Dear All,

I have a group of 150 users on my domain that I would like to setup to have temporary profiles when the log onto the computer. Do help me get the procedure of setting up these settings.

We don't have enough space for roaming profiles and yet wwe don't want them to have any of there work left on the desktop once they log off.

5 Years
Discussion Span
Last Post by Mve83

Hi what you need are mandatory profiles not temporary profiles. I use them for over 1000 users and work a treat. You can get an xp mandatory profile down to as little as 3mb while a 7 profile to about 25mb so will not take up much room on your server.

For xp you need to do following:

Create local user account on workstation and give local admin rights.

Login to the workstation with the user you have just created and customise settings as desired. At this point a neat trick is open the registry hkey current user software Microsoft windows explorer user shell folders and change the app data folder location to c:\appdata (create this folder manually) and give everyone full control permissions. Copy the contents of all users appdata and current user appdata to c:\appdata

This helps you with profile size, speed and consistent user application experience. Now delete contents if current user app data and all users but leave root folder there.

Now add/remove desktop shortcuts and start menu items as required in the current user profile best to do it this way than use gpo folder redirection of start menu and desktop as it can slow performance if there are dead links.

Then once done log off user and then log back in just to test everything is ok.

Once happy log back off and log on as domain admin

Go to system properties and click the advanced tab. Then user profiles. Select the user profilemyou have just created and click copy to

In location unc path to profile share on network or you can choose default user on the local machine. Change the permission to use to everyone and click ok.

Once done. Go to the profile location you have just sent it to and change ntuser.dat to ntuser.man to make it mandatory.

Make sure that the profile location folder share has full control for everyone or desired user security group.

If copied to default user on local machine your job is done. Just delete the local old profiles of users using delprof.exe and next time they login they will have mandatory profile!

If network profile path change the profile path on users active directory properties to unc to profile share. If you have many use admodify.net

Then run delprof.exe on all machines (can do via shutdown script) and everyone will have a mandatory profile in next login!

Now win7 a completely different animal!

First create a local user like before and make your customisations as before. Redirect appdata/roaming to c:\appdata and set permission as before in xp.

Finish making customisations.

Log off

Log back in to check

Now the official way to now get a mandatory profile is this. There are shortcuts likemusing windows enabler or a manual copy with reg permission changes but no matter what people say on here they don't always work properly.

Create an unattend.XML file with the <copyprofile>1</copyprofile> tag added into the generalize phase. Use windows system image manager for this by downloading the wi 7 aik - for thus I am assuming you will find out how it works elsewhere.

Once your unattend.XML is created copy to c:\windows\system32\sysprep

Log in as the user you want to copy the profile from

Open command prompt and type c:\windows\system32\sysprep\sysprep.exe /oobe /restart /generalize /unattend:c:\windows\system32\sysprep\unattend.XML

Press enter.

Wait for sysprep to complete. Not important that your pc doesn't die right now! Lol

This copies the active profile to the local default user profile.

On restart login as domain admin and then go to advanced system properties user profiles and click on default profile. Then press copy to and choose location as before. Rename folder if on a share to folder name.v2 this is important!! The .v2 suffix tells win 7 it is a version 2 profile. If you don't do this your user experience will fail.

Change ntuser.dat to ntuser.man at default user profile location on workstation if using local profile location or at unc location. You

It is important to note that if you expect a user to have a mandatory profile for xp and win 7 simultaneously you must make the profile share location the same folder name as the each other but the win7 folder should have the .v2 suffix. E.g. Mandatoryprofile (for xp profile) and mandatoryprofile.v2 (for win7 profile). This applies to network share using ad only.

Modify users ad properties using admodify for bulk edits to unc location and delprof the same as before. If wanting user to have both xp and win7 mandatory profile enter the location of the xp profile in the ad profile properties tab. Applying the logic above the system will recognise both profiles dependant on the machine o/s

Hope this helps




By the way mandatory profiles will not allow a user to save any settings on log off. So every time they login it will be as it was the very first time thus achieving you goal.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.