I find it hard to explain the nature of this problem - so let me explain how I can reproduce this issue which I hope will present the problem clearly:
We have a few Windows 2003 Terminal Services Servers and would like to move a bunch of users to Terminal Services instead of using Roaming profiles.
We are storing the user profiles for TS on a file share server - so the path we put in the "Profile Path" field on the "Terminal Services Profile" tab is \\server\share\%username%.
When the user logs in, a default profile is created at that path, everything works great.
However, we would like to take the current roaming profiles and use them on the TS so that the users continue to have their desktop and documents that currently roam to each workstation for them. They have been using these roaming profiles for years, so I would really like to let them continue to use them.
Here is where I encounter the problem:
If I specify in the same field on the same tab \\server\roamingprofileshare\username\profilefolder and then log into the TS, the documents and files from the roaming profile path download as the user profile, but the registry is not read or used at all - no toolbars, no desktop colors, no group policy. If I open the registry and try to create a value in the HKCU hive, I get "access denied."
Here are some steps I've taken to further narrow down the exact problem:
With a test account I have logged into a PC with a local profile, thus creating a default profile for this user. (no roaming profile)
Then, using this same test account I have logged into the TS with the profile path on the "Terminal Services Profile" tab set to \\server\share\%username% thus creating a profile at that location.
I then log out of the TS and simply copy the ntuser.dat that was created in the first step over the top of the ntuser.dat that was created in the second step.
I then check the permissions and make sure they are still the same - the test account has full control of the file and is the owner of the file.
I then log into TS with the test account and I have the same problem I had with the roaming profile: no toolbars, no desktop colors, no group policy. If I open the registry and try to create a value in the HKCU hive, I get access denied.
I also run into this same problem if i try to specify a common profile for a number of locked down users - I wanted to use a common mandatory profile for a number of limited users who have a very restrictive group policy applied to them, but with the terminal service profile path pointed to the common profile, I get no toolbars, no dekstop colors, and no group policy!!! which seems like a security risk as I intend for these users to be very locked down by group policy.
bottom line it seems that the only ntuser.dat that the terminal services server will load as a part of the user profile is the one that was created specifically for that user on initial login - no others.
So, I have assigned 500 points to this because it seems quite difficult - I've spent hours already trying different ways of setting the path, the permissions on the folders and files, all to no avail.
your help will be greatly appreciated!