Loopback processing of users and computers "home folder" setting

bstillion
bstillion used Ask the Experts™
on
I need to bypass setting some user's home folder when they login to servers in the DMZ. The servers cannot access the share anyway and the process has to time-out before continuing which is causing a delayed login.

I have tried loopback processing and it works to map a drive but will not overwrite the home folder setting on each user's "profile" tab in Active Directory Users and Computers.
(Windows Server 2003 Active Directory)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Head of ICT
Top Expert 2009
Commented:
Unfortunately, loopback isn't designed to override settings applied to the user object itself, only those set via a GPO and applied to the user. The home directory is an attribute of the user itself, rather than a GPO setting applied to the user (which is what loopback can override).
You would have to maybe take this setting away from the user object and map a drive with a script instead. This script can itself figure out if it needs to map the drive or not, or can be overridden by loopback as it's a GPO setting.
In a 2008 environment you can actually map drives natively in a GPO using group policy preferences, and these I assume can be overridden using loopback.
Tony

Author

Commented:
Thanks Tony,
I was beginning to come to that conclusion and it makes sense that the loopback can
override only settings established in a GPO.
We use both Active Directory and Novell's eDirectory and manage both
with Novell's Identity Manager which complicates things. I have been told that all user accounts
need to stay in the default "Users" container in Active Directory which limits me to applying
"Site" and "Domain" level policies only.
I would like to find a solution that may justify isolating the user accounts that need access to DMZ servers
and take advantage of the power of Group Policy.
bluntTonyHead of ICT
Top Expert 2009

Commented:
If you are restricted to only domain and site linked policies, you could use security filtering to target the GPO to certain groups of users. Create a security group with the users in it, link the GPO to the domain, but in the 'Scope' tab for the GPO in the GPMC, remove 'Authenticated Users' from the Security Filtering section and add your group. The GPO will only then apply to these users despite being linked to the domain.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial