Restrict roaming profiles and Folder Redirection to a specific Server

By | August 18, 2015

Some time you want to limit roaming profile and Folder Redirection to particular workstations or only to list of servers, don’t want users log into a server with their roaming profile and want to limit roaming profiles to just the specific workstations/server and block or disable it from other Windows Server 2008 and 2012 R2

Also Read: Reconfigure roaming profile folder and home folder permission for all the users

Restrict Folder Redirection feature to workstations and block it from servers

  • Open GPMC
  • Create New GPO or Edit the GPO which is linked to the server OU
  • Browse to User Configuration – Policies – Windows settings – Folder Redirection
  • Change “Target folder location” to “Redirect to local userprofile location”
  • Click Computer Configuration\Administrative Templates\System\Group Policy
  • Enable “User Group Policy loopback processing mode”
  • Set it to “Merge” mode.
  • Restart the server

Restrict roaming profiles to workstations and block it from specific server

  • Open GPMC
  • Create a new GPO.
  • Right click on the GPO and select Edit.
  • Computer Configuration\Administrative Templates\System\User Profiles
  • Enable both the “Prevent Roaming Profile changes from propagating to the server” setting
  • Select “Only allow local user profiles”
  • This will disable the roaming profiles.
  • Link newly created GPO to Server OU
  • Restart the server
  • Users with folder redirection settings will have local user profile folders while logging into server

Also Read: Roaming profile issues with VPN and low Bandwidth sites 

You can use Security Filtering to apply the GPO to specific server or create a new OU (organizational unit) and move required servers to that OU and link the GPO

We can use the above method to configure the roaming profile restriction to any server or only allow the roaming profile to the server you want and restrict other servers, this way we can disable roaming profiles based on machine

Also Read: Active Directory real time issues and solutions

Also you can user Terminal server profile setting which in only load when you login to server through terminal services or RDP the server, this will prevent to load user normal profile while login to server

Also Read: More post related to Windows Server 2012


Leave a Reply

Your email address will not be published. Required fields are marked *