Results 1 to 3 of 3

Thread: TS on 2003 using loopback to keep Roaming Profiles away?

  1. 05-31-2005, 01:27 PM #1
    SIver
    SIver is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    5

    Default

    Maybe I just have a brain freeze today or something, because I thought we covered this in class, or that it was in the book someplace....

    My wish: Prevent users from "sprinkling" roaming profiles onto my Terminal Servers.

    I'm thinking that Loopback is what I'm wanting to use, but so far my testing on Virtual Machines is not going well. I'm sure I'm doing something wrong with my policy, but what could it be?

    Am I on the right track?
    Reply With Quote Reply With Quote
  2. 12-07-2005, 02:24 PM #2
    SIver
    SIver is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    5

    Default

    Well I've finally answered my own question, and wanted to post this for all others in case they need help with the same thing>

    I created a sepereate OU for Terminal Servers, and placed all TS server's computer accounts in this OU. I then created a GPO I called "TS Loopback"...

    All Settings are under Computer Configuration:

    1st set -

    Admin Templates / System / Group Policy

    Folder Redirection Policy Processing - Disabled (I don't want my users getting to thier My Docs from the TS, your enviroment my be differnet)

    Scripts Policy Processing - Disabled (I don't want my users logon scripts running on the TS)

    Software Installation Policy Processing - Disabled (I dont' want applications assigned to my users to be installed on the TS, I only want Apps that I manually installed on my TS to be there)

    User Group Policy Loopback Processing Mode - Enabled Replace (This as Jeremey would say is the secrete sauce to making this work)

    Admin Templates / System / User Profiles

    Delete Cached copies of roaming profiles - Enabled (just in case I messed up something else, I at least want any roaming profiles deleted)

    Prevent Roaming profiles changes from propogating to the server - Enabled (again this is just in case a roaming profile get's thru, I don't want changes made here on the TS to affect the users profile)

    Only allow local user profiles - Enabled (This was the setting I was missing!!! When I enabled Loopback Replace mode, I thought that my roaming profile would not apply AT ALL, HOWEVER my roaming profile was loaded from the server, just not saved to the local HD. With this setting turned on, when I log onto my TS the TS creates a NEW local profile just on that server for my account.

    The downside to this is that right now I'm manually removing these local profiles, becuase I'm not sure to to automate deleting them. However I can make all the changes I need to the .default profile and then each user of the TS get's those settings each time the local profile is recreated!

    Now I just have to sit down and do some more tweaking...

    I hope this helps someone else!!!!
    Reply With Quote Reply With Quote
  3. 12-09-2005, 12:07 PM #3
    Budoka
    Budoka is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    1

    Default

    I used this guide when configuring my policies, and found it to be excellent:

    http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx

    DC
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Search Engine Friendly URLs by vBSEO