About roaming profiles ...

mariegeniamariegenia Member Posts: 27 ■□□□□□□□□□
Hello again!!!

I need help with some concepts about roaming profiles. I know that if i have users in my organization that logon on differents computer i must configure the profile in the server share folder %username% to mantain the configurations for each desktop.

But if i need to configure a fixed profile for a group of user in orden to discart changes made by every user (all user must have the same desktop configurations)... how to implement this?
I mean all users must have the same desktop and can make changes but at logoff the changes will be discarted.

Thanks in advance ...

Marie
working on 70-291

70-290

Comments

  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    What you are talking about is a mandatory profile.

    1. Copy a profile to a network server (lets say \\server1\profiles\mandatory)
    2. Within the profile rename the NTUSER.DAT file to NTUSER.MAN,
    3. Point all your users at this profile (either through a GPO or by editing their user account properties). Instead of using \\server1\profiles\%username% you would point them all at the same one (with no %username%).
  • mariegeniamariegenia Member Posts: 27 ■□□□□□□□□□
    I think of that, but i also think in another solution.
    Point to the same profile but instead of naming it .man avoid changes by GPO.

    What's your opinion? Do you think this also work? You suggested the other option because don't need so much administrative work?

    Thanks!!!

    Marie
    working on 70-291

    70-290
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    I'm not sure how you want to use a GPO to prevent changes to the profile? What setting were you planning on configuring?

    I suggested that particular way because what you are asking for is a mandatory profile shared by multiple users. Renaming the NTUSER.DAT file to .MAN is what tells Windows to never write any changes back to the profile.
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    Aside from changing the ntuser.dat to ntuser.man, which will do what you're asking, there is a tool available from Microsoft called SteadyState. Give it a shot, it may be closer to the solution you're asking for. As for locking profiles via Group Policy. . . that's something I'm afraid I don't have enough experience to answer. There may be a way, but you'll have to wait for the more advanced Windows gurus on this forum to weigh in on the question.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Yeah SteadyState is good if you are trying to implement something where *everything* the user does is erased at logoff (adding software, changing drivers, etc).

    From the subject of the post I thought this was limited to user profiles, but if thats more what you're looking for it works well. DeepFreeze (http://www.faronics.com/html/deepfreeze.asp) is an even more powerful option but it's not free.
  • mariegeniamariegenia Member Posts: 27 ■□□□□□□□□□
    I imagine that can group accounts in an OU1.
    Then configure a GPO linked to OU1, edit it an configure things such us:

    UserConfiguration/AdministrativeTemplates/Desktop/
    *Don't save settings at exit

    or

    UserConfiguration/AdministrativeTemplates/ControlPanel/Display
    *Prevent for changing wallpaper
    working on 70-291

    70-290
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    That won't prevent application settings and such from being saved to the profile. I would just use a mandatory profile, that's why the option exists.
Sign In or Register to comment.