Windows 2003 Terminal Server in NT4 Domain Questions

Here is my issue:

I have an NT 4.0 Domain, that I can't upgrade for a variety of reasons. I have a Windows 2003 Terminal server that is a member of that domain. I need to:

1. Hide local drives from the terminal users, but not the Domain admin account. I played with the GPO user settings, but it affects the admin account as well. Without an AD domain controller and the ability to create an OU, how do I do it?

2. On the same token, how can I redirect the the terminal users files(documents & settings, desktops, etc) to be stored on the D drive, instead of c?  Without AD, the GPO doesn't  not seem to have the user folder redirection under the   userconfig\windows settings\ in the GPO editor. Am I missing it, or is there another way?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1. Hide local drives:

Make sure you have a separate GPO for those rights/restrictions you want to apply to users & place it at the Domain or OU level.
Give those users Read permissions to the GPO (create a group, put them in it, give permissions to the group)
Don't give permissions to the Administrator.

GPOs will only apply to an object (user, group, server) if that object has Read permissions to it.

2. Redirect:
Assign the path manually by typing it into the "Profile Path" setting on the Profile tab of each user's properties.
bepenterprisesAuthor Commented:
Again, NT 4 Domain controller. Cannot create OU or a GPO at the domain controller.
1. With an NT4 domain, you obviously can't use Group Policy, so you're stuck with local policies. Local policies apply to all users, including the administrator. There's no practical way to exclude Administrators from having local policy applied.

To hide the drives for users, you can change the value of "nodrives" in the profile of each of users[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] . The simplest way to do this for new users is to do it in the default user profile .

HideCalc is a great tool for creating .REG, .ADM and .KIX files for hiding drives.

2. You can move the Documents & Settings folder to drive D: -
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

bepenterprisesAuthor Commented:

That's what I was afraid of that on the the Admin and local policies.

On item 2, I don't want to move them after each user login. If a domain user logs into the terminal server, I want their profile to be created on the d: drive. It sort of works if I set their profile path in their NT user config to a share on the terminal server, but after doing so, the domain admin logged into the terminal server does not have access to the users folder without taking ownership. Then, even if you set the owner back to the domain user, that user cannot gain access to the profile.
Step 2 in describes a registry change that causes all new cached or local profiles to be created in the location that you specify.
bepenterprisesAuthor Commented:
OK, but when I change that key value to d:\documents & Settings, all new users logging in get the error that their profile cannot be loaded, and an error 1500 in the event viewer. What am I missing?
Whenever I've done this, I've also done a search and replace in the registry to change the following, in the order listed:

C:\Documents   ->  D:\Documents
C:\DOC  ->  D:\DOC
%SystemDrive%\Documents  ->  D:\Documents

I do this on both values and data in the registry. You'll also need to create the folder "D:\Documents & Settings" with the appropriate permissions.

After doing this, I reboot and it works nicely.
Ah, one other thing - copy the Default User and All Users folders to their new location on D:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.