PlusIT
asked on
Remote Desktop Services 2008 R2: wipe user profile after logoff
hi,
I'm building an 8 man terminal server 2008 R2 for an internet cornet. People will be allowed to use specific programs (internet browsing, openoffice). This is for a public internet corner.
Is their a way i can setu pa default user profile that gets wiped after each session. Or after each login the profile is reset to it's standard. The people will have some diskspace to write stuff to but once they logout or login again everything should have disappeared again.
I'm building an 8 man terminal server 2008 R2 for an internet cornet. People will be allowed to use specific programs (internet browsing, openoffice). This is for a public internet corner.
Is their a way i can setu pa default user profile that gets wiped after each session. Or after each login the profile is reset to it's standard. The people will have some diskspace to write stuff to but once they logout or login again everything should have disappeared again.
Run a script on logoff that deletes the users\%username% folder.
ASKER
i was hoping their was some way to do it with a GPO that i can assign a default profile that gets loaded every time. Looks safer then using a script.
There is a GPO setting that will write your roaming profile to your profiles share and delete it from your terminal server. Look in
Computer Configuration - Administrative Templates - System - User profiles
You can also use mandatory profiles if you like.
http://technet.microsoft.com/en-us/library/cc766489(WS.10).aspx
Computer Configuration - Administrative Templates - System - User profiles
You can also use mandatory profiles if you like.
http://technet.microsoft.com/en-us/library/cc766489(WS.10).aspx
ASKER
i've see nthat gpo but i have to say that it has to be x days old, or can i put 0 and will they always be deleted?
Weird thing though is that i've setup ts profile and folder redirection. When logging on it makes those folders (for folder redirection) but the user profile is still in c:\users.. Am I missing a GPO ?
Weird thing though is that i've setup ts profile and folder redirection. When logging on it makes those folders (for folder redirection) but the user profile is still in c:\users.. Am I missing a GPO ?
Yes you can set it to delete a cached copy on logoff.
ASKER
ok i have a look at this. Another question i have configured the policies under:
Computer / Policies / Admin / Windows Comp / RDP / External Host / Profiles
I have set the basemap and the pad to roaming profiles to :
e:\tsprofiles\basismap\%US ERNAME%\ and e:\tsprofiles\roamingprofi les\%USERN AME%\
But still when I logon with a thin client it creates the profile in c:\users what am I doing wrong ?
Computer / Policies / Admin / Windows Comp / RDP / External Host / Profiles
I have set the basemap and the pad to roaming profiles to :
e:\tsprofiles\basismap\%US
But still when I logon with a thin client it creates the profile in c:\users what am I doing wrong ?
ASKER
update: i also tried setting it to the unc path: \\servername\sharename\
but that does not work either.
but that does not work either.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you I did some reading and I don't need the roaming profiles at all. I do want to use the mandatory profiles. When looking to that guide it seems outdated. The copy to is greyed out now by default under profiles on 2008 R2.
Could it be it does not let me use roaming profiles because i'm using unc path pointed to the same server?
Could it be it does not let me use roaming profiles because i'm using unc path pointed to the same server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok with the updated link i gave i'm having a new problem: they say to logon with a local admin. But I don't have local admin anymore as this is a domain controller, please advice.
ASKER
I have found the solution in the mean time myself. Allthough the links showed me the right way they were outdated. And not 100% accurate.
I could also not do it the official way as the terminal server is a domain controller. And you cannot use a domain profile anymore to make a default profile from it.
I then used a small program called windows enabler to ungray the copy to button.
This allowed me to copy the domain profile to the default profile. (This is not best practice and things like libraries can be broken by this!) I did not need those so I then locked the env down with GPO.
I also copied the default profile to a share to make it a mandatory profile.
I could also not do it the official way as the terminal server is a domain controller. And you cannot use a domain profile anymore to make a default profile from it.
I then used a small program called windows enabler to ungray the copy to button.
This allowed me to copy the domain profile to the default profile. (This is not best practice and things like libraries can be broken by this!) I did not need those so I then locked the env down with GPO.
I also copied the default profile to a share to make it a mandatory profile.
ASKER
See my last comment