Step one: Creating the Start Menu
The easiest way to do this is to firstly create a Test OU in Active Directory and a Test user inside that OU. This means that when the testing is being done it won't have an knock-on effect to any live Start Menus being used by users on that terminal server.
Secondly, log on to the terminal server as the test user and start to create the custom Start Menu you would like, pinning the programs and applications you would like to the Start Menu.
At this point it's really important to make sure the shortcuts are accessible for any user that logs on to the terminal server.
To do this, right click and select "open file location". This will open up the folder where the file is actually located. If it points to a user profile in the address bar at the top, this shortcut will only be accessible to that one particular user as they will only have permission to that folder.
Once the Start Menu has been created log off and log back on as this essentially finalises and saves the Start Menu.
Step two: Applying the Start Menu
The next stage will be to copy the two files that the Start Menu uses into a location that is accessible for any user that needs the Start Menu applying.
To do this:
- On the Test User account go to C:Users[test user account that you createdAppDataLocalMicrosoftWindows.
- There will be two files at the bottom called: appsFolder.itemdata-ms / AppsFolder.itemdata-ms.bak
- Making sure these are the same size, copy them both into the root of the Domain Controller's NETLOGON folder as this tends to be accessible by everyone. In my case it was \KSDC01NETLOGON
- Once these are in here you need to create a batch file that runs when any user logs on, essentially creating a logon script and save this in the NETLOGON folder
- Any copy command can be used but xcopy tends to be the easiest
- The script needs to copy appsFolder.itemdata-ms and AppsFolder.itemdata-ms.bak from the NETLOGON folder to this location C:Users%username%AppDataLocalMicrosoftWindows. This script will overwrite any files that already exist and of course force that user to use the Start Menu that you created using the test user account
- "The syntax of the xcopy command is xcopy source [destination]
My two lines of script looked like this:
Xcopy/y\KSDC01netlogonappsFolder.itemdata-msC:Users%username%AppDataLocalMicrosoftWindows
Xcopy/y\KSDC01netlogonappsFolder.itemdata-ms.bakC:Users%username%AppDataLocalMicrosoftWindows
NOTE: I have a /y switch in there as this overwrites existing files automatically without prompting you, meaning it will always run without any user interaction.
In simple terms it's essentially "xcopy" followed by a space.
Followed by where you're copying from, followed by a space.
Followed by where you are copying too.
You can copy and paste the above lines and swap out the server name if needs be.
Step three: Creating the Group Policy
The next stage is to write a group policy and apply this to the OU with the users that need the Start Menu.
This can be added into the terminal server lockdown policy if you have one also. If you don't, this is the group policy that will be created.
- Create new GPO called Start Menu or anything of your choosing and right click and select Edit
- On the left hand side to this location: User Configuration > Windows Settings > Scripts
- Click on Scripts (Logon/Logoff) and on the box it open on the right, double click on Logon
- Once in there click on Add followed by Browse under Script Name and locate the .bat file you created in the NETLOGON folder
That's it!
Step four: Testing...testing!
The easiest way to test this is to create another test user in the Test OU and apply the policy to only the Test OU, make sure you are happy that this is working before applying it. You now have a standardised custom start menu for the users in your organisation
NOTE: Be aware that it can sometimes take two, three, and maybe even up to four log-ons for this to be picked up properly.
