?
Solved

How can I prevent terminal services from creating multiple roaming profiles when a user doesnt log off correctly

Posted on 2013-05-29
3
Medium Priority
?
692 Views
Last Modified: 2013-05-29
Good afternoon Experts,

I am inquiring today about terminal services. Several of our user base here at the BGCMC are not logging off thier terminal services sessions normally, thereby creating multiple instances of thier profiles. The symptoms are that when a user logs on to his/her Active Directory terminal services RDP account, they may get any one of the profiles.

I have one user that keeps getting her browser hijacked by malware. I set her defualt homepage to Google and it works for the enterity of that sesion, but when she logs back on
she will invariably get one of the other profiles in which the IE browser is still hijacked.

Is there a solution to prevent the creation of multiple profiles , so we only have to deal with the one profile. As an aside, the small business vendor that handles our  Active Directory , uses an antivirus suite called eset (I think) , I would think that the suite would protect IE from being hijacked but, obvisoully it doesnt , because many of the users are complaining about both the multiple profiles and the hijacking of IE.

Your input or solutions to these problems would be appreciated.
0
Comment
Question by:BLACK THANOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Assisted Solution

by:serialband
serialband earned 400 total points
ID: 39206039
You should just run delprof.exe remotely to delete the roaming profiles or delete them all manually before the next time a user logs in.
0
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 1600 total points
ID: 39206051
Why oh why do they get multiple profiles in the first place? You should use folder redirection for remote desktop clients this way they will consistently get the EXACT same profile which doesn't depend upon the machine that they eventually land on.

Malware bytes does a better job of removing and preventing malware.

You can set terminal services to reconnect to the existing session if recovering from a disconnection / logoff

The Group Policy settings can be found in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles and can be configured by using either Local Group Policy Editor or the Group Policy Management Console (GPMC).

http://technet.microsoft.com/en-us/library/cc742820.aspx
0
 

Author Comment

by:BLACK THANOS
ID: 39206594
ve3ofa,

I dont know why I didnt think of that , as that is exactly what I did at my previous job, used folder redirection. I love Malware bytes. The rest of your input was also germane to my
problem, but serialband gave me a good tool for future use. I will award serialband 100 of the 500 points and the rest go to you. Thanks ever so much.

Regards,
Regis Hyde
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question