Remote Desktop Services 2008 R2: wipe user profile after logoff

hi,

I'm building an 8 man terminal server 2008 R2 for an internet cornet.  People will be allowed to use specific programs (internet browsing, openoffice).  This is for a public internet corner.  

Is their a way i can setu pa default user profile that gets wiped after each session.  Or after each login the profile is reset to it's standard.  The people will have some diskspace to write stuff to but once they logout or login again everything should have disappeared again.
LVL 10
PlusITAsked:
Who is Participating?
 
PlusITConnect With a Mentor Author Commented:
ok this is the updated KB for making default profile copy: http://support.microsoft.com/kb/973289

What I don't understand is when after using sysprep they say deploy the image.  Does this mean I have to reinstall?  This looks like an enormous overhead if before we could just use the copy to in the profile window
0
 
computerdoctorserviceCommented:
Run a script on logoff that deletes the users\%username% folder.
0
 
PlusITAuthor Commented:
i was hoping their was some way to do it with a GPO that i can assign a default profile that gets loaded every time.  Looks safer then using a script.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
PenguinNCommented:
There is a GPO setting that will write your roaming profile to your profiles share and delete it from your terminal server. Look in
Computer Configuration - Administrative Templates - System - User profiles

You can also use mandatory profiles if you like.
http://technet.microsoft.com/en-us/library/cc766489(WS.10).aspx 
0
 
PlusITAuthor Commented:
i've see nthat gpo but i have to say that it has to be x days old, or can i put 0 and will they always be deleted?

Weird thing though is that i've setup ts profile and folder redirection.  When logging on it makes those folders (for folder redirection) but the user profile is still in c:\users.. Am I missing a GPO ?
0
 
PenguinNCommented:
Yes you can set it to delete a cached copy on logoff.
0
 
PlusITAuthor Commented:
ok i have a look at this.  Another question i have configured the policies under:

Computer / Policies / Admin / Windows Comp / RDP / External Host / Profiles

I have set the basemap and the pad to roaming profiles to :

e:\tsprofiles\basismap\%USERNAME%\ and e:\tsprofiles\roamingprofiles\%USERNAME%\

But still when I logon with a thin client it creates the profile in c:\users what am I doing wrong ?
0
 
PlusITAuthor Commented:
update: i also tried setting it to the unc path: \\servername\sharename\

but that does not work either.
0
 
PenguinNConnect With a Mentor Commented:
Please consult the following article regarding roaming profiles http://www.ervik.as/index.php/microsoft-mainmenu/terminal-server/1814-user-profiles-on-windows-server-2008-r2-remote-desktop-services
You'll find information about related articles explaining how to set up your terminal server.
0
 
PlusITAuthor Commented:
thank you I did some reading and I don't need the roaming profiles at all.  I do want to use the mandatory profiles.  When looking to that guide it seems outdated.  The copy to is greyed out now by default under profiles on 2008 R2.

Could it be it does not let me use roaming profiles because i'm using unc path pointed to the same server?
0
 
PlusITAuthor Commented:
ok with the updated link i gave i'm having a new problem: they say to logon with a local admin.  But I don't have local admin anymore as this is a domain controller, please advice.
0
 
PlusITAuthor Commented:
I have found the solution in the mean time myself.  Allthough the links showed me the right way they were outdated.  And not 100% accurate.

I could also not do it the official way as the terminal server is a domain controller.  And you cannot use a domain profile anymore to make a default profile from it.  
I then used a small program called windows enabler to ungray the copy to button.

This allowed me to copy the domain profile to the default profile.  (This is not best practice and things like libraries can be broken by this!)  I did not need those so I then locked the env down with GPO.

I also copied the default profile to a share to make it a mandatory profile.
0
 
PlusITAuthor Commented:
See my last comment
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.