Learn how to a build a cloud-first strategyRegister Now


Terminal Server User Profile

Posted on 2010-01-03
Medium Priority
Last Modified: 2013-11-21
What is the difference between the group policy setting 'Terminal Server Roaming Profile' and the setting you set under the Terminal Server tab in ADUC where you can set the terminal server user profile path.  Are they the same, just named different?

The reason I ask is that i am trying to get my profiles to delete when users logoff the terminal server and it only does it if i use the path setting in the ADUC.  When i try to use the terminal roaming profile path (which i set to the same path as the setting in ADUC) it just creates a new profile and wont delete it when the user logs off.

obviously i am using the 'delete user profile' setting in group policy to remove the profile folder.
Question by:beaconlightboy

Expert Comment

ID: 26168187
Can you be more specific about what GPO settings you are referring to? i.e under user Configuration > administrative templates > Windows Components > Terminal Services?

I can't see the group policies you are referring to.

LVL 31

Expert Comment

by:Henrik Johansson
ID: 26170164
The GPO setting for setting TS roaming profile path makes the same thing as configuring it through the "Terminal Server Profile" tab on each user in ADUC, but will be a "fire and forget" when setting it on server side instead of configuring each user. If configuring it manual in the each user properties, it will be overridden by the GPO setting. The GPO setting can also be used to specify different TS profiles for different TS farms.

>> When i try to use the terminal roaming profile path (which i set to the same path as the setting in ADUC) ...

The GPO setting shall point on the parent path above the profile folder instead of the individual folder.

Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Set path for TS roaming profiles

Author Comment

ID: 26170707
henjoh09:  Thanks for that information.  Now can you tell me why, when i setup a policy to use ts roaming profiles in a GPO (Brand new one)  and assign a single user to it.  Then change the ADUC setting for ts profiles to nothing, the new user does not use the roaming profile path in the GPO.

The path in the user ADUC terminal server tab is \\data\Data\TS_Profiles\Profiles\$username%

I used the same path minus the username in the ts roaming profile setting in the GPO.  But the user doesn't get the profile.  it builds them a new one.  I know the GPO is setup correctly as gpresult shows it being used.  am i missing something?
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 31

Expert Comment

by:Henrik Johansson
ID: 26170793
The GPO for configuring the TS roaming profile path is a computer configuration policy setting. It nead to be linked and applied to the computer object for the TS, not the single user.

Author Comment

ID: 26170843
It is linked to the OU the ts servers are in.  it is security filtered for just one user as i was testing it.  It won't use the setting though.  I was sure to clear out the previous users setting under the TS tab.
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26170954
The policy setting is under computer configuration makes the security filtering nead to allow computer object to apply the GPO. Not possibly to configure a computer configuration setting to apply to single user object.
The GPO will affect all users logging on to the TS, not a single user.

If it was a user configuration setting, it's possibly to do what you've done with security filtering for user object if the "User Group Policy loopback processing mode" is enabled on the computer object.
LVL 31

Accepted Solution

Cláudio Rodrigues earned 2000 total points
ID: 26171882
You can make a GPO that will affect only certain users logging into a TS. You need to use Loopback and remove authenticated users (adding only the users/groups you want it to affect).
The step-by-step process, with screenshots is on the guide I wrote, "Terminal Services A to Z" available for download at no cost at http://www.wtslabs.com.
Also one reason to use the GPO and not the setting on ADUC, even though they look the same, is to be able to assign different roaming profiles based on the TS you are logging in. This is a must have on environments with mixed TSs (2000/2003/2008) or on environments where certain settings conflict. In that case we split the profiles.
Of course this can be done using ADUC and environment variables (i.e. setting the TS Roaming Profile path to %TSPATH%\ShareName\%Username% and then, locally on each TS, setting %TSPATH% to anything you want). It is just more work than using the policy but it does work. :-)

Cláudio Rodrigues
Citrix CTP

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question