?
Solved

Remote Desktop Services 2008 R2: wipe user profile after logoff

Posted on 2011-05-02
13
Medium Priority
?
2,998 Views
Last Modified: 2012-05-11
hi,

I'm building an 8 man terminal server 2008 R2 for an internet cornet.  People will be allowed to use specific programs (internet browsing, openoffice).  This is for a public internet corner.  

Is their a way i can setu pa default user profile that gets wiped after each session.  Or after each login the profile is reset to it's standard.  The people will have some diskspace to write stuff to but once they logout or login again everything should have disappeared again.
0
Comment
Question by:PlusIT
  • 9
  • 3
13 Comments
 
LVL 5

Expert Comment

by:computerdoctorservice
ID: 35504061
Run a script on logoff that deletes the users\%username% folder.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35504068
i was hoping their was some way to do it with a GPO that i can assign a default profile that gets loaded every time.  Looks safer then using a script.
0
 
LVL 8

Expert Comment

by:PenguinN
ID: 35504423
There is a GPO setting that will write your roaming profile to your profiles share and delete it from your terminal server. Look in
Computer Configuration - Administrative Templates - System - User profiles

You can also use mandatory profiles if you like.
http://technet.microsoft.com/en-us/library/cc766489(WS.10).aspx 
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 10

Author Comment

by:PlusIT
ID: 35504889
i've see nthat gpo but i have to say that it has to be x days old, or can i put 0 and will they always be deleted?

Weird thing though is that i've setup ts profile and folder redirection.  When logging on it makes those folders (for folder redirection) but the user profile is still in c:\users.. Am I missing a GPO ?
0
 
LVL 8

Expert Comment

by:PenguinN
ID: 35506189
Yes you can set it to delete a cached copy on logoff.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35506394
ok i have a look at this.  Another question i have configured the policies under:

Computer / Policies / Admin / Windows Comp / RDP / External Host / Profiles

I have set the basemap and the pad to roaming profiles to :

e:\tsprofiles\basismap\%USERNAME%\ and e:\tsprofiles\roamingprofiles\%USERNAME%\

But still when I logon with a thin client it creates the profile in c:\users what am I doing wrong ?
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35506510
update: i also tried setting it to the unc path: \\servername\sharename\

but that does not work either.
0
 
LVL 8

Assisted Solution

by:PenguinN
PenguinN earned 400 total points
ID: 35506777
Please consult the following article regarding roaming profiles http://www.ervik.as/index.php/microsoft-mainmenu/terminal-server/1814-user-profiles-on-windows-server-2008-r2-remote-desktop-services
You'll find information about related articles explaining how to set up your terminal server.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35688657
thank you I did some reading and I don't need the roaming profiles at all.  I do want to use the mandatory profiles.  When looking to that guide it seems outdated.  The copy to is greyed out now by default under profiles on 2008 R2.

Could it be it does not let me use roaming profiles because i'm using unc path pointed to the same server?
0
 
LVL 10

Accepted Solution

by:
PlusIT earned 0 total points
ID: 35688910
ok this is the updated KB for making default profile copy: http://support.microsoft.com/kb/973289

What I don't understand is when after using sysprep they say deploy the image.  Does this mean I have to reinstall?  This looks like an enormous overhead if before we could just use the copy to in the profile window
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35737997
ok with the updated link i gave i'm having a new problem: they say to logon with a local admin.  But I don't have local admin anymore as this is a domain controller, please advice.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35752774
I have found the solution in the mean time myself.  Allthough the links showed me the right way they were outdated.  And not 100% accurate.

I could also not do it the official way as the terminal server is a domain controller.  And you cannot use a domain profile anymore to make a default profile from it.  
I then used a small program called windows enabler to ungray the copy to button.

This allowed me to copy the domain profile to the default profile.  (This is not best practice and things like libraries can be broken by this!)  I did not need those so I then locked the env down with GPO.

I also copied the default profile to a share to make it a mandatory profile.
0
 
LVL 10

Author Closing Comment

by:PlusIT
ID: 35783704
See my last comment
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question