On 09.05.2017 09:21, Markus Klocker wrote:
Hi all,
the GPO-Setting "Administrative Templates/System/User Profiles/Do not
log users on with temporary profiles" seems to be prevent even local
Administrators to log on to a Windows 10 domain computer.
Domain users that to not have a roaming profile can not be used as
service accounts to query ldap because it fails.
We need this setting though to make sure that users with no profile
can not log in.
This is already in use on Windows 7 clients and there everything is fine.
There is also a message box for local admin accounts stating: "We
can't sign into your account".
This box is also shown to users when not allowing to cache roaming
profiles. If set to delete cached profiles after 1 day the box is not
shown.
In some cases like computer rooms we actually do not want to cache
profiles at all.
I hope someone knows a bit more about this behaviors.
Best,
Markus
push
Please share your experience.
Thank you.
Markus
