A nice tool to manage your environment with Mandatory Profiles is Immidio Flex Profiles.
I’m going to install this tool in my Windows 2003 Terminal Server environment.
— First install the Immidio Flex Profile application on your Terminal Server(s). When executing the Immidio Flex Profiles.msi file, no services are installed and no reboots are required. The Flex Profiles MSI file must be executed under an account with administrative privileges, since a small number of registry keys are added to the HKEY_LOCAL_MACHINE hive.
Note! To install the Framework unattended, just run the following command. msiexec /i “\\Server\Share\Immidio Flex Profiles.msi” /qn
— The Flex Profiles framework includes a compressed file that is used for central configuration purposes: Flex_Config.zip. Extract this file in a central and fault tolerant network share using a Zip program, such as WinZip. The target folder can be a share on a file cluster or the NETLOGON share or SYSVOL folder on a domain controller. The scripts included in Flex_Config.zip help you to centrally configure Flex Profiles.
— Configuring the Flex Profiles in the logon and logoff script is rather simple. The syntax to activate Flex Profiles is as follows.
An example for a logon script may look as follows.
CSCRIPT /NOLOGO “%PROGRAMFILES%\Immidio\Flex Profiles\Flex_Framework.vbs” LOGON \\FLEX.local\NETLOGON\Flex_Config
In the logoff script, specify the LOGOFF option instead:
CSCRIPT /NOLOGO “%PROGRAMFILES%\Immidio\Flex Profiles\Flex_Framework.vbs” LOGOFF \\FLEX.local\NETLOGON\Flex_Config
IMPORTANT: Proper timing is essential when setting up Flex Profiles in a user logon script. It is recommended to run the Flex Framework script in the logon script after the home directories are mapped and before other application settings are configured. Additionally it is recommended to enable the policy Run logon scripts synchronously in order to prevent applications or the desktop from starting while the logon script is still running.
— In order to configure the Flex Profiles Framework the file Framework.ini in the Flex configuration folder needs to be opened and modified with an adequate ANSI editor, such as Notepad.
I’ve edit this setting to [LOCATIONS] STOREROOT, this setting configures the root of the path where the profile archives are stored.
STOREROOT=3 uses the user’s Terminal Server home directory directly from AD (Only supported with Windows Server 2003 and Windows Server 2008 in an AD environment). By default the vallue is 1.
— After you login on your Teminal Server environment, and you logoff, you’ll see the following folder in your users home directory _Settings. Here are the user specific settings that will be saved when the users are logoff. As you can see, all the .ZIP file are exactly the same as in your NETLOGON directory, were you can make you settings per application! You can add new INI files if you want to add some application settings, or even delete some INI files from appliations that are not used in your environment.