+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, Mandatory profile and GPO settings in Technical; I'm trying to test mandatory profiles at present we run roaming profiles. I've created a test ou with a test ...
  1. #1

    Join Date
    Sep 2005
    Location
    Lancaster
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Mandatory profile and GPO settings

    I'm trying to test mandatory profiles at present we run roaming profiles. I've created a test ou with a test user in it. Created a mandatory profile by copying a local account from a machine etc etc. Point the users profile to the mandatory profile works fine. Add our standard gpo's to the ou and it all goes wrong. None of the GPO settings are applied you get a machine with no restrictions. Remove the mandatory profile from the user and the GPO settings are applied. It's only when you put the two together it all goes wrong. HELP!

  2. #2
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,450
    Thank Post
    45
    Thanked 160 Times in 135 Posts
    Rep Power
    57

    Re: Mandatory profile and GPO settings

    You cannot have mandatory profiles and GPO's. Windows DOES NOT apply them when its a user.man and not a user.dat. A pain i know, as i had this problem. What is it your trying to achieve with the mandatory profiles?

  3. #3
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,007
    Thank Post
    124
    Thanked 286 Times in 263 Posts
    Rep Power
    109

    Re: Mandatory profile and GPO settings

    I have a mandatory profile running for one year as it was a quick solution to get their DreamWeaver site setup and stay there and that is locked down by GPOs no problem. Are you talking about a Man profile thats been locked down through the registry?

  4. #4
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    608
    Thank Post
    53
    Thanked 12 Times in 12 Posts
    Rep Power
    23

    Re: Mandatory profile and GPO settings

    You can definitely run mandatory profiles and GPOs together. Policies are applied in this order I believe
    Local Policies >> Mandatory profiles >> Group policies

    i.e If there is a setting that is in a mandatory profile AND a GPO, then the Group Policy would "win"

  5. #5

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Mandatory profile and GPO settings

    Quote Originally Posted by windy
    Add our standard gpo's to the ou and it all goes wrong. None of the GPO settings are applied you get a machine with no restrictions. Remove the mandatory profile from the user and the GPO settings are applied. It's only when you put the two together it all goes wrong. HELP!
    I hope chaneg the registry permissions on the user hive before copying the profile to the server.

  6. #6

    Join Date
    Sep 2005
    Location
    Lancaster
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Mandatory profile and GPO settings

    Quote Originally Posted by NetworkGeezer
    Quote Originally Posted by windy
    Add our standard gpo's to the ou and it all goes wrong. None of the GPO settings are applied you get a machine with no restrictions. Remove the mandatory profile from the user and the GPO settings are applied. It's only when you put the two together it all goes wrong. HELP! evil
    I hope chaneg the registry permissions on the user hive before copying the profile to the server.
    I copy the profile from the local machine using the copy profile from the advanced functions on the local machine. Can you just enlighten me on the user hive bit please.

  7. #7
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    608
    Thank Post
    53
    Thanked 12 Times in 12 Posts
    Rep Power
    23

    Re: Mandatory profile and GPO settings

    That sounds right Windy. Something else must be wrong. Are there event log errors on the local machine? Also, have you ran the "group policy results wizard", that can throw up some interesting pointers.

  8. #8

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Mandatory profile and GPO settings

    Quote Originally Posted by windy
    I copy the profile from the local machine using the copy profile from the advanced functions on the local machine. Can you just enlighten me on the user hive bit please.
    The user hive is the section of the registry that settings of the currently logged on user (HKCu) is stored. This normally saved as ntuser.dat in the profile.

    The above was just me asking in a round about way if you had changed the permitted use to Everyone or Authenticated Users.

    If you are using someone elses's profile and only they have permissions to use it then you can't make any changes to HKCU and so per user GPOs won't take effect.

  9. #9
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    608
    Thank Post
    53
    Thanked 12 Times in 12 Posts
    Rep Power
    23

    Re: Mandatory profile and GPO settings

    Windy, as NetworkGeezer is saying, when you copy the profile from the advanced tab do you alter the "permitted to use" box to "Everyone"?

  10. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,505
    Thank Post
    10
    Thanked 508 Times in 445 Posts
    Rep Power
    116

    Re: Mandatory profile and GPO settings

    you can use groups other than everyone. I just use 'students' for mine, as all students are in this group. I dislike using the everyone setting for permissions.

  11. #11

    Join Date
    Sep 2005
    Location
    Lancaster
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Mandatory profile and GPO settings

    OK I've made a test bed server 2003 and a xp prof client. But I get the same outcome GPO fine, mandatory profile fine put the two together and it all goes wrong! I've cleared down the event viewer on the local machine and I get two errors after trying to log on.

    The group policy client-side extension folder redirection failed to execute.Please look for any errors reported earlier

    and

    Unable to apply folder redirect policy, initiaization failed.

  12. #12
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    608
    Thank Post
    53
    Thanked 12 Times in 12 Posts
    Rep Power
    23

    Re: Mandatory profile and GPO settings

    It could be the permissions of the policy itself (who is allowed to run it?) or the permission of the redirected folder. (Pupil doesn't have access to it.)

  13. #13

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: Mandatory profile and GPO settings

    Your not setting Application folder redirection and IE settings at the same time are you?

  14. #14

    Join Date
    Sep 2005
    Location
    Lancaster
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Mandatory profile and GPO settings

    Quote Originally Posted by Geoff
    Your not setting Application folder redirection and IE settings at the same time are you? )
    No I'm trying to redirect the start menu and my docs.

  15. #15
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35

    Re: Mandatory profile and GPO settings

    Have you created the folders on the server ahead of time or are you letting Windows create them as and when the user logs on. Microsoft reccomend the latter, but the permissions on the parent folders must be correct.

    E.g. If you are redirecting to \\server\userfolders\%username%\My Documents

    The permissions on the folder that hosts the userfolders share must be as follows;

    Administrators: Full Control (This folder, subfolders & files)
    System: Full Control (This folder, subfolders & files)
    CREATOR OWNER: Full Control (subfolders & files only)
    Authenticated Users: Special (Traverse Folder, List Folder, Read Attributes, Read Extended Attributes, Create Folders, Read Permissions) (This folder only)

    These permissions will allow windows to create folders for your users which they then become the owners of. You may like to read the Wiki How To section on roaming profiles...



SHARE:
+ Post New Thread

Similar Threads

  1. GPOs combined with mandatory profile
    By edsa in forum Network and Classroom Management
    Replies: 7
    Last Post: 31st October 2007, 11:40 PM
  2. Vista/XP Mandatory Profile Hell
    By RockIt in forum How do you do....it?
    Replies: 7
    Last Post: 31st August 2007, 11:43 PM
  3. Replies: 4
    Last Post: 15th August 2007, 06:36 PM
  4. mandatory profile in vista
    By FN-GM in forum Windows Vista
    Replies: 11
    Last Post: 7th August 2007, 01:00 AM
  5. Modifying a mandatory profile - printers
    By GrumbleDook in forum Windows
    Replies: 4
    Last Post: 23rd January 2006, 11:54 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •