Scenario: W2K3 Ent Ed server with TS, AD and GPO. Each user has a profile path in AD of d:\profiles\company. GPO limits the icons on the desktop and menu as well as access to the control panel, run and shutdown commands.
Problem: The user logs in and picks up a copy of the profile from the correct path and GPO appears to be working correctly, BUT only if the user is a member of the Administrators group. If not, then the user picks up a default profile and GPO doesn't seem to apply any restrictions.
The d:\profiles directory has full access to all users. We are moving this new server in the next couple of days and need to get this issue resolved soon. The AD, GPO and profilespaths are identical to the server we are migrating from which works fine but it's not Ent Ed.