I want to configure my Windows Server 2008 servers like this. A user logs on, they load a profile that has been configured for that server and no changes can be made to the profile.
I want to do this is with a mandatory profile, and 2 policies: "Use mandatory profiles on the RD Session Host server" and "Set path for Remote Desktop Services User Profile"
So for each server, I log on, create a profile, save it as a mandatory profile, enable both policies, and in "Set path for Remote Desktop Services User Profile" I set the path to the previously saved mandatory profile.
I've tested this, and it doesn't work. When I log on to the server using RDP, it loads the local default profile. When I log off it saves the profile in the usual location, C:\Users, and I can make changes which are then saved to the profile. It's as if the policy setting hasn't been applied, but when I view rsop I can see that the policy IS applied. There are no errors when logging on or in event viewer.
Can anyone offer any ideas why it's not working?
Best Answer
Possible errors you made or missed
Authenticated Users
(Apply file security reucrsively to profile folder)C:\Users\MandatoryUser.V2
( and theSet path for Remote Desktop Services User Profile
must beC:\Users\MandatoryUser
without.V2
for Windows Server 2008 and higher.MandatoryUser
is just an example username.HKEY_USERS
, ClickFile-Load Hive
), then set security on loaded hive toAuthenticated Users
:Full Control
ntuser.dat
tontuser.man
c:\users\username
, delete them from registry ( Delete hiveHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<user's SID>
. Here you can look through all hives to findProfileImagePath
that corresponds to your user)System Properties\Advanced\User Profiles
mandatory profiles are marked as Mandatory.Here is one of the best guides about mandatory profiles. It has some security issues, but as a beginning is very good