Terminal Server User Profile

What is the difference between the group policy setting 'Terminal Server Roaming Profile' and the setting you set under the Terminal Server tab in ADUC where you can set the terminal server user profile path.  Are they the same, just named different?

The reason I ask is that i am trying to get my profiles to delete when users logoff the terminal server and it only does it if i use the path setting in the ADUC.  When i try to use the terminal roaming profile path (which i set to the same path as the setting in ADUC) it just creates a new profile and wont delete it when the user logs off.

obviously i am using the 'delete user profile' setting in group policy to remove the profile folder.
Who is Participating?
Cláudio RodriguesConnect With a Mentor Founder and CEOCommented:
You can make a GPO that will affect only certain users logging into a TS. You need to use Loopback and remove authenticated users (adding only the users/groups you want it to affect).
The step-by-step process, with screenshots is on the guide I wrote, "Terminal Services A to Z" available for download at no cost at http://www.wtslabs.com.
Also one reason to use the GPO and not the setting on ADUC, even though they look the same, is to be able to assign different roaming profiles based on the TS you are logging in. This is a must have on environments with mixed TSs (2000/2003/2008) or on environments where certain settings conflict. In that case we split the profiles.
Of course this can be done using ADUC and environment variables (i.e. setting the TS Roaming Profile path to %TSPATH%\ShareName\%Username% and then, locally on each TS, setting %TSPATH% to anything you want). It is just more work than using the policy but it does work. :-)

Cláudio Rodrigues
Citrix CTP
Can you be more specific about what GPO settings you are referring to? i.e under user Configuration > administrative templates > Windows Components > Terminal Services?

I can't see the group policies you are referring to.

Henrik JohanssonSystems engineerCommented:
The GPO setting for setting TS roaming profile path makes the same thing as configuring it through the "Terminal Server Profile" tab on each user in ADUC, but will be a "fire and forget" when setting it on server side instead of configuring each user. If configuring it manual in the each user properties, it will be overridden by the GPO setting. The GPO setting can also be used to specify different TS profiles for different TS farms.

>> When i try to use the terminal roaming profile path (which i set to the same path as the setting in ADUC) ...

The GPO setting shall point on the parent path above the profile folder instead of the individual folder.

Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Set path for TS roaming profiles
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

beaconlightboyAuthor Commented:
henjoh09:  Thanks for that information.  Now can you tell me why, when i setup a policy to use ts roaming profiles in a GPO (Brand new one)  and assign a single user to it.  Then change the ADUC setting for ts profiles to nothing, the new user does not use the roaming profile path in the GPO.

The path in the user ADUC terminal server tab is \\data\Data\TS_Profiles\Profiles\$username%

I used the same path minus the username in the ts roaming profile setting in the GPO.  But the user doesn't get the profile.  it builds them a new one.  I know the GPO is setup correctly as gpresult shows it being used.  am i missing something?
Henrik JohanssonSystems engineerCommented:
The GPO for configuring the TS roaming profile path is a computer configuration policy setting. It nead to be linked and applied to the computer object for the TS, not the single user.
beaconlightboyAuthor Commented:
It is linked to the OU the ts servers are in.  it is security filtered for just one user as i was testing it.  It won't use the setting though.  I was sure to clear out the previous users setting under the TS tab.
Henrik JohanssonSystems engineerCommented:
The policy setting is under computer configuration makes the security filtering nead to allow computer object to apply the GPO. Not possibly to configure a computer configuration setting to apply to single user object.
The GPO will affect all users logging on to the TS, not a single user.

If it was a user configuration setting, it's possibly to do what you've done with security filtering for user object if the "User Group Policy loopback processing mode" is enabled on the computer object.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.