mandatory profile and GPO problem

W

Will Sellers

Help! I have no hair left.
Objective: using a combination of mandatory profile and a GPO for a student
OU that will give a student a share folder and lock down the desk top.

My approach: In a GPO I define the lockdown settings. I specify the
logon.bat which uses net use to set the drive mapping to a shared directory
for students. I also defined the profile path //server/profiles/mandatory
In the Mandatory profile I establish how the desktop will look (icons etc).

To test this I have student-A student-B Student-C that belong to a
studentrights OU which has a studentgpo.
To create the mandatory profile (which may be the problem) I did the
following steps:
1. Logged as student-A
2. Configured desktop icons that I want students to have access to.
3. logged off
4. logon on as administrator
5. performed a copyto //server/profiles/mandatory
6. In the profile I changed netuser.dat to ntuser.man
7. logged on as student-A
desktop was ok
drive mapping was ok
Now the fun begins
Went to another computer and logged on as student-A
all was ok
on the same computer I logged on as student-B
the desk top was not the same as student-A
There was no lockdown {i.e. disabled control panel)
and no access to the mapped drive set by the logon.bat.
I ran gpresults and everything showed positive.
I checked the GPO status and it showed enabled with a check mark.


It appears that the mandatory profile is behaving as if it is a roaming
profile just for student-A.

What am I doing wrong? Please save my last strands of hair ....Thanks
 
C

ChrisB

Will,

The problem is when you are copying the profile up to the network drive.

Their is an option to change the users who can access the profile. Create a
group and add your users to it. Allow the group to access the profile.

Chris

"Will Sellers" wrote:

> Help! I have no hair left.
> Objective: using a combination of mandatory profile and a GPO for a student
> OU that will give a student a share folder and lock down the desk top.
>
> My approach: In a GPO I define the lockdown settings. I specify the
> logon.bat which uses net use to set the drive mapping to a shared directory
> for students. I also defined the profile path //server/profiles/mandatory
> In the Mandatory profile I establish how the desktop will look (icons etc).
>
> To test this I have student-A student-B Student-C that belong to a
> studentrights OU which has a studentgpo.
> To create the mandatory profile (which may be the problem) I did the
> following steps:
> 1. Logged as student-A
> 2. Configured desktop icons that I want students to have access to.
> 3. logged off
> 4. logon on as administrator
> 5. performed a copyto //server/profiles/mandatory
> 6. In the profile I changed netuser.dat to ntuser.man
> 7. logged on as student-A
> desktop was ok
> drive mapping was ok
> Now the fun begins
> Went to another computer and logged on as student-A
> all was ok
> on the same computer I logged on as student-B
> the desk top was not the same as student-A
> There was no lockdown {i.e. disabled control panel)
> and no access to the mapped drive set by the logon.bat.
> I ran gpresults and everything showed positive.
> I checked the GPO status and it showed enabled with a check mark.
>
>
> It appears that the mandatory profile is behaving as if it is a roaming
> profile just for student-A.
>
> What am I doing wrong? Please save my last strands of hair ....Thanks
>
>
>
 
W

Will Sellers

Are you referring to the "permitted to use " in the copyto dialog?
My students are in a group called students . So I should add that group in
the permitted to use box?


"ChrisB" <ChrisB@discussions.microsoft.com> wrote in message
news:46FB45CF-F611-4610-BBBC-8937E7436A63@microsoft.com...
> Will,
>
> The problem is when you are copying the profile up to the network drive.
>
> Their is an option to change the users who can access the profile. Create
> a
> group and add your users to it. Allow the group to access the profile.
>
> Chris
>
> "Will Sellers" wrote:
>
>> Help! I have no hair left.
>> Objective: using a combination of mandatory profile and a GPO for a
>> student
>> OU that will give a student a share folder and lock down the desk top.
>>
>> My approach: In a GPO I define the lockdown settings. I specify the
>> logon.bat which uses net use to set the drive mapping to a shared
>> directory
>> for students. I also defined the profile path //server/profiles/mandatory
>> In the Mandatory profile I establish how the desktop will look (icons
>> etc).
>>
>> To test this I have student-A student-B Student-C that belong to a
>> studentrights OU which has a studentgpo.
>> To create the mandatory profile (which may be the problem) I did the
>> following steps:
>> 1. Logged as student-A
>> 2. Configured desktop icons that I want students to have access to.
>> 3. logged off
>> 4. logon on as administrator
>> 5. performed a copyto //server/profiles/mandatory
>> 6. In the profile I changed netuser.dat to ntuser.man
>> 7. logged on as student-A
>> desktop was ok
>> drive mapping was ok
>> Now the fun begins
>> Went to another computer and logged on as student-A
>> all was ok
>> on the same computer I logged on as student-B
>> the desk top was not the same as student-A
>> There was no lockdown {i.e. disabled control panel)
>> and no access to the mapped drive set by the logon.bat.
>> I ran gpresults and everything showed positive.
>> I checked the GPO status and it showed enabled with a check mark.
>>
>>
>> It appears that the mandatory profile is behaving as if it is a roaming
>> profile just for student-A.
>>
>> What am I doing wrong? Please save my last strands of hair ....Thanks
>>
>>
>>
 
C

ChrisB

Yes that's the one.

"Will Sellers" wrote:

> Are you referring to the "permitted to use " in the copyto dialog?
> My students are in a group called students . So I should add that group in
> the permitted to use box?
>
>
> "ChrisB" <ChrisB@discussions.microsoft.com> wrote in message
> news:46FB45CF-F611-4610-BBBC-8937E7436A63@microsoft.com...
> > Will,
> >
> > The problem is when you are copying the profile up to the network drive.
> >
> > Their is an option to change the users who can access the profile. Create
> > a
> > group and add your users to it. Allow the group to access the profile.
> >
> > Chris
> >
> > "Will Sellers" wrote:
> >
> >> Help! I have no hair left.
> >> Objective: using a combination of mandatory profile and a GPO for a
> >> student
> >> OU that will give a student a share folder and lock down the desk top.
> >>
> >> My approach: In a GPO I define the lockdown settings. I specify the
> >> logon.bat which uses net use to set the drive mapping to a shared
> >> directory
> >> for students. I also defined the profile path //server/profiles/mandatory
> >> In the Mandatory profile I establish how the desktop will look (icons
> >> etc).
> >>
> >> To test this I have student-A student-B Student-C that belong to a
> >> studentrights OU which has a studentgpo.
> >> To create the mandatory profile (which may be the problem) I did the
> >> following steps:
> >> 1. Logged as student-A
> >> 2. Configured desktop icons that I want students to have access to.
> >> 3. logged off
> >> 4. logon on as administrator
> >> 5. performed a copyto //server/profiles/mandatory
> >> 6. In the profile I changed netuser.dat to ntuser.man
> >> 7. logged on as student-A
> >> desktop was ok
> >> drive mapping was ok
> >> Now the fun begins
> >> Went to another computer and logged on as student-A
> >> all was ok
> >> on the same computer I logged on as student-B
> >> the desk top was not the same as student-A
> >> There was no lockdown {i.e. disabled control panel)
> >> and no access to the mapped drive set by the logon.bat.
> >> I ran gpresults and everything showed positive.
> >> I checked the GPO status and it showed enabled with a check mark.
> >>
> >>
> >> It appears that the mandatory profile is behaving as if it is a roaming
> >> profile just for student-A.
> >>
> >> What am I doing wrong? Please save my last strands of hair ....Thanks
> >>
> >>
> >>
>
>
>
 
W

Will Sellers

Thanks Chris

works like a charm. Now I need to figure out why the go wallpaper function
is not displaying the specified wallpaper file.

"ChrisB" <ChrisB@discussions.microsoft.com> wrote in message
news:0AC4F457-61BE-4615-988E-B85DBCB4B35C@microsoft.com...
> Yes that's the one.
>
> "Will Sellers" wrote:
>
>> Are you referring to the "permitted to use " in the copyto dialog?
>> My students are in a group called students . So I should add that group
>> in
>> the permitted to use box?
>>
>>
>> "ChrisB" <ChrisB@discussions.microsoft.com> wrote in message
>> news:46FB45CF-F611-4610-BBBC-8937E7436A63@microsoft.com...
>> > Will,
>> >
>> > The problem is when you are copying the profile up to the network
>> > drive.
>> >
>> > Their is an option to change the users who can access the profile.
>> > Create
>> > a
>> > group and add your users to it. Allow the group to access the profile.
>> >
>> > Chris
>> >
>> > "Will Sellers" wrote:
>> >
>> >> Help! I have no hair left.
>> >> Objective: using a combination of mandatory profile and a GPO for a
>> >> student
>> >> OU that will give a student a share folder and lock down the desk top.
>> >>
>> >> My approach: In a GPO I define the lockdown settings. I specify the
>> >> logon.bat which uses net use to set the drive mapping to a shared
>> >> directory
>> >> for students. I also defined the profile path
>> >> //server/profiles/mandatory
>> >> In the Mandatory profile I establish how the desktop will look (icons
>> >> etc).
>> >>
>> >> To test this I have student-A student-B Student-C that belong to a
>> >> studentrights OU which has a studentgpo.
>> >> To create the mandatory profile (which may be the problem) I did the
>> >> following steps:
>> >> 1. Logged as student-A
>> >> 2. Configured desktop icons that I want students to have access to.
>> >> 3. logged off
>> >> 4. logon on as administrator
>> >> 5. performed a copyto //server/profiles/mandatory
>> >> 6. In the profile I changed netuser.dat to ntuser.man
>> >> 7. logged on as student-A
>> >> desktop was ok
>> >> drive mapping was ok
>> >> Now the fun begins
>> >> Went to another computer and logged on as student-A
>> >> all was ok
>> >> on the same computer I logged on as student-B
>> >> the desk top was not the same as student-A
>> >> There was no lockdown {i.e. disabled control panel)
>> >> and no access to the mapped drive set by the logon.bat.
>> >> I ran gpresults and everything showed positive.
>> >> I checked the GPO status and it showed enabled with a check mark.
>> >>
>> >>
>> >> It appears that the mandatory profile is behaving as if it is a
>> >> roaming
>> >> profile just for student-A.
>> >>
>> >> What am I doing wrong? Please save my last strands of hair ....Thanks
>> >>
>> >>
>> >>
>>
>>
>>
 
You must log in or register to reply here.

Similar threads

G
How to stop Windows 10 Enterprise from using logged in user's credentials for wireless
Replies
0
Views
51
G_781
G
H
Windows hello profile and pin failure.
Replies
0
Views
34
Heather Stephens
H
H
Windows hello profile and pin failure.
Replies
0
Views
26
Heather Stephens
H
P
GPO Error on client pc
Replies
0
Views
55
Peter Wang Jensen
P
G
Allow only teams addin to be installed in user profile
Replies
0
Views
37
GouravSinha_Tech
G
Back
Top Bottom