Dear all,
Enviorment:
2 DCs: Windows Server 2012R2
1 Terminalserver Session Broker: Windows Server 2016 (Session Broker and License Server)
3 Terminalserver Host: Windows Server 2016 (RDS Host)
If I deploy a new GPO on the DCs to the OU of the terminalservers the deployment works fine for all users. If I deactivate the GPO on the DCs and force the gpupdate on the terminalservers the GPO will stay activated to the users. After a bit of research it seems like the ntuser.dat from the user stored in the user profile disk won't be updated. If I delete the ntuser.dat manually and login again to the terminalservers I will get the right activated GPOs.
Folder permissons for the folder where the UPD are stored: Everyone (Read and Execute, Read Folder), System (Full Access), Every Terminalserver (Full Access), Domain-Admins (Full Access), Local Users (Read and Execute, Read Folder) Local Admins (Full Access)
File permissions for UPD vhd-files: Everyone (Read and Execute), System (Full Access), AD User himself (Full Access), Every Terminalserver (Full Access), Admin (Full Access), Domain-Admins (Full Access), Local Users (Read and Execute, Read Folder) Local Admins (Full Access)
For me it seems like the ntuser.dat do not work fine. Has anyone an idea?
Thanks!