How do I get roaming profile to ignore user cookies
More complicated than title implies--
We have kiosks which automatically login using a roaming profile. Using GPO Computer Config|admin templates|system user profiles| we prevent roaming profile changes from propagating to the server, except for one kiosk which we use for setting the single user profile.
Upon login, the kiosks are showing an error-- can't copy the cookies\index.dat file centrally to the
local cookies directory.
If I delete the index.dat file from the roaming profile\cookies directory on the server, the kiosks login fine. But if I logout and in on the one kiosk allowed to propogate to the server, the other kiosks fail with the same error because index.dat is rewritten to the roaming profile\cookies directory.
1. I've deleted all temporary internet files on the workstation that we use to define the roaming profile. The same index.dat file and the other cookie files still get remade on the server when this one workstation logs out. I've searched for this index.dat file on the workstation that is sending the cookies to the roaming profile--- there are index files but not this index.dat file-- which is always exactly the same and the same date (3 weeks old).
2.I thought that the default was that temporary internet files are not written to the roaming profile.
Thanks in advance.
We have kiosks which automatically login using a roaming profile. Using GPO Computer Config|admin templates|system user profiles| we prevent roaming profile changes from propagating to the server, except for one kiosk which we use for setting the single user profile.
Upon login, the kiosks are showing an error-- can't copy the cookies\index.dat file centrally to the
local cookies directory.
If I delete the index.dat file from the roaming profile\cookies directory on the server, the kiosks login fine. But if I logout and in on the one kiosk allowed to propogate to the server, the other kiosks fail with the same error because index.dat is rewritten to the roaming profile\cookies directory.
1. I've deleted all temporary internet files on the workstation that we use to define the roaming profile. The same index.dat file and the other cookie files still get remade on the server when this one workstation logs out. I've searched for this index.dat file on the workstation that is sending the cookies to the roaming profile--- there are index files but not this index.dat file-- which is always exactly the same and the same date (3 weeks old).
2.I thought that the default was that temporary internet files are not written to the roaming profile.
Thanks in advance.
mcse2007
Have you try DENYING the user access to the cookies folder from ACL? Will you still get the error?
ASKER
The cookies folder on the server (sysvol\sysvol\domain-name
Unlike the rest of the folders in the user profile, cookies does not have sharing and security settings. I tried to remove rights to the file index.dat but nothing works.
I noticed that on the computer that is propagating the roaming profile, the cookies directory only appears in the user profile when that user is logged in. And when that user is logged in, the index.dat file can't be deleted-- it is being used.
Unlike the rest of the folders in the user profile, cookies does not have sharing and security settings. I tried to remove rights to the file index.dat but nothing works.
I noticed that on the computer that is propagating the roaming profile, the cookies directory only appears in the user profile when that user is logged in. And when that user is logged in, the index.dat file can't be deleted-- it is being used.
You have to DENY the user through ACL from the COOKIES folder and not on the index.dat file !
ASKER
The cookies folder in the roaming profile does not have an Access Control List. As I mentioned, it is the only one of the folders whose right-click option does not include "Sharing and Security" in the drop down. I guess I could try to recreate the folder, but that would be complicated.
In addition, if I succeed in blocking access to the folder, the copying of the folder that is attempted on user login will fail and still give me an error, won't it? I need to keep the propagating workstation from writing the index.dat file in the first place, but probably not by denying access to the directory-- because that will also generate an error.
Any idea how to get the propagating workstation to stop trying to copy it's cookies directory back to the roaming profile? There is an administrative GPO for login that allows you to block directories from being written to the profile, but doing so creates other login errors reading other temporary internet files.
In addition, if I succeed in blocking access to the folder, the copying of the folder that is attempted on user login will fail and still give me an error, won't it? I need to keep the propagating workstation from writing the index.dat file in the first place, but probably not by denying access to the directory-- because that will also generate an error.
Any idea how to get the propagating workstation to stop trying to copy it's cookies directory back to the roaming profile? There is an administrative GPO for login that allows you to block directories from being written to the profile, but doing so creates other login errors reading other temporary internet files.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The cookies folder has no security tab on write click. I think there is something unique about an active roaming profile central cookies folder. However, I think I solved the problem by deleting the cookies folder on the server-- I should have tried this earlier.
On reboot, the propagating workstation recreated a new cookies folder. It has the same files in it that the "bad" folder had (same dates, same sizes), but the roaming profile workstations now have no problem. Incidentally, this cookies folder also does not have a security tab on right click. Must be something about roaming profiles and cookies folders.
Anyway, problem solved. Thank you for pushing me in this direction.
On reboot, the propagating workstation recreated a new cookies folder. It has the same files in it that the "bad" folder had (same dates, same sizes), but the roaming profile workstations now have no problem. Incidentally, this cookies folder also does not have a security tab on right click. Must be something about roaming profiles and cookies folders.
Anyway, problem solved. Thank you for pushing me in this direction.