security tab. The result is, the Sage Payroll application shortcut
will only be visible to users within the Sage Security Group.