Richard,
In addition to what Matjaz suggested ( which is, naturally, right on the
mark ) I might suggest that you use the following link to help you lock down
the TS via Group Policy:
http://support.microsoft.com/?id=278295
This will give you a start. Consider using Replace Mode! You will want to
make sure that you redirect the user's My Documents folder to the same
location via the TS GPO as you do via the 'desktop' GPO. Also, if you
choose to redirect other items ( such as the Start Menu ) then I suggest
that you create another location for that particular item ( such as
\\servername\startmenu\%username% ). If you redirect everything to the same
location you are going to have problems! Additionally, you might consider
using a security group to filter this as I am sure that you will not want
the Administrator account ( and possibly others? ) to be affected by this
GPO when logging on to the TS.
A quick note on using security groups to filter which user account objects
are affected by a particular GPO: simply create a security group and make
all of the user account objects that you want to be affected by this TS GPO
members of the security group. Next, on the GPO itself select Properties
and then select the Security Tab. First add that security group that you
created and make sure that it has the READ and APPLY GROUP POLICY rights.
Next, remove the AUTHENTICATED USERS security group.
I might suggest, though, that you set up a lab environment and play with
this, though. That is, if you have the resources!
HTH,
Cary