+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Windows Server 2008 R2 Thread, Mandatory profile vs. Fully loaded GPO/GPP... FIGHT! in Technical; local profiles here. All important stuff is redirected. Not caused any problems....
  1. #16
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,461
    Thank Post
    9
    Thanked 342 Times in 238 Posts
    Rep Power
    107
    local profiles here. All important stuff is redirected.
    Not caused any problems.

  2. #17
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,655
    Thank Post
    383
    Thanked 273 Times in 225 Posts
    Rep Power
    103
    Quote Originally Posted by zag View Post
    Locking down the GPO is the way to go in schools. We completely remove the profile on all users in the school.

    Students don't need profiles. I have no idea why anyone would do that by design in a high user educational environment.
    Logon times seemingly identical (816kb profile has to go over then network on mandatory).
    profiles on the machine are 50% of the size when mandatory (it's all trivial though as it's 51mb vs 101mb).
    Mandatory profiles instantly unload on logoff, presumably there's a way of doing this for local profiles too though but it's not obvious to me at the moment.

    Overall i prefer mandatory profiles for the above small advantages, and knowing that they're forced into conformity via the profile, so even if some rogue technician deletes a GP things will still be set to a point.

    Prior to the existence of GPPs it was also the only easy way of solving a particular issue where a program wouldn't load without an empty folder in the user profile that students couldn't create(started with a dot), nowadays that's removed and GPP does it on logon though in the specific area that folder is required, but still my point is that it used to be a solution to a problem even if it isn't one anymore. Changing to local from mandatory is such a trivial change that it's not even worth it.

    The other reason i use mandatory profiles, is that you know the profile is that way and will forever be that way, and you won't run into issues like this: http://social.technet.microsoft.com/...w7itprogeneral
    Last edited by mrbios; 4th March 2014 at 04:11 PM.

  3. Thanks to mrbios from:

    zag (4th March 2014)

  4. #18

    Join Date
    Aug 2009
    Posts
    32
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    How much configuring do I have to do before I pull the profile from it? I mean should I do all 168 Windows updates? Install AV? Office?
    Ideally it would be a full image that you are using in production.. in reality you're probably going to want at *least* your core applications (esp. office).

    The last time I needed to change something on our old XP profile, I just browsed to it on the server and dropped the 'web shortcut' and a 'favourite' into the required folders and they appeared... How do you get a shortcut to appear when you tell it you want it to go to c:\Program Files\Office while you are on the server and it tells you that shortcut is invalid because you don't have Office installed on the server...?

    Do I put stuff on the Start Menu now? Favourites? Desktop Icons? Or control all of that later via GPO/GPP?
    No, don't put any shortcuts/favourites etc into the profile. It should be purely things that can't be easily controlled via GP or will affect first logon. You can push start menu shortcuts down using GPP - the targeting options mean you can configure it to only create a shortcut if that particular piece of software is installed on the computer. I have seen cases where creating shortcuts via GPP can cause slowdown however, mainly because Anti-Virus wants to scan the target of your shortcut (which can be quite bad if it's a network location that you haven't excepted from scanning). An alternative is to use folder redirection (or use GPP to just *copy* a folder full of pre-configured shortcuts).
    Last edited by karlr; 4th March 2014 at 04:36 PM.

  5. Thanks to karlr from:

    Koldov (5th March 2014)

  6. #19
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    566
    Thank Post
    129
    Thanked 65 Times in 52 Posts
    Rep Power
    42
    On with the updates, AV and office install then...

    Shame they are not going to release a Service Pack 2 for 7....

    Kol.

  7. #20

    Join Date
    Jun 2008
    Location
    Barnet
    Posts
    127
    Thank Post
    36
    Thanked 11 Times in 7 Posts
    Rep Power
    15
    This thread's very interesting to me as profiles are a bane of my life. Everyone at the moment has roaming profiles. Perhaps half a dozen times a day I get students that either get almost logged in before before being thrown back out, or whose redirection policy is permanently failing to apply. These faults are both fixed by deleting the profile. In addition we sometimes get very slow logins. haven't got to the bottom of it but profiles may be part of the problem.

    We have a very comprehensive set of policies. I suspect too comprehensive, but there's no shortage of nailing down and redirecting going on.

    So, I reckon that we need either mandatory policies or none. Now I have to admit that I hadn't heard of the latter - how's that work? If we go for mandatory, given that we have everything in policy, what would you put in that profile? What would be better placed in the profile rather than set by GP?

    Setup here is all Win 7 / Server 2008R2.

  8. #21
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,722
    Thank Post
    176
    Thanked 228 Times in 210 Posts
    Rep Power
    69
    Quote Originally Posted by Koldov View Post
    Cool, so I've got my VM in Virtual Box up and running Windows 7...

    How much configuring do I have to do before I pull the profile from it? I mean should I do all 168 Windows updates? Install AV? Office?
    The way I did mine on Windows 7 was to make my base image as a virtual machine then snapshot it just before running sysprep. Then after the image was captured to SCCM I reverted the snapshot to work on the profile. That way you'll be working on a machine that matches the base state of how all your other workstations will be. Personally I'd say do it without AV as the scanning increases the likelihood of problems.

    Once done replace the original sysprep file with the basic "copyprofile" one and run sysprep to generate the supported profile. At this point I deviate from the Microsoft guide as they say click the Copy To button and provide a UNC path. With my machine being on virtual (and thus not part of a domain) I found it easier to do the copy to a local folder on the VM then extract it manually (e.g. via the C$ admin share).

    Finally copy it to a suitable place on the network and test, worked perfectly for me with Windows 7 and about 220 machines. Boot time from powered off state to working desktop was 1 minute 30 seconds

  9. #22

    Join Date
    Aug 2009
    Posts
    32
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by birchanger View Post
    Perhaps half a dozen times a day I get students that either get almost logged in before before being thrown back out, or whose redirection policy is permanently failing to apply.
    Do you have "Move the contents of Documents to the new location" enabled for your redirection policies? I have seen cases where this will fail when copying for example "My Music", with an error about security descriptors

    So, I reckon that we need either mandatory policies or none. Now I have to admit that I hadn't heard of the latter - how's that work? If we go for mandatory, given that we have everything in policy, what would you put in that profile? What would be better placed in the profile rather than set by GP?
    Anything that is going to affect their first logon experience should be baked into a mandatory profile. You will still be relying on GP for the vast majority of things however. I'm wondering if "User Experience Virtualization" (UE-V) is any good. Roaming profiles may be bad, but not having personal/app settings synced for roaming users also isn't great..

  10. #23
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    150
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    16
    Mandatory here as well. We started with roaming and it was causing few issues, mainly with logging in - the profile grew and it than took longer to load it. Or sometime it just got corrupted - really annoying. Switched to mandatory and never looked back. Ours in not tiny, around 30MB but lots of software settings embedded in it, like office, serif apps etc.



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Mandatory Profiles Not Setting via GPO
    By jdell in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 20th September 2013, 10:54 AM
  2. Students - Mandatory Profiles Vs "NETLOGON\Default User" method?
    By burgemaster in forum Windows Server 2000/2003
    Replies: 18
    Last Post: 18th November 2010, 01:09 PM
  3. Mandatory profile 2008 TS via GPO
    By joe90bass in forum Thin Client and Virtual Machines
    Replies: 1
    Last Post: 17th September 2009, 01:18 PM
  4. Replies: 11
    Last Post: 6th October 2007, 05:27 PM
  5. Mandatory profile and GPO settings
    By windy in forum Wireless Networks
    Replies: 14
    Last Post: 7th April 2006, 12:17 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •