0
1
In Windows XP, there is a way to configure it so that it would force every single domain users to a single profile in an local machine upon log in.
However I can't find the way to do this in Windows 7.
Does anyone have any recommendations?
0
1
In Windows XP, there is a way to configure it so that it would force every single domain users to a single profile in an local machine upon log in.
However I can't find the way to do this in Windows 7.
Does anyone have any recommendations?
0
What you are looking for is called a mandatory profile. There is an MSDN article and an MS KB article on it. The latter has an explanation for exactly how to create and implement it.
1
Delete Setup account andany other accounts that have a profile folder and choose "delete files"
Make group policy changes
Complete all customizations
I have tested this method in a non AD environment and a bare AD virtual environment. If your organization uses Domain level gpo's you may need to make sure there are no gpo's that will over-write the local policies above.
Also, if you have a Network default profile in the Netlogon share you may need to set the permissions on that folder to deny all. I haven't tested yet to see the behavior if that share exists. So I still need to verify that the 3 local policies mentioned above will stop the profile search of the local machine from going to the network to trying to pull the Default Network Profile.
If you try that before I have posted an update please feel free to post your results here.
There's a few things that seem specific to your install - step 6 and step 8 of your systprep method. – Journeyman Geek – 2012-02-17T23:58:35.900
Yeah, I got excited. I found the edit button and took out anything related to my specific environment. – Rod Echols – 2012-02-21T19:04:09.240
Is there any way to store the mandatory profile in local machines not a file server? – Anatoli – 2010-06-09T14:08:09.233
Yes. I believe there are two ways to do this. Because the local machine is the logon server, you could create a NETLOGON share on it, and place it there. The other (probably better way) is to just rename the NTUSER.DAT file in the user's profile (likely under
C:\users\username\
) to NTUSER.MAN, and then remove the NTUSER.DAT file. I believe that will work too, but have not tested myself. – nhinkle – 2010-06-09T17:18:25.403Could you possible explain in step by step on how to do it if possible? – Anatoli – 2010-06-09T21:06:16.707