none
Mandatory Profiles in Windows 10 RRS feed

  • Question

  • Good evening.

    I am deploying an Active Directory domain for a lab, using Windows Server 2012 R2 as a DC and Windows 10 Pro 64-bits (build 10586) for the clients. After the configuration of the server and the clients, I create the domain users and specify they as Mandatory Profiles. But Windows 10 doesn't like Mandatory Profiles apparently. When the user is logged on, the explorer and the taskbar freezes with a surprising regularity, and the only way to temporarily "resolve" the problem is resetting the Explorer.exe process. However, even after this, the OS still seems unstable for the most part, and after a short period of time, explorer freezes again. Third-party applications continue to work normally, but Windows-system-related programs and shortcut keys do not work at all (mouse pointer usually turns in that busy spinning circle).

    I have tried normal roaming profiles and local profiles, both work properly and do not causes problems, but for some reason Mandatory Profiles is not fully working with Windows 10 (Windows 7 and 8.1 works properly).

    I already checked for system errors using sfc /scannow, and the DISM tool, but there is no violation on the clients. Already checked for virus too, no threats. The clients and the server are fully updated.

    Is Microsoft aware of this bug? If is there any solution that I am missing, I would love to know.

    Thank you for your time.


    • Edited by Kevin Costa Friday, December 4, 2015 2:23 AM Orthography
    Thursday, December 3, 2015 9:18 PM

Answers

  • I figured out the problem, I think...
    I updated all the machines again, leaving them at 10586.104 (this update fix some taskbar issues).

    Another thing that I noticed, is that Classic Shell was conflicting with Mandatory Profile. I wanted to use the classic Start Menu to replace the native start menu, but this was causing an thread overload in "explorer.exe". I noticed this behavior analysing the wait chain in Resource Monitor. Basicaly a deadlock among dozens of "explorer.exe" processes, and the main process with over 800 threads in it. I think is a bug with Classic Shell itself, particularly with this type of user profile.

    I uninstalled Classic Shell, and the freezing is gone. The overload and deadlock of threads is gone too.

    Thanks for the tips Michael Shao. If the problem returns, I'll post here again.

    • Marked as answer by Kevin Costa Tuesday, March 22, 2016 1:37 AM
    Tuesday, March 22, 2016 1:11 AM

All replies

  • Good evening.

    I am deploying an Active Directory domain for a lab, using Windows Server 2012 R2 as a DC and Windows 10 Pro 64-bits (build 10586) for the clients. After the configuration of the server and the clients, I create the domain users and specify they as Mandatory Profiles. But Windows 10 doesn't like Mandatory Profiles apparently. When the user is logged on, the explorer and the taskbar freezes with a surprising regularity, and the only way to temporarily "resolve" the problem is resetting the Explorer.exe process. However, even after this, the OS still seems unstable for the most part, and after a short period of time, explorer freezes again. Third-party applications continue to work normally, but Windows-system-related programs and shortcut keys do not work at all (mouse pointer usually turns in that busy spinning circle).

    I have tried normal roaming profiles and local profiles, both work properly and do not causes problems, but for some reason Mandatory Profiles is not fully working with Windows 10 (Windows 7 and 8.1 works properly).

    I already checked for system errors using sfc /scannow, and the DISM tool, but there is no violation on the clients. Already checked for virus too, no threats. The clients and the server are fully updated.

    Is Microsoft aware of this bug? If is there any solution that I am missing, I would love to know.

    Thank you for your time.
    Thursday, December 3, 2015 10:56 PM
  • Hi kevin,

    How we configured the Mandatory Profiles ?

    Further, please take a check at the KB article below and see if ti is related:

    Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview

    https://support.microsoft.com/en-us/kb/3056198

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, December 4, 2015 8:38 AM
    Moderator
  • Hi Michael

    Thanks for the answer. I configured the domain user to use its profile path to a shared folder located in the same server, with the right permissions (Authenticated Users have full control in "share permissions"). After this, I logged on for the first time and configure how the profile is going to work (icons, wallpaper, and miscelaneous settings). Then I logoff, the client uploads the profile to the server, and I rename 'ntuser.dat' to 'ntuser.man'. In Windows 7 worked perfectly, but when we migrate our machines to Windows 10, doesn't work anymore (the machine detects and downloads the profile, but keeps freezing a lot). Btw, we don't have the V2 profiles anymore, just the V5 profile, that is having problems. Any ideas about how to resolve this?

    Friday, December 4, 2015 11:29 AM
  • Anyone?
    Wednesday, December 9, 2015 11:44 AM
  • Hi Kevin,

    Apologize for the late reply.

    Which account that we have logged on the Windows 10 for the first time? What do you mean the client upload the profile to the server?

    We need to take use of the local user account here:

    https://technet.microsoft.com/en-us/library/gg241188

    And then, we should copy the created user profile folder to the shares, to change the NTuser.dat file.

    https://technet.microsoft.com/library/gg241183

    Please follow the steps above and see if it would work this time.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, December 10, 2015 3:45 AM
    Moderator
  • Thanks for the reply, Michael.

    The first user that I created after the fresh install was the local admin account, to install the programs and join the domain. After the join, I logged with the domain user created in the Domain Controller (standard account with profile path configured at a server share). The account starts correctly, installs the Modern Apps, and is ready to use. I configured the account with custom settings based in our environment (a college lab), and after this I logoff the client. At this moment, the client uploads the profile folder to the server share (because is a roaming profile as I previously said), and at the profile folder in the server, I renamed the ntuser.dat to ntuser.man to turn the profile read-only and avoid changes (mandatory profile) in other client logoffs.

    When I log again at the clients with the mandatory profile, the problems start, the freezing, and the weird behavior, which do not happen in Windows 7 or 8.1 previously, and do not happen using normal roaming profiles (non-mandatory) in Windows 10. Very strange.

    After viewing the event logs, I see DistributedCOM errors envolving the Search and Cortana mechanisms. Event ID 10016. I don't know if this freezing is related to this error.

    Here is the event detailed (in Portuguese):

    *********************

    As configurações de permissão padrão-computador não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     e APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     ao usuário AD\lab4408 SID (S-1-5-21-2316075346-2433878705-2380256969-1107) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
    *********************

    Thursday, December 10, 2015 1:18 PM
  • Any ideas?
    Wednesday, December 16, 2015 6:16 PM
  • Hi kevin,

    I followed the steps you mentioned to change the profile type on the server share, and the profile won't load and told me that is is logged in a temporary profile.

    So basically I think this is not supposed to work on Windows 10, for Windows 7 or Windows 8.1, sorry to say that currently I didn't test it yet.

    By the way, how about we copy the created local user account to the configured profile path first, and then change the file extention?

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, December 18, 2015 8:38 AM
    Moderator
  • Hi kevin,

    What is the current situation?

    If any further help needed, please post back.

    Merry Chrismas.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, December 25, 2015 2:50 AM
    Moderator
  • Hi Michael.

    Merry Christmas for you too :)

    The situation improved a little bit, because I disable all the privacy options in the Settings app and in Cortana settings. It seems that the freezing is a little bit rarer, but still not eradicated. I also noted that the freezing occurs at the first hours of the day, after we turn on the computers. For the rest of the day, the profile behaviour is mostly normal.

    I think that your mandatory profile did not load/save (and using a temporary profile) is because the shared folder permissions are incorrect. It happened to me too, and that was the reason.

    About your suggestion, I didn't copy the local profile because the domain user for the students have unique information (name, email, phone, etc) and I believe that is going to have problems with the domain profile using the local copied profile folder as its profile folder.

    Again, thank you for your time.

    Saturday, December 26, 2015 12:45 AM
  • OK Kevin,

    Thank you for your sharing and update.

    I will make another test on this.

    By the way, share a thread for reference:

    https://social.technet.microsoft.com/Forums/en-US/fd436515-6423-4015-9afe-d7e6034909ab/windows-10-threshold-2-edgesearch-issues-for-domain-joined-pcs

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, December 30, 2015 9:35 AM
    Moderator
  • I figured out the problem, I think...
    I updated all the machines again, leaving them at 10586.104 (this update fix some taskbar issues).

    Another thing that I noticed, is that Classic Shell was conflicting with Mandatory Profile. I wanted to use the classic Start Menu to replace the native start menu, but this was causing an thread overload in "explorer.exe". I noticed this behavior analysing the wait chain in Resource Monitor. Basicaly a deadlock among dozens of "explorer.exe" processes, and the main process with over 800 threads in it. I think is a bug with Classic Shell itself, particularly with this type of user profile.

    I uninstalled Classic Shell, and the freezing is gone. The overload and deadlock of threads is gone too.

    Thanks for the tips Michael Shao. If the problem returns, I'll post here again.

    • Marked as answer by Kevin Costa Tuesday, March 22, 2016 1:37 AM
    Tuesday, March 22, 2016 1:11 AM