speckytecky (13th July 2012)
Hi all got a really annyoing problem.
We have Server 2008 R2 domain, and are updating our clients to Windows 7 (finally). I have everything working fine except one thing.
All the students use a Mandatory profile \\server\netlogon\profile\mandatory.v2, it works fine.
The machines have a GPO for each classroom which sets up things like printers etc.
When the students logon they have a GPO the redirects menus, locks fetures etc as you would expect.
The prroblem i have is when you turn a mchine on and a student logs in it executes the Machine GPO and applies the Mandatory profile, but not the student GPO.
But if the student logs off and then straight back on again it works brilliantly.
Any ideas of how to get it all to work without logging on twice?
i experience the same but the other way around and with local GPO:
when the Profile is _new_ the LGPO will be applied.
For subsequent logins with existing profile c:\users\testuser the LGPO will not apply.
The only workaround i can see so far: prepare the ntuser.man with the GPO Settings already in Place.. not very flexible.
I found the solution here at edugeek:
the ntuser.man got wrong permissions because i loaded it one time as writeable profile.
Add authenticated users with full access.
The group policy client seems to set permissons at this keys. for a logged mandatory user you will find read access again. the SID with read access in the ntuser.man is the user we used to customize the profile - so we need to put authenticated users back in.
Now this one of the reasons why Microsoft only supports the sysprep/copyprofile Method for creation of Mandatory Profiles.
Computer Config > Policies > Admin Templates > System > Logon - Always wait for the network at computer startup and logon - Enabled
Try reducing the GPO refresh down from the default 90 mins to less than 10 mins.
Computer Config > Admin Templates > System > Group Policy - Group Policy refresh interval for computers. Set to 5 and 9.
User Config > Admin Templates > System > Group Policy - Group Policy refresh interval for users. Set to 5 and 9.
This more suitable for school environments where pupils may only use ICT for 30-40 mins at a time.
There are currently 1 users browsing this thread. (0 members and 1 guests)