Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

btiller

2 Posts

142426

February 4th, 2013 18:00

Mandatory Profile - vWorkspace policies not applying

I'm wondering if anyone has ever seen something like this below. I have three terminal servers (2008 R2) all delivering the same published desktop and app. I had eveyrone using it setup for mandotory profiles. Recently, one of the servers has stopped applying Quest defined policies and published apps to anyone logging in with a mandatory profile defined. The other 2 servers are still working fine. I have rebuilt the mandatory profile, uninstalled/reinstalled the Quest Terminal Services role on the problem server, but nothing works.

Anyone have any thoughts? Any help and/or suggestions are appreciated......Thanks!

mwehr

34 Posts

February 4th, 2013 22:00

Hello Brian

With Windows Policies (GPO or LGPO) and Mandatory Profiles you will have Problems if you create the mandatory Profile in a not supported way (the sysprep-copyprofile method only)

Load ntuser.man in regedit.exe and look at the permissions on

HKEY_USERS\myprofile\Software\Policies

HKEY_USERS\myprofile\Software\Microsoft\Windows\CurrentVersion\Group Policy

HKEY_USERS\myprofile\Software\Microsoft\Windows\CurrentVersion\Policies

The Group Policy Client will modify the permissions if you load the Profile.

You can however adjust permissions on these keys each time you manually modify the Profile.

Also mandatory profiles can lead to privacy issues on Terminal Servers since users could open the users hive of other logged users.

best regards

Markus

btiller

2 Posts

February 5th, 2013 12:00

Markus,

Thanks for the reply. I did check the permissions on the hive and made sure that it was set correctly. One thing of note however.........the below keys do not exist:

HKEY_USERS\myprofile\Software\Microsoft\Windows\CurrentVersion\Group Policy

HKEY_USERS\myprofile\Software\Microsoft\Windows\CurrentVersion\Policies

I compared the resgistry settings with what is on this server to the ones that are working on the other servers. They are all the same, in other words, those registry entries also do not exist on the other terminal servers that are working without issue.

Going off of what you said, I copied the mandatory profile settings (including the hive) from one of the servers that is working just fine onto the problem servers, loaded the hive into the registry and reset the permissions and unloaded the hive. After doing this, it seems to working correctly now, allowing logons and applying Quest policies to user accounts that have the mandatory profile defined.

However, I'm not sure what caused the issue in the 1st place. In other words, I have it working but no clue as to why it stopped working.

Thanks again........any further insights are welcome!

-Brian

View More

View All

No Events found!

Top