Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GPO's and Shared Profiles... 1

Status
Not open for further replies.
psymonj

psymonj

Programmer
Mar 31, 2005
49
GB
On a regular day; I handle basic, day-to-day, troubleshooting (plug mouse/keyboard in...). Recently I have been stepped-up to build a new domain from scratch. Mimicking, as best I could, the current set up.

I have created the user accounts, but I need a group of users - based in a call center - to share a mandatory profile with restrictive policies in place.
I created several sets of policy so as to easily spot difficulties with certain settings. Logging on to various test machines with the accounts from this GPO and all seems well. Locked down as I intended based on the brief.

I applied a profile to the account. No problem.
I apply a shared-mandaory profile and it all goes wrong.
Users have near-full access to every aspect of the machine.

Does anyone have any similar experience or pointers to allow me to have a shared-mandatory profile to many users based in a restricted GPO?

Many thanks in advance,
Simon

Simon Hawes
Silvercoast Media
simon@silvercoast.co.uk
 
Sort by date Sort by votes
My experience of certain profiles bypassing the GPOs and having full access as if they were logged on as a local user has come down to profile corruption. Something causes it to, effectively ignore all the GPOs.

I'd try tools like rsop (run rsop.msc I think) to see if any GPO is getting through.

But primarily I would go over the following steps carefully : (assuming you have XP workstations)

- Make a "setup/setup" user account on a local workstation with normal user rights
- Log onto the workstation as setup, and make the profile how you want it (change start menu settings, run the office apps and arrange the bars etc)
- Log off and back on as admin.
- Goto system properties and/user profiles/select the setup profile and say "copy to"
- Press "change" to change permission properties and put in "everyone", ok
- Press browse and select a new folder in your shared profile folder to save it to
- On the server find that profile and swap it in for where your roaming profile is stored, changing the .dat file extention to .man to prevent any changes (the .pol and .ini and .log should be deletable)

Forgive me if you've already been through such a procedure but it helps to go through it again slowly in these cases I've found.
If you now log on as a user using that profile, you should get the GPOs no problem.
Try rsop again and see what you've got.

Hopefully it's just a profile corruption issue as I can't remember any other successes I've had when faced with such problems. Assuming your GPOs are all ok and assigned to the right OUs and the users are too of course.

Make sure there are no permission problems with the profile at server/workstation ends, check event logs etc.

_________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
Thanks Leozack.

Your suggestion worked a treat for the XP Machines.
It works for 2000 Machines also, which most of our workstations are.

So far so good :)

Simon Hawes
Silvercoast Media
simon@silvercoast.co.uk
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
682
strongm
strongm
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
335
DrB0b
DrB0b
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
209
geneg28
geneg28
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
292
DrB0b
DrB0b
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
263
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top