I have a Windows Server 2003 box which will be acting as a terminal server. It will actually be running Citrix, but I don't believe that to be relevant here.
There has been a request for every user to use a single mandatory profile. I've used mandatory profiles before, but there have been generally different profiles for different users so I've always used the "Terminal Services Profile" tab to good effect.
What I'd like this time is a single setting, such as a Group Policy or similar that simply forces every non-domain admin user logging on to the box into using the mandatory profile. We'll be using Folder Redirection to take care of everything else.
I'm aware of the following GPO:
Computer Policy\Computer Configuration\Administrative Templates\Windows Components/Terminal Services
Set path for TS Roaming Profiles
But, as that's a computer policy, will it not apply to all users including administrators? If so, is it possible to exclude admins somehow?
This is probably going to be disappointing, but there is no way to exclude admins (or anyone for that sake) when you use a computer policy.
We're in the same bucket here, where administrators get a roaming profile. We've tried tons of different approaches, but it's just not possible to get away from unless you use the terminal services profile field in AD.
Since this is a Computer Policy it applies to everyone regardless of access. You did mention Citrix; if you have enterprise or platinum edition, you may be able to achieve something close to what you want by using Profile Manager.
You would set up the Citrix Profile Management .admx template and create a GPO specifying a "template profile" instead of a mandatory profile. In the policy you can then either specify "processed groups" or disable the "Process logons of local administrators".
The template profiles don't allow the use of mandatory profiles exactly, so you can't use an ntuser.man, it would have to be a ntuser.dat.
Feel free to downvote this, my initial answer was totally wrong and this answer isn't great either. I had somehow overlooked the fact that it is indeed a computer policy.