I'm having some serious issues getting a group of users to stop using roaming profiles.
As expected, I have roaming profiles enabled accross the domain. - But am doing GPO filtering, limiting the scope. I originally had it set to authenticated users for Roaming, but as the domain has branched out to multiple locations, I've limited the scope to only people that are near the central office.
The GPO that I have linked filtered to a group I have created that include users that I don't want to have roaming profiles. This GPO is sitting at the root of the domain, with the "Forced" setting enabled, so it should override any setting below it. *On a side note, it is the ONLY GPO that I have set to "Forced" right now.
I know the GPO is working, since I can see the original registy settings on a user that logged in under roaming profiles - and then that same user logging in after I made the Group Policy changes, the registry reflects a local profile.
But unfortunately, even after making those settings - the user is given a roaming profile on one of the servers.
A gpresult of that same user account (after the updated gpo) is listed in the code block below. You can see right at the top of that output, that it is infact dealing with a roaming profile. - And sure enough, on the server that's hosting the file share for roaming profiles, it creates a folder for the user once they log in.
For testing purposes, I've deleted all copies of the user's profile, roaming and local. But the problem is still here. - So I'm aparently missing something in the group policy settings on a wider scale.
Would anybody be able to point me in the direction of what I'm missing here?
*gpresult /r***
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 5/15/2010 at 8:59:00 AM
RSOP data for ** on * : Logging Mode
OS Configuration: Member Workstation
OS Version: 6.1.7600
Site Name: N/A
Roaming Profile: \\profiles$**
Local Profile: C:\Users***
Connected over a slow link?: No
USER SETTINGS
CN=*****,OU=*****,OU=*****,OU=*****,DC=*****,DC=*****
Last time Group Policy was applied: 5/15/2010 at 8:52:02 AM
Group Policy was applied from: *****.*****.com
Group Policy slow link threshold: 500 kbps
Domain Name: USSLINDSTROM
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
ForceLocalProfilesOnly
InternetExplorer_*****
GlobalPasswordPolicy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
DAgentFirewallExceptions
Filtering: Denied (Security)
WSAdmin_*****
Filtering: Denied (Security)
NetlogonFirewallExceptions
Filtering: Not Applied (Empty)
NetLogon_*****
Filtering: Denied (Security)
WSUSUpdateScheduleManualInstall
Filtering: Denied (Security)
WSUSUpdateScheduleDaily_0300
Filtering: Denied (Security)
WSUSUpdateScheduleThu_0100
Filtering: Denied (Security)
AlternateSSLFirewallExceptions
Filtering: Denied (Security)
SNMPFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleSun_0100
Filtering: Denied (Security)
SQLServerFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleTue_0100
Filtering: Denied (Security)
WSUSUpdateScheduleSat_0100
Filtering: Denied (Security)
DisableUAC
Filtering: Denied (Security)
ICMPFirewallExceptions
Filtering: Denied (Security)
AdminShareFirewallExceptions
Filtering: Denied (Security)
GPRefreshInterval
Filtering: Denied (Security)
ServeRAIDFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleFri_0100
Filtering: Denied (Security)
BlockFirewallExceptions(8400-8410)
Filtering: Denied (Security)
WSUSUpdateScheduleWed_0100
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
WSUS_*****
Filtering: Denied (Security)
LogonAsService_Idaho
Filtering: Denied (Security)
ReportServerFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleMon_0100
Filtering: Denied (Security)
TFSFirewallExceptions
Filtering: Denied (Security)
Default Domain Policy
Filtering: Not Applied (Empty)
DenyServerSideRoamingProfiles
Filtering: Denied (Security)
ShareConnectionsRemainAlive
Filtering: Denied (Security)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
*****Users
VPNAccess_*****
NetAdmin_*****
SiteAdmin_*****
WSAdmin_*****
VPNAccess_*****
LocalProfileOnly_*****
NetworkAdmin_*****
LocalProfileOnly_*****
VPNAccess_*****
NetAdmin_*****
Domain Admins
WSAdmin_*****
WSAdmin_*****
*****
*****
Schema Admins
*****
Enterprise Admins
Denied RODC Password Replication Group
High Mandatory Level