Mandatory TS user profiles... Admin rights

  • Thread starter Thread starter Noncentz303
  • Start date Start date
N

Noncentz303

Guest
The lowdown- I have been tasked with setting up our TS enviorment so that
when a user logs on they have limited access to the desktop and startbar.
From what I have read this can be accomplished with TS user profiles.

We have a SBS and 2 TS "TS1 and TS2"

I am new at this but this is what i have accomplished so far:

I created a new GPO and a new OU for TS1 and 2
-I created a shared folder on TS1 called TSProfiles
-I created a test user and added it to the new GPO
-I enabled loopback processing
-I enabled admin security group to roaming profiles
-Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username

Then I went to my test user and specified the following profile path:
\\TS1\TSProfile\%username%

- This is where I run into my issues. When I log in a seperate folder is
created in my share for each user. I would like to use 1 standard profile for
all users when they log in so that when I make changes the effect all users.

- Also when I log in as admin I cannot view the contents of the folders
because access is denied -- even though I have it set to add user admin when
folder is created

- I also am wondering will I have to set up a static path for every user
depending on what TS they use and specify different paths and redirects for
both servers?

Any help would be appreciated
Antony
 
RE: Mandatory TS user profiles... Admin rights

Hello,

It has been a while, but give this a shot and let us know how you make out.

You can do this only in Windows 2003 Ad environment. The goal here is to
migrate your users to a mandatory profile without changing any of the AD user
properties you have in place now.

Configure a dummy profile path via the GPO.
Computer Config > Admin Templates > Windows Components > Terminal Services
Set the path for the TS roaming profile

Create a mandatory profile for the terminal server. Create a local account
(place the account into the local admin group). It is also preferrable that
you do this on a server with no domain affilliation or policies applied.
VMWare is good enough provided you are matching the OS and SP used in your
production environment. Log the account on and configure the environment the
way you like it. Log off.

Use the Computer Properties window to copy your user profile to a file share
you can get to. You want to be certain that you assign the Authenticated
Users group permission to access the profile. You will see input for this
security config within the Copy window of the My Computer > Properties >
Advanced > User Profiles > Copy Option window.

Refer to the following KB for creating the Mandatory Profile: MS KB323368

Refer to the following KB for configuring Folder Redirection within the
mandatory profile registry config. This is handy information. MS KB242557

This last KB references folder redirection within the ntuser.man registry
hive. Once you have created the mandatory profile, you must load the
ntuser.man file into regedit.exe HKEY_Users environment for cleaning. Be
sure to name the account something unique for searching qqqqqqq is good
enough. Once you have loaded the hive, search for any identity markers
associated with the account. Do not delete the key values, simply remove any
data associated with the account name.

While you are creating the account don't get into detailed configs, avoid
opening apps, this will better assure your mandatory profile is good to go.

Now...back to work.

Backup and empty the Default User profile. Be sure you can see hidden and
system files.

Copy the mandatory profile into the Default User folder environment. Be
sure you have hidden and system files available for viewing.

Rename the ntuser.man into ntuser.dat

Enable the following GPO setting

Computer Config > Admin Templates > System > User Profiles > Prevent Roaming
Profile Changes to propagate to the server

There you go, you have a mandatory profile environment, which utilizes the
ntuser.dat for certificates and that good roaming stuff, but you have no
folder propagation to the roaming environment.

This will not solve your Outlook config settings however. You will need to
lauch the app with a PRF file associated for user settings to be applied.
This will avoid setup for each launch. To get further into the mix on this
one, you should look into a Flex profiling environment. Do a search for Flex
Framework on google, and head in that direction.

Let us know how you make out!


"Noncentz303" wrote:

> The lowdown- I have been tasked with setting up our TS enviorment so that
> when a user logs on they have limited access to the desktop and startbar.
> From what I have read this can be accomplished with TS user profiles.
>
> We have a SBS and 2 TS "TS1 and TS2"
>
> I am new at this but this is what i have accomplished so far:
>
> I created a new GPO and a new OU for TS1 and 2
> -I created a shared folder on TS1 called TSProfiles
> -I created a test user and added it to the new GPO
> -I enabled loopback processing
> -I enabled admin security group to roaming profiles
> -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
>
> Then I went to my test user and specified the following profile path:
> \\TS1\TSProfile\%username%
>
> - This is where I run into my issues. When I log in a seperate folder is
> created in my share for each user. I would like to use 1 standard profile for
> all users when they log in so that when I make changes the effect all users.
>
> - Also when I log in as admin I cannot view the contents of the folders
> because access is denied -- even though I have it set to add user admin when
> folder is created
>
> - I also am wondering will I have to set up a static path for every user
> depending on what TS they use and specify different paths and redirects for
> both servers?
>
> Any help would be appreciated
> Antony
 
RE: Mandatory TS user profiles... Admin rights

Cendrars,

Thanks for the response... It was way helpful for what I have to do. This is
how it went down..

I created my seperate GPO and user for my test enviorment just fine. I was
able to create the share and copy over a good user profile. When I log on
with the user I am able to see the changes that have been made as well as
everything in the C:\Documents and Settings\All Users folder....

I guess now im looking to clean and sure up alot of loose ends. I would like
to be able to log in as an administrator and see my usual menu's start bars
and whatnot so I wont add myself to the GPO but I have to edit C:\Documents
and Settings\All Users for my changes to work correctly which also messes
with the admin account.

Is there a workaround for this purpose???

"cendrars" wrote:

> Hello,
>
> It has been a while, but give this a shot and let us know how you make out.
>
> You can do this only in Windows 2003 Ad environment. The goal here is to
> migrate your users to a mandatory profile without changing any of the AD user
> properties you have in place now.
>
> Configure a dummy profile path via the GPO.
> Computer Config > Admin Templates > Windows Components > Terminal Services
> Set the path for the TS roaming profile
>
> Create a mandatory profile for the terminal server. Create a local account
> (place the account into the local admin group). It is also preferrable that
> you do this on a server with no domain affilliation or policies applied.
> VMWare is good enough provided you are matching the OS and SP used in your
> production environment. Log the account on and configure the environment the
> way you like it. Log off.
>
> Use the Computer Properties window to copy your user profile to a file share
> you can get to. You want to be certain that you assign the Authenticated
> Users group permission to access the profile. You will see input for this
> security config within the Copy window of the My Computer > Properties >
> Advanced > User Profiles > Copy Option window.
>
> Refer to the following KB for creating the Mandatory Profile: MS KB323368
>
> Refer to the following KB for configuring Folder Redirection within the
> mandatory profile registry config. This is handy information. MS KB242557
>
> This last KB references folder redirection within the ntuser.man registry
> hive. Once you have created the mandatory profile, you must load the
> ntuser.man file into regedit.exe HKEY_Users environment for cleaning. Be
> sure to name the account something unique for searching qqqqqqq is good
> enough. Once you have loaded the hive, search for any identity markers
> associated with the account. Do not delete the key values, simply remove any
> data associated with the account name.
>
> While you are creating the account don't get into detailed configs, avoid
> opening apps, this will better assure your mandatory profile is good to go.
>
> Now...back to work.
>
> Backup and empty the Default User profile. Be sure you can see hidden and
> system files.
>
> Copy the mandatory profile into the Default User folder environment. Be
> sure you have hidden and system files available for viewing.
>
> Rename the ntuser.man into ntuser.dat
>
> Enable the following GPO setting
>
> Computer Config > Admin Templates > System > User Profiles > Prevent Roaming
> Profile Changes to propagate to the server
>
> There you go, you have a mandatory profile environment, which utilizes the
> ntuser.dat for certificates and that good roaming stuff, but you have no
> folder propagation to the roaming environment.
>
> This will not solve your Outlook config settings however. You will need to
> lauch the app with a PRF file associated for user settings to be applied.
> This will avoid setup for each launch. To get further into the mix on this
> one, you should look into a Flex profiling environment. Do a search for Flex
> Framework on google, and head in that direction.
>
> Let us know how you make out!
>
>
> "Noncentz303" wrote:
>
> > The lowdown- I have been tasked with setting up our TS enviorment so that
> > when a user logs on they have limited access to the desktop and startbar.
> > From what I have read this can be accomplished with TS user profiles.
> >
> > We have a SBS and 2 TS "TS1 and TS2"
> >
> > I am new at this but this is what i have accomplished so far:
> >
> > I created a new GPO and a new OU for TS1 and 2
> > -I created a shared folder on TS1 called TSProfiles
> > -I created a test user and added it to the new GPO
> > -I enabled loopback processing
> > -I enabled admin security group to roaming profiles
> > -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
> >
> > Then I went to my test user and specified the following profile path:
> > \\TS1\TSProfile\%username%
> >
> > - This is where I run into my issues. When I log in a seperate folder is
> > created in my share for each user. I would like to use 1 standard profile for
> > all users when they log in so that when I make changes the effect all users.
> >
> > - Also when I log in as admin I cannot view the contents of the folders
> > because access is denied -- even though I have it set to add user admin when
> > folder is created
> >
> > - I also am wondering will I have to set up a static path for every user
> > depending on what TS they use and specify different paths and redirects for
> > both servers?
> >
> > Any help would be appreciated
> > Antony
 
RE: Mandatory TS user profiles... Admin rights

Are you logging on with a local admin account (local to the server, no domain
affiliation)? Or, are you logging on with a domain account. The difficulty
here is that you have applied Machine GPO settings which are global to the
server.

What is it that you are working to accomplish with your local admin account?

"Noncentz303" wrote:

> The lowdown- I have been tasked with setting up our TS enviorment so that
> when a user logs on they have limited access to the desktop and startbar.
> From what I have read this can be accomplished with TS user profiles.
>
> We have a SBS and 2 TS "TS1 and TS2"
>
> I am new at this but this is what i have accomplished so far:
>
> I created a new GPO and a new OU for TS1 and 2
> -I created a shared folder on TS1 called TSProfiles
> -I created a test user and added it to the new GPO
> -I enabled loopback processing
> -I enabled admin security group to roaming profiles
> -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
>
> Then I went to my test user and specified the following profile path:
> \\TS1\TSProfile\%username%
>
> - This is where I run into my issues. When I log in a seperate folder is
> created in my share for each user. I would like to use 1 standard profile for
> all users when they log in so that when I make changes the effect all users.
>
> - Also when I log in as admin I cannot view the contents of the folders
> because access is denied -- even though I have it set to add user admin when
> folder is created
>
> - I also am wondering will I have to set up a static path for every user
> depending on what TS they use and specify different paths and redirects for
> both servers?
>
> Any help would be appreciated
> Antony
 
RE: Mandatory TS user profiles... Admin rights

Cendrars,

Ok so i figured out my problem with my mandatory profiles. I was just
mapping them incorrectly in AD users and computer. I have the profiles
working like magic now.

But I am having an issue getting my GPO to work on my TS. I created a new OU
and under that I created my new GPO "TS Lockdown". In this GPO I added my TS1
and TS2 along with a test group with users to make sure I wasnt going to down
everyone. I have enabled loopback and a couple other standard limitation to
my GPO but when I log in with one of my test users the TS is basically the
same ... well baring the changes I made in my mandatory profile.

I have been searching all morning for the answer to why my GPO is not
working on my TS but to no avail. I was using this tutorial

http://www.microsoft.com/technet/technetmag/issues/2007/05/TerminalServices/default.aspx

I totally understand what is going on but I just cant seem to get it to work
at all. Any though on what I might be doing wrong??

Noncentz

"cendrars" wrote:

> Are you logging on with a local admin account (local to the server, no domain
> affiliation)? Or, are you logging on with a domain account. The difficulty
> here is that you have applied Machine GPO settings which are global to the
> server.
>
> What is it that you are working to accomplish with your local admin account?
>
> "Noncentz303" wrote:
>
> > The lowdown- I have been tasked with setting up our TS enviorment so that
> > when a user logs on they have limited access to the desktop and startbar.
> > From what I have read this can be accomplished with TS user profiles.
> >
> > We have a SBS and 2 TS "TS1 and TS2"
> >
> > I am new at this but this is what i have accomplished so far:
> >
> > I created a new GPO and a new OU for TS1 and 2
> > -I created a shared folder on TS1 called TSProfiles
> > -I created a test user and added it to the new GPO
> > -I enabled loopback processing
> > -I enabled admin security group to roaming profiles
> > -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
> >
> > Then I went to my test user and specified the following profile path:
> > \\TS1\TSProfile\%username%
> >
> > - This is where I run into my issues. When I log in a seperate folder is
> > created in my share for each user. I would like to use 1 standard profile for
> > all users when they log in so that when I make changes the effect all users.
> >
> > - Also when I log in as admin I cannot view the contents of the folders
> > because access is denied -- even though I have it set to add user admin when
> > folder is created
> >
> > - I also am wondering will I have to set up a static path for every user
> > depending on what TS they use and specify different paths and redirects for
> > both servers?
> >
> > Any help would be appreciated
> > Antony
 
RE: Mandatory TS user profiles... Admin rights

Hello,

You have applied Loopback, and I expect you have applied it in Replace mode.
Please apply it in replace mode.

The affect this will have is that the OU container will only process "User
Configuration" settings applied via GPOs linked to the OU container. GPOs
which are "Enforced" above the OU tree will also be applied to the OU.

Machine configurations within the GPO environment are global. Machine
configurations are applied to "all" users, hence their global nature. So,
any change you make on the machine side of the GPO will apply to all users
including Admins.

User configurations are for users, obviously. It is possible to segragate
the delivery of these settings to users based on group affiliation. While
the default setting for a linked GPO is to apply DACL configuration to the
Authenticated Users Group for the "Read" and "Apply Group Policy" settings,
you can deny these user settings to your Admin group by setting the DACL for
the group to "Read" the GPO, but "Deny Group Policy" as the option that
counts. This allows the admin group to log onto the server unobstructed by
user policy settings meant to lock down the server.

Also, make the effort to configure the "details" of your GPOs appropriately.
Apply your user GPO settings to, and within the details tab for the GPO
"deny computer settings". Apply your computer settings to a GPO and "deny
user settings" within the details tab for the GPO. Keep user and machine
settings separated within the GPO configurations.

So, what settings are we talking about, computer or user? If they are user
you will find success with the items I mention above. If they are computer,
well....you are out of luck. Let us know how you make out. Thanks.


"Noncentz303" wrote:

> The lowdown- I have been tasked with setting up our TS enviorment so that
> when a user logs on they have limited access to the desktop and startbar.
> From what I have read this can be accomplished with TS user profiles.
>
> We have a SBS and 2 TS "TS1 and TS2"
>
> I am new at this but this is what i have accomplished so far:
>
> I created a new GPO and a new OU for TS1 and 2
> -I created a shared folder on TS1 called TSProfiles
> -I created a test user and added it to the new GPO
> -I enabled loopback processing
> -I enabled admin security group to roaming profiles
> -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
>
> Then I went to my test user and specified the following profile path:
> \\TS1\TSProfile\%username%
>
> - This is where I run into my issues. When I log in a seperate folder is
> created in my share for each user. I would like to use 1 standard profile for
> all users when they log in so that when I make changes the effect all users.
>
> - Also when I log in as admin I cannot view the contents of the folders
> because access is denied -- even though I have it set to add user admin when
> folder is created
>
> - I also am wondering will I have to set up a static path for every user
> depending on what TS they use and specify different paths and redirects for
> both servers?
>
> Any help would be appreciated
> Antony
 
RE: Mandatory TS user profiles... Admin rights

BIG HELP,

I am trying to make changes on the user level. I have a GPO setup for
computer and one setup for Users. the changes I am making are on the user
side of things. I did not know about DACL config so I will get looking into
that. Here is what I recieved from RSOP

Created On 10/25/2007 at 3:03:32 PM



RSOP data for MCCOYSALES\anolan on MCSVR03 : Logging Mode
----------------------------------------------------------

OS Type: Microsoft(R) Windows(R) Server 2003, Enterprise
Edition
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: \\mcsvr03\AdminMandatory
Local Profile: C:\Documents and Settings\anolan
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=MCSVR03,OU=Terminal Servers,DC=mccoysales,DC=local
Last time Group Policy was applied: 10/25/2007 at 2:28:35 PM
Group Policy was applied from: mcsvr01.mccoysales.local
Group Policy slow link threshold: 500 kbps
Domain Name: mccoysales
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Small Business Server Domain Password Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

EnlightenUsers
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users


USER SETTINGS
--------------
CN=Antony Nolan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=mccoysales,DC=local
Last time Group Policy was applied: 10/25/2007 at 2:28:35 PM
Group Policy was applied from: mcsvr01.mccoysales.local
Group Policy slow link threshold: 500 kbps
Domain Name: MCCOYSALES
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server Lockout Policy
Filtering: Disabled (GPO)

Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)

Small Business Server Client Computer
Filtering: Not Applied (Empty)

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)

EnlightenUsers
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Offer Remote Assistance Helpers
Remote Desktop Users
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
SBS Mobile Users
Web Workplace Users
SBS Report Users
Prophet21_Users
Offer Remote Assistance Helpers


"cendrars" wrote:

> Hello,
>
> You have applied Loopback, and I expect you have applied it in Replace mode.
> Please apply it in replace mode.
>
> The affect this will have is that the OU container will only process "User
> Configuration" settings applied via GPOs linked to the OU container. GPOs
> which are "Enforced" above the OU tree will also be applied to the OU.
>
> Machine configurations within the GPO environment are global. Machine
> configurations are applied to "all" users, hence their global nature. So,
> any change you make on the machine side of the GPO will apply to all users
> including Admins.
>
> User configurations are for users, obviously. It is possible to segragate
> the delivery of these settings to users based on group affiliation. While
> the default setting for a linked GPO is to apply DACL configuration to the
> Authenticated Users Group for the "Read" and "Apply Group Policy" settings,
> you can deny these user settings to your Admin group by setting the DACL for
> the group to "Read" the GPO, but "Deny Group Policy" as the option that
> counts. This allows the admin group to log onto the server unobstructed by
> user policy settings meant to lock down the server.
>
> Also, make the effort to configure the "details" of your GPOs appropriately.
> Apply your user GPO settings to, and within the details tab for the GPO
> "deny computer settings". Apply your computer settings to a GPO and "deny
> user settings" within the details tab for the GPO. Keep user and machine
> settings separated within the GPO configurations.
>
> So, what settings are we talking about, computer or user? If they are user
> you will find success with the items I mention above. If they are computer,
> well....you are out of luck. Let us know how you make out. Thanks.
>
>
> "Noncentz303" wrote:
>
> > The lowdown- I have been tasked with setting up our TS enviorment so that
> > when a user logs on they have limited access to the desktop and startbar.
> > From what I have read this can be accomplished with TS user profiles.
> >
> > We have a SBS and 2 TS "TS1 and TS2"
> >
> > I am new at this but this is what i have accomplished so far:
> >
> > I created a new GPO and a new OU for TS1 and 2
> > -I created a shared folder on TS1 called TSProfiles
> > -I created a test user and added it to the new GPO
> > -I enabled loopback processing
> > -I enabled admin security group to roaming profiles
> > -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
> >
> > Then I went to my test user and specified the following profile path:
> > \\TS1\TSProfile\%username%
> >
> > - This is where I run into my issues. When I log in a seperate folder is
> > created in my share for each user. I would like to use 1 standard profile for
> > all users when they log in so that when I make changes the effect all users.
> >
> > - Also when I log in as admin I cannot view the contents of the folders
> > because access is denied -- even though I have it set to add user admin when
> > folder is created
> >
> > - I also am wondering will I have to set up a static path for every user
> > depending on what TS they use and specify different paths and redirects for
> > both servers?
> >
> > Any help would be appreciated
> > Antony
 
RE: Mandatory TS user profiles... Admin rights

You are on your way Grasshopper!

Let us know how you make out! Good luck!

"Noncentz303" wrote:

> The lowdown- I have been tasked with setting up our TS enviorment so that
> when a user logs on they have limited access to the desktop and startbar.
> From what I have read this can be accomplished with TS user profiles.
>
> We have a SBS and 2 TS "TS1 and TS2"
>
> I am new at this but this is what i have accomplished so far:
>
> I created a new GPO and a new OU for TS1 and 2
> -I created a shared folder on TS1 called TSProfiles
> -I created a test user and added it to the new GPO
> -I enabled loopback processing
> -I enabled admin security group to roaming profiles
> -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
>
> Then I went to my test user and specified the following profile path:
> \\TS1\TSProfile\%username%
>
> - This is where I run into my issues. When I log in a seperate folder is
> created in my share for each user. I would like to use 1 standard profile for
> all users when they log in so that when I make changes the effect all users.
>
> - Also when I log in as admin I cannot view the contents of the folders
> because access is denied -- even though I have it set to add user admin when
> folder is created
>
> - I also am wondering will I have to set up a static path for every user
> depending on what TS they use and specify different paths and redirects for
> both servers?
>
> Any help would be appreciated
> Antony
 
RE: Mandatory TS user profiles... Admin rights

Ahh the sweet smell of sorta success :)

I enabled the GPO and I definetly saw changes:

The configurations that I enabled for my TSLockdown GPO "Computer
Configuration" took effect immediately. ex. I enabled a program to run on
startup and it work no problem

Im assuming since it was a computer setting no matter who I log in as on
that TS it will enable the "computer Configuration" from my GPO... thats
fine, I will probably setup another GPO to hande admin users

But with "User Configuration" I dont see the changes that I set in my
Lockdown GPO. Such as hiding drives and getting rid of the shutdown icon.
This is making it hard for me to see if the group I setup is actually working
correctly.

Do some of these settings require a restart?

"cendrars" wrote:

> You are on your way Grasshopper!
>
> Let us know how you make out! Good luck!
>
> "Noncentz303" wrote:
>
> > The lowdown- I have been tasked with setting up our TS enviorment so that
> > when a user logs on they have limited access to the desktop and startbar.
> > From what I have read this can be accomplished with TS user profiles.
> >
> > We have a SBS and 2 TS "TS1 and TS2"
> >
> > I am new at this but this is what i have accomplished so far:
> >
> > I created a new GPO and a new OU for TS1 and 2
> > -I created a shared folder on TS1 called TSProfiles
> > -I created a test user and added it to the new GPO
> > -I enabled loopback processing
> > -I enabled admin security group to roaming profiles
> > -Set the path for TS roaming profiles :\\TS1\TSProfiles * appends username
> >
> > Then I went to my test user and specified the following profile path:
> > \\TS1\TSProfile\%username%
> >
> > - This is where I run into my issues. When I log in a seperate folder is
> > created in my share for each user. I would like to use 1 standard profile for
> > all users when they log in so that when I make changes the effect all users.
> >
> > - Also when I log in as admin I cannot view the contents of the folders
> > because access is denied -- even though I have it set to add user admin when
> > folder is created
> >
> > - I also am wondering will I have to set up a static path for every user
> > depending on what TS they use and specify different paths and redirects for
> > both servers?
> >
> > Any help would be appreciated
> > Antony
 
Back
Top