A bit of a follow-up to my earlier question:- I am trying to configure a mandatory profile for my users (I am going to use this as the base for a hybrid profile). I've built the base profile, named it to ntuser.man, stored it on a network share with the appropriate .v2 extension. Now, I used to use the *Terminal Services Profile *tab in ADUC to deploy the mandatory profile path, but this time I thought I would streamline things a bit and use a GPO.
Now I found the GPO in *Computer Config | Windows Settings | Admin Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles* and set them as appropriate (I set the path, and the *Use mandatory profiles* setting also). I found it a bit weird that this was in Computer Config, given that it was a user setting, AFAIK. I ensured that Loopback Processing was enabled (even though this is a Computer setting, it felt like it was necessary), and filtered the GPO to both my test server and my test user group (as I wasn't sure which one it would need to apply). However, the mandatory profile will only apply if I explicitly set the path in ADUC. The GPO never kicks in and I always get a local profile unless the ADUC setting is filled in. When I run a RSOP, the GPO never shows up. I have tried setting it to "Enforced", which makes no difference at all. I have performed some replication troubleshooting on AD (as there was an issue) but this has turned out to be a red herring. Can anyone give me any hint as to what I am doing wrong? I've discovered a couple of threads pertaining to similar issues, but no resolution. For the record, it is Windows Server 2008 R2 running XenApp 6 I am connecting to, in a Windows 2003 R2 FFL domain. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
