RDS GPO

WebsitePanel/Database/update_db.sql

@@ -9371,6 +9371,17 @@ AS
 	WHERE RDSServerId = @ServerId AND SettingsName = @SettingsName			
 GO
 
+IF EXISTS (SELECT * FROM SYS.OBJECTS WHERE type = 'P' AND name = 'DeleteRDSServerSettings')
+DROP PROCEDURE DeleteRDSServerSettings
+GO
+CREATE PROCEDURE DeleteRDSServerSettings
+(
+	@ServerId int
+)
+AS
+	DELETE FROM RDSServerSettings WHERE RDSServerId = @ServerId
+GO
+
 
 IF EXISTS (SELECT * FROM SYS.OBJECTS WHERE type = 'P' AND name = 'UpdateRDSServerSettings')
 DROP PROCEDURE UpdateRDSServerSettings

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/WebsitePanel.EnterpriseServer.Base.csproj

@@ -134,8 +134,6 @@
     <Compile Include="Packages\PackageSettings.cs" />
     <Compile Include="Packages\PackageStatus.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="RDS\RdsServerSetting.cs" />
-    <Compile Include="RDS\RdsServerSettings.cs" />
     <Compile Include="Reports\OverusageReport.custom.cs">
       <SubType>Component</SubType>
     </Compile>
@@ -244,7 +242,9 @@
       <Install>true</Install>
     </BootstrapperPackage>
   </ItemGroup>
-  <ItemGroup />
+  <ItemGroup>
+    <Folder Include="RDS\" />
+  </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Client/RemoteDesktopServicesProxy.cs

@@ -18,10 +18,10 @@ namespace WebsitePanel.EnterpriseServer {
     using System.Web.Services.Protocols;
     using System;
     using System.Diagnostics;
-    using WebsitePanel.Providers.HostedSolution;
     using WebsitePanel.Providers.RemoteDesktopServices;
-    using WebsitePanel.EnterpriseServer.Base.RDS;
     using WebsitePanel.Providers.Common;
+    using WebsitePanel.Providers.HostedSolution;
+    using WebsitePanel.EnterpriseServer.Base.RDS;
     
     
     /// <remarks/>

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Data/DataProvider.cs

@@ -4939,6 +4939,16 @@ namespace WebsitePanel.EnterpriseServer
             );
         }
 
+        public static void DeleteRDSServerSettings(int serverId)
+        {
+            SqlHelper.ExecuteNonQuery(
+                ConnectionString,
+                CommandType.StoredProcedure,
+                "DeleteRDSServerSettings",
+                new SqlParameter("@ServerId", serverId)
+            );
+        }
+
         public static void DeleteRDSCollection(int id)
         {
             SqlHelper.ExecuteNonQuery(

WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs

@@ -345,8 +345,8 @@ namespace WebsitePanel.EnterpriseServer
                 {
                     PropertyName = (string)reader["PropertyName"],
                     PropertyValue = (string)reader["PropertyValue"],
-                    ApplyAdministrators = Convert.ToBoolean("ApplyAdministrators"),
+                    ApplyAdministrators = Convert.ToBoolean(reader["ApplyAdministrators"]),
-                    ApplyUsers = Convert.ToBoolean("ApplyUsers")
+                    ApplyUsers = Convert.ToBoolean(reader["ApplyUsers"])
                 });                
             }
 
@@ -361,6 +361,10 @@ namespace WebsitePanel.EnterpriseServer
 
             try
             {                
+                var collection = ObjectUtils.FillObjectFromDataReader<RdsCollection>(DataProvider.GetRDSCollectionById(serverId));
+                var rds = GetRemoteDesktopServices(GetRdsServiceId(collection.ItemId));
+                rds.ApplyGPO(collection.Name, settings);
+
                 XmlDocument doc = new XmlDocument();
                 XmlElement nodeProps = doc.CreateElement("properties");
 
@@ -378,6 +382,7 @@ namespace WebsitePanel.EnterpriseServer
                 }
 
                 string xml = nodeProps.OuterXml;                
+
                 DataProvider.UpdateRdsServerSettings(serverId, settingsName, xml);
 
                 return 0;
@@ -743,6 +748,7 @@ namespace WebsitePanel.EnterpriseServer
                 };                
 
                 rds.CreateCollection(org.OrganizationId, collection);
+                rds.ApplyGPO(collection.Name, GetDefaultGpoSettings());
                 collection.Id = DataProvider.AddRDSCollection(itemId, collection.Name, collection.Description, collection.DisplayName);                
                 
                 collection.Settings.RdsCollectionId = collection.Id;
@@ -915,6 +921,7 @@ namespace WebsitePanel.EnterpriseServer
                 var servers = ObjectUtils.CreateListFromDataReader<RdsServer>(DataProvider.GetRDSServersByCollectionId(collection.Id)).ToArray();
                 rds.RemoveCollection(org.OrganizationId, collection.Name, servers);
 
+                DataProvider.DeleteRDSServerSettings(collection.Id);
                 DataProvider.DeleteRDSCollection(collection.Id);
             }
             catch (Exception ex)
@@ -2021,5 +2028,77 @@ namespace WebsitePanel.EnterpriseServer
 
             return PackageController.EvaluateTemplate(template, items);
         }
+
+        private static RdsServerSettings GetDefaultGpoSettings()
+        {
+            var defaultSettings = UserController.GetUserSettings(SecurityContext.User.UserId, UserSettings.RDS_POLICY);
+            var settings = new RdsServerSettings();
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT,
+                PropertyValue = defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE],
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_RUN_COMMAND,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_RUN_COMMAND_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_RUN_COMMAND_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_POWERSHELL_COMMAND,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.HIDE_C_DRIVE,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.HIDE_C_DRIVE_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.HIDE_C_DRIVE_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_SHUTDOWN_RESTART,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.DISABLE_TASK_MANAGER,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.DISABLE_TASK_MANAGER_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.DISABLE_TASK_MANAGER_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.CHANGE_DESKTOP_DISABLED,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_USERS])
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.SCREEN_SAVER_DISABLED,
+                PropertyValue = "",
+                ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.SCREEN_SAVER_DISABLED_ADMINISTRATORS]),
+                ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.SCREEN_SAVER_DISABLED_USERS])
+            });
+
+            return settings;
+        }
     }
 }

WebsitePanel/Sources/WebsitePanel.Providers.Base/RemoteDesktopServices/IRemoteDesktopServices.cs

@@ -31,6 +31,7 @@ using System.Collections;
 using System.Collections.Generic;
 using System.Net;
 using System.Net.Sockets;
+using WebsitePanel.EnterpriseServer.Base.RDS;
 using WebsitePanel.Providers.HostedSolution;
 
 namespace WebsitePanel.Providers.RemoteDesktopServices
@@ -80,5 +81,6 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
         void RemoveRdsServerFromTenantOU(string hostName, string organizationId);
         void InstallCertificate(byte[] certificate, string password, List<string> hostNames);
         void MoveSessionHostToRdsOU(string hostName);
+        void ApplyGPO(string collectionName, RdsServerSettings serverSettings);
     }
 }

WebsitePanel/Sources/WebsitePanel.Providers.Base/RemoteDesktopServices/RdsServerSettings.cs

@@ -11,6 +11,16 @@ namespace WebsitePanel.EnterpriseServer.Base.RDS
     {
         private List<RdsServerSetting> settings = null;
 
+        public const string LOCK_SCREEN_TIMEOUT = "LockScreenTimeout";        
+        public const string REMOVE_RUN_COMMAND = "RemoveRunCommand";        
+        public const string REMOVE_POWERSHELL_COMMAND = "RemovePowershellCommand";        
+        public const string HIDE_C_DRIVE = "HideCDrive";        
+        public const string REMOVE_SHUTDOWN_RESTART = "RemoveShutdownRestart";        
+        public const string DISABLE_TASK_MANAGER = "DisableTaskManager";
+        public const string CHANGE_DESKTOP_DISABLED = "ChangingDesktopDisabled";        
+        public const string SCREEN_SAVER_DISABLED = "ScreenSaverDisabled";        
+        public const string DRIVE_SPACE_THRESHOLD = "DriveSpaceThreshold";
+
         public const string LOCK_SCREEN_TIMEOUT_VALUE = "LockScreenTimeoutValue";
         public const string LOCK_SCREEN_TIMEOUT_ADMINISTRATORS = "LockScreenTimeoutAdministrators";
         public const string LOCK_SCREEN_TIMEOUT_USERS = "LockScreenTimeoutUsers";

WebsitePanel/Sources/WebsitePanel.Providers.Base/WebsitePanel.Providers.Base.csproj

@@ -138,6 +138,8 @@
     <Compile Include="RemoteDesktopServices\RdsServer.cs" />
     <Compile Include="RemoteDesktopServices\RdsServerDriveInfo.cs" />
     <Compile Include="RemoteDesktopServices\RdsServerInfo.cs" />
+    <Compile Include="RemoteDesktopServices\RdsServerSetting.cs" />
+    <Compile Include="RemoteDesktopServices\RdsServerSettings.cs" />
     <Compile Include="RemoteDesktopServices\RdsServersPaged.cs" />
     <Compile Include="RemoteDesktopServices\RdsUserSession.cs" />
     <Compile Include="RemoteDesktopServices\RemoteApplication.cs" />

WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs

@@ -50,6 +50,8 @@ using System.Collections.ObjectModel;
 using System.DirectoryServices;
 using System.Security.Cryptography.X509Certificates;
 using System.Collections;
+using System.Xml;
+using WebsitePanel.EnterpriseServer.Base.RDS;
 
 
 namespace WebsitePanel.Providers.RemoteDesktopServices
@@ -79,6 +81,18 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
         private const string LocalAdministratorsGroupName = "Administrators";
         private const string RDSHelpDeskRdRapPolicyName = "RDS-HelpDesk-RDRAP";
         private const string RDSHelpDeskRdCapPolicyName = "RDS-HelpDesk-RDCAP";
+        private const string ScreenSaverGpoKey = @"HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop";
+        private const string ScreenSaverValueName = "ScreenSaveActive";
+        private const string ScreenSaverTimeoutGpoKey = @"HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop";
+        private const string ScreenSaverTimeoutValueName = "ScreenSaveTimeout";
+        private const string RemoveRestartGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
+        private const string RemoveRestartGpoValueName = "NoClose";
+        private const string RemoveRunGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
+        private const string RemoveRunGpoValueName = "NoRun";
+        private const string DisableTaskManagerGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System";
+        private const string DisableTaskManagerGpoValueName = "DisableTaskMgr";
+        private const string HideCDriveGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
+        private const string HideCDriveGpoValueName = "NoDrives";
 
         #endregion
 
@@ -349,11 +363,14 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
                 //add session servers to group
                 foreach (var rdsServer in collection.Servers)
                 {
-                    MoveRdsServerToTenantOU(rdsServer.Name, organizationId);
+                    MoveSessionHostToCollectionOU(rdsServer.Name, collection.Name, organizationId);                    
                     AddAdGroupToLocalAdmins(runSpace, rdsServer.FqdName, helpDeskGroupSamAccountName);
                     AddAdGroupToLocalAdmins(runSpace, rdsServer.FqdName, localAdminsGroupSamAccountName);
                     AddComputerToCollectionAdComputerGroup(organizationId, collection.Name, rdsServer);
                 }
+
+                CreatePolicy(runSpace, organizationId, string.Format("{0}-administrators", collection.Name), new DirectoryEntry(GetGroupPath(organizationId, collection.Name, GetLocalAdminsGroupName(collection.Name))), collection.Name);
+                CreatePolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name)), collection.Name);
             }                   
             finally
             {
@@ -497,6 +514,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
 
                 ExecuteShellCommand(runSpace, cmd, false);
 
+                DeleteGpo(runSpace, string.Format("{0}-administrators", collectionName));
+                DeleteGpo(runSpace, string.Format("{0}-users", collectionName));
                 var capPolicyName = GetPolicyName(organizationId, collectionName, RdsPolicyTypes.RdCap);
                 var rapPolicyName = GetPolicyName(organizationId, collectionName, RdsPolicyTypes.RdRap);
 
@@ -519,11 +538,13 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
                 {
                     RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
                     RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
+                    MoveRdsServerToTenantOU(server.Name, organizationId);
                 }
 
                 ActiveDirectoryUtils.DeleteADObject(GetComputerGroupPath(organizationId, collectionName));
                 ActiveDirectoryUtils.DeleteADObject(GetUsersGroupPath(organizationId, collectionName));
                 ActiveDirectoryUtils.DeleteADObject(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName)));
+                ActiveDirectoryUtils.DeleteADObject(GetCollectionOUPath(organizationId, string.Format("{0}-OU", collectionName)));
             }
             catch (Exception e)
             {
@@ -624,6 +645,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
 
                 RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
                 RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
+                MoveRdsServerToTenantOU(server.Name, organizationId);
             }
             finally
             {
@@ -1092,6 +1114,186 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
         
         #endregion
 
+        #region GPO   
+     
+        public void ApplyGPO(string collectionName, RdsServerSettings serverSettings)
+        {
+            string administratorsGpo = string.Format("{0}-administrators", collectionName);
+            string usersGpo = string.Format("{0}-users", collectionName);
+            Runspace runspace = null;            
+
+            try
+            {
+                runspace = OpenRunspace();
+
+                RemoveRegistryValue(runspace, ScreenSaverGpoKey, administratorsGpo);
+                RemoveRegistryValue(runspace, ScreenSaverGpoKey, usersGpo);                
+                RemoveRegistryValue(runspace, RemoveRestartGpoKey, administratorsGpo);
+                RemoveRegistryValue(runspace, RemoveRestartGpoKey, usersGpo);
+                RemoveRegistryValue(runspace, DisableTaskManagerGpoKey, administratorsGpo);
+                RemoveRegistryValue(runspace, DisableTaskManagerGpoKey, usersGpo);                
+
+                var setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.SCREEN_SAVER_DISABLED));
+                SetRegistryValue(setting, runspace, ScreenSaverGpoKey, administratorsGpo, usersGpo, ScreenSaverValueName, "0", "string");                
+
+                setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.REMOVE_SHUTDOWN_RESTART));
+                SetRegistryValue(setting, runspace, RemoveRestartGpoKey, administratorsGpo, usersGpo, RemoveRestartGpoValueName, "1", "DWord");                                
+
+                setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.REMOVE_RUN_COMMAND));
+                SetRegistryValue(setting, runspace, RemoveRunGpoKey, administratorsGpo, usersGpo, RemoveRunGpoValueName, "1", "DWord");
+
+                setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.DISABLE_TASK_MANAGER));
+                SetRegistryValue(setting, runspace, DisableTaskManagerGpoKey, administratorsGpo, usersGpo, DisableTaskManagerGpoValueName, "1", "DWord");
+
+                setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.HIDE_C_DRIVE));
+                SetRegistryValue(setting, runspace, HideCDriveGpoKey, administratorsGpo, usersGpo, HideCDriveGpoValueName, "4", "DWord");                
+                
+                setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.LOCK_SCREEN_TIMEOUT));
+                double result;
+
+                if (!string.IsNullOrEmpty(setting.PropertyValue) && double.TryParse(setting.PropertyValue, out result))
+                {                    
+                    SetRegistryValue(setting, runspace, ScreenSaverTimeoutGpoKey, administratorsGpo, usersGpo, ScreenSaverTimeoutValueName, setting.PropertyValue, "string");                                    
+                }
+            }
+            finally
+            {
+                CloseRunspace(runspace);
+            }
+        }     
+   
+        private void RemoveRegistryValue(Runspace runspace, string key, string gpoName)
+        {
+            Command cmd = new Command("Remove-GPRegistryValue");
+            cmd.Parameters.Add("Name", gpoName);
+            cmd.Parameters.Add("Key", string.Format("\"{0}\"", key));
+
+            Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+        }
+
+        private void SetRegistryValue(RdsServerSetting setting, Runspace runspace, string key, string administratorsGpo, string usersGpo, string valueName, string value, string type)
+        {
+            if (setting.ApplyAdministrators)
+            {
+                SetRegistryValue(runspace, key, administratorsGpo, value, valueName, type);
+            }
+
+            if (setting.ApplyUsers)
+            {
+                SetRegistryValue(runspace, key, usersGpo, value, valueName, type);
+            }
+        }
+
+        private void SetRegistryValue(Runspace runspace, string key, string gpoName, string value, string valueName, string type)
+        {
+            Command cmd = new Command("Set-GPRegistryValue");
+            cmd.Parameters.Add("Name", gpoName);
+            cmd.Parameters.Add("Key", string.Format("\"{0}\"", key));
+            cmd.Parameters.Add("Value", value);
+            cmd.Parameters.Add("ValueName", valueName);
+            cmd.Parameters.Add("Type", type);
+
+            Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+        }
+
+        private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, string collectionName)
+        {
+            string gpoId = GetPolicyId(runspace, gpoName);
+
+            if (string.IsNullOrEmpty(gpoId))
+            {
+                gpoId = CreateAndLinkPolicy(runspace, gpoName, organizationId, collectionName);
+                SetPolicyPermissions(runspace, gpoName, entry);
+            }
+
+            return gpoId;
+        }
+
+        private void DeleteGpo(Runspace runspace, string gpoName)
+        {
+            Command cmd = new Command("Remove-GPO");
+            cmd.Parameters.Add("Name", gpoName);
+
+            Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+        }
+
+        private void SetPolicyPermissions(Runspace runspace, string gpoName, DirectoryEntry entry)
+        {
+            var scripts = new List<string>
+            {
+                string.Format("Set-GPPermissions -Name {0} -Replace -PermissionLevel None -TargetName 'Authenticated Users' -TargetType group", gpoName),
+                string.Format("Set-GPPermissions -Name {0} -PermissionLevel gpoapply -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(entry, "sAMAccountName").ToString()))
+            };
+
+            object[] errors = null;
+            ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
+        }
+
+        private string CreateAndLinkPolicy(Runspace runspace, string gpoName, string organizationId, string collectionName)
+        {
+            string gpoId = null;
+
+            try
+            {
+                var entry = new DirectoryEntry(GetCollectionOUPath(organizationId, string.Format("{0}-OU", collectionName)));
+                var distinguishedName = string.Format("\"{0}\"", ActiveDirectoryUtils.GetADObjectProperty(entry, "DistinguishedName"));
+
+                Command cmd = new Command("New-GPO");
+                cmd.Parameters.Add("Name", gpoName);
+
+                Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+
+                if (result != null && result.Count > 0)
+                {
+                    PSObject gpo = result[0];
+                    gpoId = ((Guid)GetPSObjectProperty(gpo, "Id")).ToString("B");
+
+                }
+
+                cmd = new Command("New-GPLink");
+                cmd.Parameters.Add("Name", gpoName);
+                cmd.Parameters.Add("Target", distinguishedName);
+
+                ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+            }
+            catch (Exception)
+            {
+                gpoId = null;
+                throw;
+            }
+
+            return gpoId;
+        }
+
+        private string GetPolicyId(Runspace runspace, string gpoName)
+        {
+            string gpoId = null;
+
+            try
+            {
+                Command cmd = new Command("Get-GPO");
+                cmd.Parameters.Add("Name", gpoName);
+
+                Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
+
+                if (result != null && result.Count > 0)
+                {
+                    PSObject gpo = result[0];
+                    gpoId = ((Guid)GetPSObjectProperty(gpo, "Id")).ToString("B");
+                }
+            }
+            catch (Exception)
+            {
+                gpoId = null;
+
+                throw;
+            }
+
+            return gpoId;
+        }
+
+        #endregion
+
         #region RDS Help Desk
 
         private string GetHelpDeskGroupPath(string groupName)
@@ -1463,6 +1665,34 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
             } 
         }
 
+        public void MoveSessionHostToCollectionOU(string hostName, string collectionName, string organizationId)
+        {
+            if (!string.IsNullOrEmpty(ComputersRootOU))
+            {
+                CheckOrCreateComputersRoot(GetComputersRootPath());
+            }
+
+            var computerObject = GetComputerObject(hostName);
+            string collectionOUName = string.Format("{0}-OU", collectionName);
+            string collectionOUPath = GetCollectionOUPath(organizationId, collectionOUName);
+
+            if (!ActiveDirectoryUtils.AdObjectExists(collectionOUPath))
+            {
+                ActiveDirectoryUtils.CreateOrganizationalUnit(collectionOUName, GetOrganizationPath(organizationId));
+            }
+
+            if (computerObject != null)
+            {
+                var samName = (string)ActiveDirectoryUtils.GetADObjectProperty(computerObject, "sAMAccountName");
+
+                if (!ActiveDirectoryUtils.IsComputerInGroup(samName, collectionOUName))
+                {
+                    DirectoryEntry group = new DirectoryEntry(collectionOUPath);
+                    computerObject.MoveTo(group);
+                }
+            }
+        }
+
         public void MoveRdsServerToTenantOU(string hostName, string organizationId)
         {
             var tenantComputerGroupPath = GetTenantComputerGroupPath(organizationId);
@@ -1767,6 +1997,20 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
             return sb.ToString();
         }
 
+        private string GetCollectionOUPath(string organizationId, string collectionName)
+        {
+            StringBuilder sb = new StringBuilder();
+
+            AppendProtocol(sb);
+            AppendDomainController(sb);
+            AppendOUPath(sb, collectionName);
+            AppendOUPath(sb, organizationId);
+            AppendOUPath(sb, RootOU);
+            AppendDomainPath(sb, RootDomain);
+
+            return sb.ToString();
+        }
+
         private string GetUserPath(string organizationId, string loginName)
         {
             StringBuilder sb = new StringBuilder();

WebsitePanel/Sources/WebsitePanel.Server.Client/RemoteDesktopServicesProxy.cs

@@ -18,6 +18,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
     using System.Web.Services.Protocols;
     using System;
     using System.Diagnostics;
+    using WebsitePanel.EnterpriseServer.Base.RDS;
     
     
     /// <remarks/>
@@ -101,6 +102,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
         
         private System.Threading.SendOrPostCallback MoveSessionHostToRdsOUOperationCompleted;
         
+        private System.Threading.SendOrPostCallback ApplyGPOOperationCompleted;
+        
         /// <remarks/>
         public RemoteDesktopServices() {
             this.Url = "http://localhost:9003/RemoteDesktopServices.asmx";
@@ -214,6 +217,9 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
         /// <remarks/>
         public event MoveSessionHostToRdsOUCompletedEventHandler MoveSessionHostToRdsOUCompleted;
         
+        /// <remarks/>
+        public event ApplyGPOCompletedEventHandler ApplyGPOCompleted;
+        
         /// <remarks/>
         [System.Web.Services.Protocols.SoapHeaderAttribute("ServiceProviderSettingsSoapHeaderValue")]
         [System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://smbsaas/websitepanel/server/CreateCollection", RequestNamespace="http://smbsaas/websitepanel/server/", ResponseNamespace="http://smbsaas/websitepanel/server/", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
@@ -1782,6 +1788,49 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
             }
         }
         
+        /// <remarks/>
+        [System.Web.Services.Protocols.SoapHeaderAttribute("ServiceProviderSettingsSoapHeaderValue")]
+        [System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://smbsaas/websitepanel/server/ApplyGPO", RequestNamespace="http://smbsaas/websitepanel/server/", ResponseNamespace="http://smbsaas/websitepanel/server/", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
+        public void ApplyGPO(string collectionName, RdsServerSettings serverSettings) {
+            this.Invoke("ApplyGPO", new object[] {
+                        collectionName,
+                        serverSettings});
+        }
+        
+        /// <remarks/>
+        public System.IAsyncResult BeginApplyGPO(string collectionName, RdsServerSettings serverSettings, System.AsyncCallback callback, object asyncState) {
+            return this.BeginInvoke("ApplyGPO", new object[] {
+                        collectionName,
+                        serverSettings}, callback, asyncState);
+        }
+        
+        /// <remarks/>
+        public void EndApplyGPO(System.IAsyncResult asyncResult) {
+            this.EndInvoke(asyncResult);
+        }
+        
+        /// <remarks/>
+        public void ApplyGPOAsync(string collectionName, RdsServerSettings serverSettings) {
+            this.ApplyGPOAsync(collectionName, serverSettings, null);
+        }
+        
+        /// <remarks/>
+        public void ApplyGPOAsync(string collectionName, RdsServerSettings serverSettings, object userState) {
+            if ((this.ApplyGPOOperationCompleted == null)) {
+                this.ApplyGPOOperationCompleted = new System.Threading.SendOrPostCallback(this.OnApplyGPOOperationCompleted);
+            }
+            this.InvokeAsync("ApplyGPO", new object[] {
+                        collectionName,
+                        serverSettings}, this.ApplyGPOOperationCompleted, userState);
+        }
+        
+        private void OnApplyGPOOperationCompleted(object arg) {
+            if ((this.ApplyGPOCompleted != null)) {
+                System.Web.Services.Protocols.InvokeCompletedEventArgs invokeArgs = ((System.Web.Services.Protocols.InvokeCompletedEventArgs)(arg));
+                this.ApplyGPOCompleted(this, new System.ComponentModel.AsyncCompletedEventArgs(invokeArgs.Error, invokeArgs.Cancelled, invokeArgs.UserState));
+            }
+        }
+        
         /// <remarks/>
         public new void CancelAsync(object userState) {
             base.CancelAsync(userState);
@@ -2415,4 +2464,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
     /// <remarks/>
     [System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038")]
     public delegate void MoveSessionHostToRdsOUCompletedEventHandler(object sender, System.ComponentModel.AsyncCompletedEventArgs e);
+    
+    /// <remarks/>
+    [System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038")]
+    public delegate void ApplyGPOCompletedEventHandler(object sender, System.ComponentModel.AsyncCompletedEventArgs e);
 }

WebsitePanel/Sources/WebsitePanel.Server/RemoteDesktopServices.asmx.cs

@@ -43,6 +43,7 @@ using WebsitePanel.Providers.OS;
 using WebsitePanel.Providers.RemoteDesktopServices;
 using WebsitePanel.Server.Utils;
 using WebsitePanel.Providers.HostedSolution;
+using WebsitePanel.EnterpriseServer.Base.RDS;
 
 namespace WebsitePanel.Server
 {
@@ -662,5 +663,21 @@ namespace WebsitePanel.Server
                 throw;
             }
         }
+
+        [WebMethod, SoapHeader("settings")]
+        public void ApplyGPO(string collectionName, RdsServerSettings serverSettings)
+        {
+            try
+            {
+                Log.WriteStart("'{0}' ApplyGPO", ProviderSettings.ProviderName);
+                RDSProvider.ApplyGPO(collectionName, serverSettings);
+                Log.WriteEnd("'{0}' ApplyGPO", ProviderSettings.ProviderName);
+            }
+            catch (Exception ex)
+            {
+                Log.WriteError(String.Format("'{0}' ApplyGPO", ProviderSettings.ProviderName), ex);
+                throw;
+            }
+        }
     }
 }

WebsitePanel/Sources/WebsitePanel.WebPortal/App_Data/ESModule_ControlsHierarchy.config

@@ -153,5 +153,6 @@
   <Control key="rds_edit_collection_settings" general_key="rds_collections" />
   <Control key="rds_collection_user_sessions" general_key="rds_collections" />
   <Control key="rds_collection_local_admins" general_key="rds_collections" />
+  <Control key="rds_collection_user_experience" general_key="rds_collections" />
   <Control key="rds_setup_letter" general_key="rds_collections" />
 </Controls>

WebsitePanel/Sources/WebsitePanel.WebPortal/App_Data/WebsitePanel_Modules.config

@@ -584,6 +584,7 @@
       <Control key="deleted_user_memberof" src="WebsitePanel/ExchangeServer/OrganizationDeletedUserMemberOf.ascx" title="DeletedUserMemberOf" type="View" />
       <Control key="rds_application_edit_users" src="WebsitePanel/RDS/RDSEditApplicationUsers.ascx" title="RDSEditApplicationUsers" type="View" />
       <Control key="rds_collection_local_admins" src="WebsitePanel/RDS/RDSLocalAdmins.ascx" title="RDSLocalAdmins" type="View" />
+      <Control key="rds_collection_user_experience" src="WebsitePanel/RDS/RDSEditUserExperience.ascx" title="RDSEditUserExperience" type="View" />
       <Control key="rds_setup_letter" src="WebsitePanel/RDS/RDSSetupLetter.ascx" title="RDSSetupLetter" type="View" />
       <Control key="rds_edit_collection" src="WebsitePanel/RDS/RDSEditCollection.ascx" title="RDSEditCollection" type="View" />
       <Control key="rds_edit_collection_settings" src="WebsitePanel/RDS/RDSEditCollectionSettings.ascx" title="RDSEditCollectionSettings" type="View" />

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditUserExperience.ascx.cs

@@ -25,7 +25,7 @@ namespace WebsitePanel.Portal.RDS
         {
             var serverSettings = ES.Services.RDS.GetRdsServerSettings(PanelRequest.CollectionID, string.Format("Collection-{0}-Settings", PanelRequest.CollectionID));
 
-            if (serverSettings == null)
+            if (serverSettings == null || !serverSettings.Settings.Any())
             {
                 var defaultSettings = ES.Services.Users.GetUserSettings(PanelSecurity.LoggedUserId, UserSettings.RDS_POLICY);
                 BindDefaultSettings(defaultSettings);
@@ -38,35 +38,123 @@ namespace WebsitePanel.Portal.RDS
 
         private void BindSettings(RdsServerSettings settings)
         {
+            var setting = GetServerSetting(settings, RdsServerSettings.LOCK_SCREEN_TIMEOUT);
+            txtTimeout.Text = setting.PropertyValue;
+            cbTimeoutAdministrators.Checked = setting.ApplyAdministrators;
+            cbTimeoutUsers.Checked = setting.ApplyUsers;
 
+            setting = GetServerSetting(settings, RdsServerSettings.REMOVE_RUN_COMMAND);
+            cbRunCommandAdministrators.Checked = setting.ApplyAdministrators;
+            cbRunCommandUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.REMOVE_POWERSHELL_COMMAND);
+            cbPowershellAdministrators.Checked = setting.ApplyAdministrators;
+            cbPowershellUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.HIDE_C_DRIVE);
+            cbHideCDriveAdministrators.Checked = setting.ApplyAdministrators;
+            cbHideCDriveUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.REMOVE_SHUTDOWN_RESTART);
+            cbShutdownAdministrators.Checked = setting.ApplyAdministrators;
+            cbShutdownUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.DISABLE_TASK_MANAGER);
+            cbTaskManagerAdministrators.Checked = setting.ApplyAdministrators;
+            cbTaskManagerUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.CHANGE_DESKTOP_DISABLED);
+            cbDesktopAdministrators.Checked = setting.ApplyAdministrators;
+            cbDesktopUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.SCREEN_SAVER_DISABLED);
+            cbScreenSaverAdministrators.Checked = setting.ApplyAdministrators;
+            cbScreenSaverUsers.Checked = setting.ApplyUsers;
+
+            setting = GetServerSetting(settings, RdsServerSettings.DRIVE_SPACE_THRESHOLD);
+            txtThreshold.Text = setting.PropertyValue;
+        }
+
+        private RdsServerSetting GetServerSetting(RdsServerSettings settings, string propertyName)
+        {
+            return settings.Settings.First(s => s.PropertyName.Equals(propertyName));
         }
 
         private RdsServerSettings GetSettings()
         {                                                                                               
-            //settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE] = txtTimeout.Text;
-            //settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_ADMINISTRATORS] = cbTimeoutAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_USERS] = cbTimeoutUsers.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_RUN_COMMAND_ADMINISTRATORS] = cbRunCommandAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_RUN_COMMAND_USERS] = cbRunCommandUsers.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_ADMINISTRATORS] = cbPowershellAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_USERS] = cbPowershellUsers.Checked.ToString();
-            //settings[RdsServerSettings.HIDE_C_DRIVE_ADMINISTRATORS] = cbHideCDriveAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.HIDE_C_DRIVE_USERS] = cbHideCDriveUsers.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_ADMINISTRATORS] = cbShutdownAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_USERS] = cbShutdownUsers.Checked.ToString();
-            //settings[RdsServerSettings.DISABLE_TASK_MANAGER_ADMINISTRATORS] = cbTaskManagerAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.DISABLE_TASK_MANAGER_USERS] = cbTaskManagerUsers.Checked.ToString();
-            //settings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_ADMINISTRATORS] = cbDesktopAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_USERS] = cbDesktopUsers.Checked.ToString();
-            //settings[RdsServerSettings.SCREEN_SAVER_DISABLED_ADMINISTRATORS] = cbScreenSaverAdministrators.Checked.ToString();
-            //settings[RdsServerSettings.SCREEN_SAVER_DISABLED_USERS] = cbScreenSaverUsers.Checked.ToString();
-            //settings[RdsServerSettings.DRIVE_SPACE_THRESHOLD_VALUE] = txtThreshold.Text;
-
             var settings = new RdsServerSettings();
-            //settings.Settings.Add(new RdsServerSetting{
+
-            //    PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE,
+            settings.Settings.Add(new RdsServerSetting
-            //    PropertyValue = txtTimeout.Text
+            {
-            //})
+                PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT,
+                PropertyValue = txtTimeout.Text,
+                ApplyAdministrators = cbTimeoutAdministrators.Checked,
+                ApplyUsers = cbTimeoutUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_RUN_COMMAND,
+                PropertyValue = "",
+                ApplyAdministrators = cbRunCommandAdministrators.Checked,
+                ApplyUsers = cbRunCommandUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_POWERSHELL_COMMAND,
+                PropertyValue = "",
+                ApplyAdministrators = cbPowershellAdministrators.Checked,
+                ApplyUsers = cbPowershellUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.HIDE_C_DRIVE,
+                PropertyValue = "",
+                ApplyAdministrators = cbHideCDriveAdministrators.Checked,
+                ApplyUsers = cbHideCDriveUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.REMOVE_SHUTDOWN_RESTART,
+                PropertyValue = "",
+                ApplyAdministrators = cbShutdownAdministrators.Checked,
+                ApplyUsers = cbShutdownUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.DISABLE_TASK_MANAGER,
+                PropertyValue = "",
+                ApplyAdministrators = cbTaskManagerAdministrators.Checked,
+                ApplyUsers = cbTaskManagerUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.CHANGE_DESKTOP_DISABLED,
+                PropertyValue = "",
+                ApplyAdministrators = cbDesktopAdministrators.Checked,
+                ApplyUsers = cbDesktopUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.SCREEN_SAVER_DISABLED,
+                PropertyValue = "",
+                ApplyAdministrators = cbScreenSaverAdministrators.Checked,
+                ApplyUsers = cbScreenSaverUsers.Checked
+            });
+
+            settings.Settings.Add(new RdsServerSetting
+            {
+                PropertyName = RdsServerSettings.DRIVE_SPACE_THRESHOLD,
+                PropertyValue = txtThreshold.Text,
+                ApplyAdministrators = true,
+                ApplyUsers = true
+            });
 
             return settings;
         }