我在让一组用户停止使用漫游配置文件时遇到了一些严重的问题。
正如预期的那样,我已在整个域中启用了漫游配置文件。 - 但我正在执行 GPO 过滤,限制范围。我最初将其设置为经过身份验证的用户进行漫游,但由于域已扩展到多个位置,我将范围限制为仅靠近中央办公室的人员。
我链接的 GPO 过滤到我创建的组,该组包括我不想拥有漫游配置文件的用户。此 GPO 位于域的根目录,启用了“强制”设置,因此它应该覆盖其下方的任何设置。*顺便说一句,这是我目前设置为“强制”的唯一 GPO。
我知道 GPO 正在运行,因为我可以看到在漫游配置文件下登录的用户的原始注册表设置 - 然后,在我进行组策略更改后,同一个用户登录时,注册表反映了本地配置文件。
但不幸的是,即使进行了这些设置,用户仍然会在其中一台服务器上获得一个漫游配置文件。
同一用户帐户(更新 gpo 之后)的 gpresult 列在下面的代码块中。您可以在该输出的顶部看到,它实际上是在处理漫游配置文件。- 果然,在托管漫游配置文件文件共享的服务器上,它会在用户登录后为其创建一个文件夹。
为了测试目的,我删除了用户配置文件的所有副本,包括漫游和本地。但问题仍然存在。- 所以我显然在更大范围内的组策略设置中遗漏了一些东西。
有人能指出我在这里遗漏了什么吗?
*****gpresult /r*****
Microsoft (R) Windows (R) 操作系统组策略结果工具 v2.0 版权所有 (C) Microsoft Corp. 1981-2001
创建于 2010 年 5 月 15 日上午 8:59:00
***** 上 ********** 的 RSOP 数据:记录模式
操作系统配置:成员工作站操作系统版本:6.1.7600 站点名称:N/A 漫游配置文件:\*****\profiles$***** 本地配置文件:C:\Users***** 通过慢速链接连接?:否
用户设置
CN=*****,OU=*****,OU=*****,OU=*****,DC=*****,DC=*****
Last time Group Policy was applied: 5/15/2010 at 8:52:02 AM
Group Policy was applied from: *****.*****.com
Group Policy slow link threshold: 500 kbps
Domain Name: USSLINDSTROM
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
ForceLocalProfilesOnly
InternetExplorer_*****
GlobalPasswordPolicy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
DAgentFirewallExceptions
Filtering: Denied (Security)
WSAdmin_*****
Filtering: Denied (Security)
NetlogonFirewallExceptions
Filtering: Not Applied (Empty)
NetLogon_*****
Filtering: Denied (Security)
WSUSUpdateScheduleManualInstall
Filtering: Denied (Security)
WSUSUpdateScheduleDaily_0300
Filtering: Denied (Security)
WSUSUpdateScheduleThu_0100
Filtering: Denied (Security)
AlternateSSLFirewallExceptions
Filtering: Denied (Security)
SNMPFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleSun_0100
Filtering: Denied (Security)
SQLServerFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleTue_0100
Filtering: Denied (Security)
WSUSUpdateScheduleSat_0100
Filtering: Denied (Security)
DisableUAC
Filtering: Denied (Security)
ICMPFirewallExceptions
Filtering: Denied (Security)
AdminShareFirewallExceptions
Filtering: Denied (Security)
GPRefreshInterval
Filtering: Denied (Security)
ServeRAIDFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleFri_0100
Filtering: Denied (Security)
BlockFirewallExceptions(8400-8410)
Filtering: Denied (Security)
WSUSUpdateScheduleWed_0100
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
WSUS_*****
Filtering: Denied (Security)
LogonAsService_Idaho
Filtering: Denied (Security)
ReportServerFirewallExceptions
Filtering: Denied (Security)
WSUSUpdateScheduleMon_0100
Filtering: Denied (Security)
TFSFirewallExceptions
Filtering: Denied (Security)
Default Domain Policy
Filtering: Not Applied (Empty)
DenyServerSideRoamingProfiles
Filtering: Denied (Security)
ShareConnectionsRemainAlive
Filtering: Denied (Security)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
*****Users
VPNAccess_*****
NetAdmin_*****
SiteAdmin_*****
WSAdmin_*****
VPNAccess_*****
LocalProfileOnly_*****
NetworkAdmin_*****
LocalProfileOnly_*****
VPNAccess_*****
NetAdmin_*****
Domain Admins
WSAdmin_*****
WSAdmin_*****
*****
*****
Schema Admins
*****
Enterprise Admins
Denied RODC Password Replication Group
High Mandatory Level
答案1
我只是忽略了 AD 中的简单配置文件位置设置。太糟糕了。
现在已经修复。