[THIN] Re: GPO Issue

  • From: "Jeff Pitsch" <jepitsch@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Sat, 2 Sep 2006 12:41:42 -0400

What probably happened is what Rick said or another guess would be that
because you used the roaming profile to create the mandatory, these settings
were then hardcoded into the mandatory profile.  The mandatory profile
should ALWAYS be a new, clean profile.  Never reuse an old profile.


Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com



On 9/1/06, Rick Mack <Rick.Mack@xxxxxxxxxxxxxx> wrote:

Hi Jon,

Dumb question, but are you saving
HKCU\SOftware\Microsoft\Windows\CurrentVersion\Explorer?

And if you load the mandatory profile with regedit, are there any folder
redirections already defined under
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders?

If you want to make absolutely sure there isn't any "legacy" folder
redirection, you can add the following lines to your flex INI file:

[ExcludeIndividualRegistryKeys]
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

regards,

Rick

Ulrich Mack
Volante Systems


________________________________

From: thin-bounce@xxxxxxxxxxxxx on behalf of Luchette, Jon
Sent: Sat 2/09/2006 9:40
To: thin@xxxxxxxxxxxxx
Subject: RE: [THIN] Re: GPO Issue


the logon script is applied by the GPO, not the user account. Yes, our old environment was setup with roaming profiles that are configured within each user account to point to \\servername\profiles$\%username% and because roaming profiles are awful in general, I built the new environment using the flex profile kit with roaming profiles turned off within the GPO. I will try to delete the local profile, and let you know what happens. I am assuming that it won't make a difference, but we'll see. Thanks for staying with this!

/jon

________________________________

From: thin-bounce@xxxxxxxxxxxxx on behalf of Jeff Pitsch
Sent: Fri 9/1/2006 5:40 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: GPO Issue


Is the logon script applied by GPO or user account? Were these profiles roaming at one point? As in, the current local cache is still using the cache of the roaming? If so, what happens if you delete the profile?


Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/>





On 9/1/06, Luchette, Jon <JLuchette@xxxxxxxxxxxxxxx> wrote:

       if I place my workstation in the same OU as these other citrix
servers and then reboot, and logon as myself or one of these users having
the problem, it is fine.  the settings are NOT applied.  why when I logon to
these other terminal servers, either at the console or via rdp or via ica do
these settings get applied???

       this one is driving me nuts.



       _______________________________________________
       Jon Luchette

       Emerson Hospital
       Technology Specialist III

       Work: 978-287-3369
       Cell:  978-360-1379

       jluchette@xxxxxxxxxxxxxxx
       _______________________________________________




________________________________

       From: thin-bounce@xxxxxxxxxxxxx [mailto: 
thin-bounce@xxxxxxxxxxxxx<mailto:
thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of Jeff Pitsch
       Sent: Friday, September 01, 2006 2:31 PM

       To: thin@xxxxxxxxxxxxx
       Subject: [THIN] Re: GPO Issue




Now that you mention it Joe, redirection policies are applied the first time and then not touched again unlesst hey change. That may be why it's not being removed properly. It's the login scrip that is confusing because the login scripts are typically part of the GPO itself when specified in a gpo.

       But you make a valid point about the same profile, I would use GPO
to specify a completely separate profile for the other OU.  then you
eliminate this problem altogether.


Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP

       Forums not enough?
       Get support from the experts at your business
       http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/>





       On 9/1/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote:

               You're using the same TS Profile for the other servers, but
not the same Redirection Policies?  Somehow, that doesn't make sense.  Does
the other OU have its own set of policies?   As far as I know, GPO settings
are not unapplied when a user logs off so some settings may be saved in
their profile.



               Joe




________________________________


From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon Sent: Friday, September 01, 2006 10:07 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] GPO Issue



               Hello -



               I have a GPO that contains user and computer settings for a
group of users being applied to Citrix servers running 2003 that are in a
certain OU within our Active Directory.  Within this policy are folder
redirection settings for appdata, my docs, desktop, and start menu.  Their
is also a logon script that is set to run in the policy as well.



               The problem is that when a user logs onto a different
terminal server that is not in this OU, they get their folders redirected
and the logon script is running as well.  I do not know why?  It
shouldn't....?



               Also, if I am logged onto one of these other servers that
shouldn't apply the policy, I am running RSOP.msc and it doesn't show any
of the settings from my GPO being applied?



               I am baffled.



               Any ideas why this might be happening?



               ...hopefully it is just friday and I am overlooking
something simple.



               Thanks!





               _______________________________________________
               Jon Luchette



               Emerson Hospital

               Technology Specialist III

               Work: 978-287-3369

               Cell:  978-360-1379

               jluchette@xxxxxxxxxxxxxxx
               _______________________________________________









#####################################################################################
This e-mail, including all attachments, may be confidential or
privileged.  Confidentiality or privilege is not waived or lost because this
e-mail has been sent to you in error.  If you are not the intended recipient
any use, disclosure or copying of this e-mail is prohibited.  If you have
received it in error please notify the sender immediately by reply e-mail
and destroy all copies of this e-mail and any attachments.  All liability
for direct and indirect loss arising from this e-mail and any attachments is
hereby disclaimed to the extent permitted by law.

#####################################################################################


Other related posts: