Windows 2003 Terminal Server – Prevent roaming profile changes from propagating to the server for certain users

Scenario:

There a two types of terminal server users and they need to have profiles setup in 2 different ways:

  1. First group – use single shared profile located on the network \\Server\ShareName\TMS-Profile.  Any changes user makes to the profile are not propagated to the network copy of the profile – every time users log on they receive a fresh profile copy.
  2. Second group – every user have an individual user profile located on the network \\Server\ShareName\UserName. All changes are saved back to the network profile copy on log-off.

Solution:

Normally I would use group policy to setup all terminal server settings, including user profiles. In this scenario problem is that “Prevent Roaming Profile changes from propagating to the server” is part of Group Policy Computer Configuration section, therefore policy can’t be filtered for different user groups.

I resolved this by setting Terminal Server Profile Path in AD user object Properties.
Terminal Server - Prevent roaming profile changes from propagating to the server for certain users

  1. First group of users had profile path set to the \\Server\ShareName\TMS-Profile. To prevent changes propagating back to the server profile was made mandatory. To make profile mandatory you simply rename NTUSER.DAT to NTUSER.MAN which is located in profile root folder (this is hidden system file). Read more about mandatory profiles here.
  2. Second group of users had profile path set simply to \\Server\ShareName\UserName without any additional configuration.

This is not perfect solution, but it works well enough as there are not too many terminal server users. If anyone knows better and more efficient way to achieve this let me know.