Spun up a W2K3 R2 Std. Edition x86 SP2 VM with an Active Directory domain.
Created a "Profiles" shared folder on the server VM. Shared with "Everyone / Full Control" share permissions, and set the NTFS to "Administrators - Full Control", "SYSTEM - Full Control", and "Authenticated Users - Read and Execute - This folder only".
Created a "Sales" subfolder of that "Profiles" folder.
Created a domain local group called "Sales (Local)" and a global group called "Sales (Global)".
Created two user accounts - "John" and "Mary". Left their default "Domain Users" group membership intact and added them as members to the "Sales (Global)" group.
Logged-on to a Windows XP Professional Service Pack 3 VM as "john" and created a new local profile. Set the desktop color to red (for quick visual indication of the loading of that profile) and logged-off.
Logged-on to the WinXP machine as the domain Administrator account and used the "User Profiles" functionality in the properties of "My Computer" to copy the newly-created "john" user profile to the "Profiles" share on the server computer, granting "Sales (Local)" the "Permitted to use" permission.
Back on the server computer I modified the security of the "Sales" subfolder of the "Profiles" folder to inherit permission from the parent folder and added "Sales (Local) - Read and Execute". I re-applied that permission to all subfolders.
I renamed the "NTUSER.DAT" file in the "\Profiles\Sales" folder to "NTUSER.MAN".
I modified the properties of the "John" and "Mary" user accounts to specify a roaming user profile at "\SERVER\Profiles\Sales".
I logged-on to the Windows XP machine as "Mary" (who had never been logged-on before) and verified that I received the red desktop background. I modified the desktop background color, logged-off, logged-on again, and verified that the red desktop color persisted (meaning that the mandatory user profile was applying).
I logged-on as "John" and performed the same verification steps as with "Mary".
Everything worked as I expected by specifying "Sales (Local)" in all permissions. I'm at a loss as to tell you what might be different about what you did. What do you see that I did differently?
Best Answer
Here's a few ideas:
You could mount the user's registry hive and add the value manually. Look at the "Load Hive..." functionality in REGEDIT.
You could logon interactively as the user and add the appropriate value using the GUI.
You could use "RUNAS" to open a command-prompt as the user and add the value to their registry (HKEY_CURRENT_USER\Environment) from there.