Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Locked Desktops

Posted on 2011-03-20
2
Medium Priority
?
343 Views
Last Modified: 2012-05-11
Hi

We run Terminal Services with Citrix and most of our users have locked desktops and using a single locked desktop. The problem arises when something goes wrong its a noghtmare to fix. First off i can t get into the profile folder even tho im an administrator second for doing something simple like re creating a corrupt Outlook 2007 profile becasue the desktop is locked and there is no access to control panel i'm not sure how i can easily get that sorted with having to temp remove the user from the lock down group
Is there something im missing here? any wasy way to manage these users?
0
Comment
Question by:kingcastle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 1000 total points
ID: 35177172


Are you using  terminal services profiles or roaming profiles?

If you are using roaming profiles for the users administrators by default do not have access to newly created profiles.  You can change this by enabling the " Add the Administrators security group to the roaming user profile share" group policy.  
Please clarify in detail what your terminal server configuration is.
0
 
LVL 37

Assisted Solution

by:Carl Webster
Carl Webster earned 1000 total points
ID: 35177541
You need to deny the lockdown group policy from being applied to your admin.  On the GPO page, the last tab is Delegation IIRC.  Click the tab and then down in the bottom right corner, click that button.  Scroll down find your admins or add your admins and then find the setting Apply Group Policy and select the Deny box.  Now the policy will not apply to your admins (after the policy refreshes) and you can do what you need to do.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question