Mandatory Profile and GPO

Giganews Newsgroups
Subject: Mandatory Profile and GPO
Posted by:  Ken Lizotte (KenLizot…
Date: Fri, 9 Jun 2006

I hope this is appropriate for this group.

I have a type of employee that I would like to give mandatory desktop and
security settings.  I have Server 2003 on 1 DC (DC1) and several XP Pro

I created an OU called 'Estimators' and created a GPO called 'Estimator
Group Policy' for this OU.  For testing, the only setting I Enabled was
'Remove and Prevent Access to the Shutdown Command'.  I then created a shared
folder called 'Profiles' on DC1.

I created a user called est1 in 'Estimators' OU.  I logged on a workstation
with user 'est1' and, for testing, added a desktop shortcut to calc.exe.  I
restarted the workstation and logged in as administrator.  From
system/Advanced/User Profiles settings, I copied est1 profile to
\\dc1\profiles\ManProfile and added est1 in 'permitted to use'.

On DC1, I went to \profiles\ManProfile and changed ntuser.dat to
In Domain Users and Computers, I opened est1 and entered
'\\Dc1\Profiles\ManProfile' under user profile/profile path.

Mandatory profile is working.  Now my objective is to add new users in the
'Estimators' OU and assign them the mandatory profile.  I add user 'est2' in
the 'Estimators' OU, and enter '\\Dc1\Profiles\ManProfile' under user
profile/profile path. I give est2 full control to the ManProfile folder (same
as est1).

Here is problem: When I log in as est2, I get the shortcut to clac.exe, but
I also get the shutdown function.  If I remove the profile path from 'est2',
then a log in creates a local profile and shutdown is not available.  It
seems that any new user in the 'Estimators' OU that is directed to the
mandatory profile, loses the GPO for the OU.

I hope I was not too detailed, but wanted to portay an accurate step-by-step.

Any ideas?