Roaming mandatory profile via GPO

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey all,

I had a question on Transcender the other day to do with setting up a mandatory roaming profile for all users on a particular server.

I got the answer to the question wrong because the answer I picked was close to the way I knew to do it (ie, use a network share, copy the profile in there, rename user.dat to user.man etc).

The correct answer was to use group policy on the network share that had been setup and configure the 'Prevent Roaming Profile changes from propagating to the server'. Which is apparently the recommended way by MS to setup mandatory roaming profiles - according to Transcender anyway.

So after that preamble, I have a couple of questions if anyone can help.

Is that in fact the MS recommended way? I can't find any hard evidence for this. In fact the help within Server 2003 actually suggests the method I thought was correct, ie renaming user.dat. The only other hint that MS give that GPO is the correct way is a line in the same help that says 'Profile management should be done - preferentially by policy'.

So, I thought fine, I will set this up in my lab and test out the way suggested in the answer from Transcender, ie to use the policy that prevents roaming profile changes to be propagated to the server. It doesn't seem to work. I have two PC's in the same OU as well as the user I am testing. They are getting the policy in question as I used GP result to check. But ... I can make changes to the wallpaper, create & delete files on the desktop etc... I can also make changes to the general look and feel of the profile and they stay.

The user is definitely getting the roaming profile from the server, as I am testing this on two PC's with the same user, it's just not mandatory.

I'm not going to spend too long gnashing my teeth on this issue, it's just irratating that I can't seem to get it working as it should be.

I think I'll put the setting to prevent propagation into the default domain policy and see if that helps. Hmmm ...

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

keep in mind, this is a computer gpo. it is meant for configuring the behaviour of roaming profiles on specific workstations, and it is often used together with the 'only allow local user profiles' gpo. yes, the side effect is a sort of mandatory profile, (when the user logs on to one of the affected computers), but that is not the purpose.

 

Yeah, well it's not the way I would have done things personally. I did think it odd that a policy that is meant to be affecting a user's profile was in the computer section of the policy.

The thing that stood out to me was the fact Transcender was implying that this was the recommended method of implementing mandatory roaming profiles.

It suggests the renaming of NTuser.dat is an alternative way to create a mandatory profile, and that using a GPO is the recommended way of preventing users from changing a roaming profile.

I have managed to get it working now by the way, using the GPO. It would seem that setting the 'No Override' option for the new policy object ( I set one up just to enforce the mandatory profile) did the trick.

edit: It seems to work if the clients are XP. If you modify settings relating to the profile with 2k, then it makes changes to the roaming profile on the server.