General discussion


Strange policy/profile issue - Svr. 2003

By Daddy123 ·
Hello all,
I work in a school district. We have a Windows Server 2003 Active Directory domain. We have over a hundred Dell Latitude D600 laptops running Windows XP SP1a, and over a hundred Dell D620 laptops running Windows XP SP2 that the students use. These are spilt up into 4 schools with each school having their own username (i.e. CG, IR, SH, FB). All of the students in a class logon as ?one user?, i.e. CG, IR. So there could be up to 25 laptops, logging on as the same user at about the same time.
Last year the students wreaked havoc on these laptops, i.e. changing desktops, deleting and changing icons, deleting folders, etc. During this past summer we have implemented a total lockdown of the laptops, (and PCs) through Active Directory using Mandatory Profiles and Group Policies. The profiles are stored on their respective member servers, on the site where the specific users login to the domain. I used a mandatory profile in conjunction with the group policies because I could not setup a common desktop (with all the same icons) in the policies.
Now, after thorough testing I have encountered a strange obstacle: If we logon the laptops (specifically the new ones with SP2) in the building, through the local server that the profile is stored on, it is a 50/50 chance that it will pick up the mandatory profile and/or policy. But; if we logon to any one of the other 3 remote sites, everything works wonderful 100% of the time. So locally it does not work a majority of the time, remotely it does. Does that make sense? Do we have to burden the Primary Domain Controller with housing all of the profiles, or is there a fix for this? Is there a way to setup a definite, non-changing desktop (icons) in the policies without having to use a Mandatory Profile with the policies? Are there issues when you use both together?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Dumphrey In reply to Strange policy/profile is ...

This sounds like maybe you have the policy misconfigured. How, Im not sure. As for overburdening the DC with all the prfiles, thats only an issue on inital boot. After the laptop/workstation has booted, there is no continued burden on the DC. I understand money can be tight in a school, but you may want to consider useing Deepfreeze instead of GP.
It is a very good product that I have used for several years. Administration can be time consuming on the front end, but virtualy nill after set up is complete.

Collapse -

by curlergirl In reply to Strange policy/profile is ...

Could you clarify exactly the procedure you're using to log on? When you make a distinction between logging on "through the local server," versus "to any of the other 3 remote sites," what specifically are you doing differently in the two scenarios? Something here doesn't make sense to me. If the local server is a member server and not a DC, you can only log on to it locally, not to the domain. If it is connected via a RRAS connection to the domain, then you are still logging on to the domain, not the local server. If you could explain in a little more detail, it would be helpful.

Related Discussions

Related Forums