Deleting Local Profiles when using Roaming Profiles at Log off

group-policyroaming-profileterminal-serverwindows-server-2008-r2

I'm currently building an environment that will host about 5,000 users over 20 AppServer. I have finalized my GPOs but I'm experiencing an issue with the user's local profile when roaming profiles is implemented. The roaming part works perfectly, as the user's profile is stored and updated in a centralized network location. My only problem is when a user logs off, their local profile under C:\Users is not deleted. Since I want to minimize the AppServer's C:\ space, I'm looking for a GPO that will remove the local profile cleanly during log off. That is, it will remove the folder C:\Users\%username% and the user's registry entry on the AppServer.

I tried implementing the following GPO (see below) but unfortunately it does not work.

Computer Configuration -> System -> User Profiles
"Delete cached copies of roaming profiles"

By the way folder redirection is working and setup to move AppData and Documents to the Roaming Profile's network share.

I have also read that adding my users to the Domain Guest group will automatically delete the profile from C:\Users during log off. However I have no clue what other issues I could encounter by adding my users to such group. So I'm wondering if there are other alternatives. I could always write a PS script but I would like to avoid setting up a log off script. – Thanks.

Best Answer

OK, so adding the user to the Domain Guest group has actually solve my problem in terms of cleanly removing the C:\Users\%username% folder and its registry entry on the AppServer. Folder redirection and Roaming Profiles do not seem to be affect by adding the user to the Domain Guest group. I have tested user's daily functionality and I have not found any problems.

I have also ran the Group Policy Modeling and Group Policy Results and all GPO have successfully been implemented.

At this point in time I could say that the "Domain Guest solution" works, but its something that I will NOT recommended as I'm sure this implementation is not following best practices. If someone needs to implement the above solution I would recommend that adequate tests are run prior to deploying it to a production environment.

PS - If someone else knows of potential problems or risks please advise - Thanks

Related Topic