Hi All,
I am trying to configure Mandatory profiles for any user who logs onto any of our Windows 2008 R2 servers. I have a test environment consisting of a 2008 R2 DC and a few 2008 R2 Application servers. The process I followed was this:
On the DC I created a foler on the c: drive and called it profile, then shared it as profiles$ with authenticated users and domain admins with full control. Set the NTFS permissions to Authenticted users read and Domain Admins full.
Then I Logged onto one of the 2008 servers, created a local user called Mandatory, logged on with that user, modified the desktop and added some files to the desktop, logged off then logged back on with a Domain admin account. Copied the local user folder for Mandatory including hidden files to the share \\Server\profile$\mandatory .
Then I imported the NTUSER.DAT into regedit removed the permissions and added Authenticated users ( READ ) and Domain Admins (Full ) and unloaded the hive. Rnamed NTUSER.DAT to NTUSER.MAN and renamed the Mandatory folder to Mandatory.V2.
Now I created a new GPO and enabled "Use Mandatory profiles aon the RD Session Host Server" and enabled "Set path for Remote Desktop Services Roaming User Profile" with the path of \\Server\Profile$\Mandatory
I then linked the GPO to the OU containing the Windows 2008 R2 servers, quick GPUpdate on the server then logged in. The profile is not the mandatory one. I have tried enabling loopback for the goup policy applying filtering to all users and the computer account but still no mandatory profile is applied for any user logging on. An RSOP shows that the GPO is processed and applied as I have made some other changes to the GPO and the settings do apply. Yet the Mandatory profile doesn't apply. When logged on if you go to %userprofile% it points to the local cache i.e C:\users\username and I can make changes that are still there when logging off and back on again.
Am I missing something obvious?
Thanks
I am trying to configure Mandatory profiles for any user who logs onto any of our Windows 2008 R2 servers. I have a test environment consisting of a 2008 R2 DC and a few 2008 R2 Application servers. The process I followed was this:
On the DC I created a foler on the c: drive and called it profile, then shared it as profiles$ with authenticated users and domain admins with full control. Set the NTFS permissions to Authenticted users read and Domain Admins full.
Then I Logged onto one of the 2008 servers, created a local user called Mandatory, logged on with that user, modified the desktop and added some files to the desktop, logged off then logged back on with a Domain admin account. Copied the local user folder for Mandatory including hidden files to the share \\Server\profile$\mandatory .
Then I imported the NTUSER.DAT into regedit removed the permissions and added Authenticated users ( READ ) and Domain Admins (Full ) and unloaded the hive. Rnamed NTUSER.DAT to NTUSER.MAN and renamed the Mandatory folder to Mandatory.V2.
Now I created a new GPO and enabled "Use Mandatory profiles aon the RD Session Host Server" and enabled "Set path for Remote Desktop Services Roaming User Profile" with the path of \\Server\Profile$\Mandatory
I then linked the GPO to the OU containing the Windows 2008 R2 servers, quick GPUpdate on the server then logged in. The profile is not the mandatory one. I have tried enabling loopback for the goup policy applying filtering to all users and the computer account but still no mandatory profile is applied for any user logging on. An RSOP shows that the GPO is processed and applied as I have made some other changes to the GPO and the settings do apply. Yet the Mandatory profile doesn't apply. When logged on if you go to %userprofile% it points to the local cache i.e C:\users\username and I can make changes that are still there when logging off and back on again.
Am I missing something obvious?
Thanks
