locked
Mandatory Profiles RRS feed

  • Question

  • Hi,

    Setting up a mandatory profile for our new 2k8 R2 server and seem to be having some problems. I've place the profile.v2 folder in a network share (\\mrb-fs\mandatory), set the appropiate permissions and in group policy I've specified use mandatory profiles and the set TS path for profiles (\\mrb-fs\mandatory). When I then logon to the server I get a prompt stating that I've been logged on with a temporary profile and checking the event log I get the following errors:

    Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.

    DETAIL - The network name cannot be found.

    and

    Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    Any ideas on what's causing this?

    Tuesday, May 18, 2010 9:59 AM

Answers

  • Try this:

     

    Create a network share to store the mandatory profile (for example: \\server\Mandatory). Make sure the permissions on this folder correctly. Here are the necessary share and NTFS permissions that need to be set on this folder.

    SHARE PERMISSIONS FOR A MANDATORY PROFILE STORAGE FOLDER

    Administrators = Full control
    Authenticated Users = Read


    NTFS PERMISSIONS FOR A MANDATORY PROFILE STORAGE FOLDER

    SYSTEM = Full control, this folder, subfolders, files
    Administrators = Full control, this folder, subfolders, files, Owner
    Authenticated Users = Read & Execute, this folder, subfolders, files


    Create a folder within the folder created in Step 1, Name it something appropriate to indicate it is a mandatory profile, and append the .V2 extension (for example: MAN.V2).

    Because using the Copy To button now only works for the Default user profile, this is the profile you will copy to the share you created. On the RD Session Host server, from Server Manager, click Change System Properties and select the Advanced tab . In the User Profiles section click Settings. Highlight the Default User, and click Copy To…In the Copy To dialog box, type or browse to the shared folder location you created in Step 1.  Click the Permitted To Use button, add Everyone, and click OK.

    Note: If you choose to create a customized mandatory profile, use SysPrep to overwrite the Default User profile on the machine you will copy from.

    Rename the ntuser.dat file in the resulting profile to ntuser.man. You will need to change the folder options to show hidden files and folders in order to see this file.


    Set the Computer GPO setting: Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles | Set path for Remote Desktop Services Roaming User Profile to point to the share created in step 1and Step 2, for example: \\server\mandatory\MAN). Do not include the .V2 extension!

    Enable the Computer GPO policy setting: Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles |  Use Mandatory Profiles On The RD Session Host Server.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) 

    My RDS blog: blog.kristinlgriffin.com
    Tuesday, May 18, 2010 6:49 PM

All replies

  • Hi,

    Take a look at this thread, it may help you to resolve your problems.

    http://social.technet.microsoft.com/Forums/en/winserverTS/thread/29d1e79b-bd04-4872-9581-74dd0c0a7b88


    сила в справедливости
    Tuesday, May 18, 2010 10:37 AM
  • Try this:

     

    Create a network share to store the mandatory profile (for example: \\server\Mandatory). Make sure the permissions on this folder correctly. Here are the necessary share and NTFS permissions that need to be set on this folder.

    SHARE PERMISSIONS FOR A MANDATORY PROFILE STORAGE FOLDER

    Administrators = Full control
    Authenticated Users = Read


    NTFS PERMISSIONS FOR A MANDATORY PROFILE STORAGE FOLDER

    SYSTEM = Full control, this folder, subfolders, files
    Administrators = Full control, this folder, subfolders, files, Owner
    Authenticated Users = Read & Execute, this folder, subfolders, files


    Create a folder within the folder created in Step 1, Name it something appropriate to indicate it is a mandatory profile, and append the .V2 extension (for example: MAN.V2).

    Because using the Copy To button now only works for the Default user profile, this is the profile you will copy to the share you created. On the RD Session Host server, from Server Manager, click Change System Properties and select the Advanced tab . In the User Profiles section click Settings. Highlight the Default User, and click Copy To…In the Copy To dialog box, type or browse to the shared folder location you created in Step 1.  Click the Permitted To Use button, add Everyone, and click OK.

    Note: If you choose to create a customized mandatory profile, use SysPrep to overwrite the Default User profile on the machine you will copy from.

    Rename the ntuser.dat file in the resulting profile to ntuser.man. You will need to change the folder options to show hidden files and folders in order to see this file.


    Set the Computer GPO setting: Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles | Set path for Remote Desktop Services Roaming User Profile to point to the share created in step 1and Step 2, for example: \\server\mandatory\MAN). Do not include the .V2 extension!

    Enable the Computer GPO policy setting: Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles |  Use Mandatory Profiles On The RD Session Host Server.


    Hope this helps,

    Kristin L. Griffin

    Co-Author of the Windows Server 2008 Terminal Services Resource Kit (and a SUPER BIG fan of the Microsoft RDV Team!!!) 

    My RDS blog: blog.kristinlgriffin.com
    Tuesday, May 18, 2010 6:49 PM
  • Any update for doing this on 2012 R2?
    Wednesday, August 6, 2014 5:23 AM