Don't use the mandatory profile for the desktop, Start Menu, proxy settings etc - they all need to be redirected.
Set the permissions on the profiles folder so that it cannot be written back to - you do not want one person changing your mandatory profile!
Do you have all the required Windows 7 admx files in your sysvol ready to use?
OK, thanks to @3s-gtech, that shows I have some glaring gaps in my knowledge. It appears that I don't have the W7 admx files (or Office 2010 or IE 10 for that matter). I have read that it shows 'from local machine' somewhere when viewing GPO's and I have seen that (although I can't find where I read that now). I have also read that a central store needs creating, but I'm not sure if that has been done either.
My permissions are a bit of a mess, for ease it looks like they have been set up as 'Everyone' for practically everything on the server, but I inherited it and have never had time to go through every folder listing permissions...
Going to really have to grab the bull by the horns and just put it out there and say I feel I'm going to need a lot of help on this one...
Just give us all a shout if needed. My setup was like that when I took it on (worked pretty well to be fair, just a bit 'open') but I've morphed it into a fairly decent setup.
Get a Central Store setup in your Sysvol, and get all the necessary ADMXs in there (not a big job, or hard to do). Then GP will start to fly.
Permissions wise, go slowly and steadily, changing bit by bit as you can test. Don't go changing all the permissions in one go - you may stuff it up (from experience)! In many cases, you may be able to get away with changing from Full Control to Read and Execute, but I usually like to use Authenticated Users instead of Everyone when possible.