[THIN] Re: Windows 2008 TS Change Password Issue
- From: "Mark Oliver" <Mark.Oliver@xxxxxxxxxxx>
- To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
- Date: Tue, 9 Feb 2010 09:02:42 +1300
Greetings all.
Just posting this as some of you may come across it.
Windows 2008 Terminal Server (not using R2) environment, TS user roaming
profile path is set in GPO via ComputerPolicy under Terminal Server Profiles
(as it should be).
When password is set to change at next logon or password has expired & a user
changes it via web interface before they logon they get a new default profile.
We've been battling Microsoft support for a while now & this is the response
Sorry for the delay. Based on your information, I searched the internal product
team's database and found similar issues. However, design change request was
not accepted so far. The cause is: with the password changed, at the startup,
the system sends a notification to DPAPI. For DPAPI component:
DPAPINotifyPasswordChange() will call LogonUserExW(), and LogonUserExW() will
load profile. However, it's not able to get the TS Roaming Profile Path into
the pProfileInfo->lpProfilePath at that time since the passed LogonType in the
call is 2, which means "interactive logon" rather than 10 (which means,
terminal service logon). In your environment, the roaming profile is configured
as "TS roaming profile", which is loaded only when logontype is 10.
Consequently, here it did not load TS roaming profile, while just loaded a
local profile.
Based on the code, due to the above behavior, the workaround is to use the "set
roaming profile path for all users logging onto this computer" which is also
mentioned in the link that you provided. Since it is the roaming profile for
any users logged into the terminal server, the above behavior will load it
properly. In that way, no matter what logon type, the profile will always be
loaded. The steps are; create the OU to contain all the terminal server which
have the problem, create a GPO and link the GPO to this OU. In the GPO,
configure the following roaming profile setting: Computer
Configuration\Administrative Templates\System\User Profiles\"set roaming
profile path for all users logging onto this computer"
This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002.
Other related posts:
- » [THIN] Re: Windows 2008 TS Change Password Issue - Mark Oliver
