IT Professionals

Mandatory Profiles In Windows Server 2003

Posted by on Oct 12, 2006 | 7 Comments

User profiles allow a user to keep their personalized settings so they do not have to reconfigure their computer each time they log onto the computer. However, if you want users to have a pre-configured desktop environment, you can assign a mandatory user profile. The procedure for implementing this is described below.

If you want to implement a mandatory profile that is stored on the network, your first step is to create a shared folder that will store the mandatory user profile. Open the Computer Management console on the computer that will hold the profile. Create a shared folder and assign Everyone full control. You can then proceed to the following steps that involve copying the user profile you want to become mandatory to the shared folder.

  1. Click Start and click Control Panel.
  2. Double click the System applet.
  3. Select the Advanced tab.
  4. Click the Settings button under User Profiles.
  5. Select the profile you want to use and click Copy To.
  6. Type in the path to the location of the shared folder you created before beginning these steps. Click OK.
  7. Under Permitted to use, ensure that the appropriate users are listed.
  8. Click OK.

The last step is to rename the profile you just copied to the shared folder from Ntuser.dat to Ntuser.man.

A mandatory user profile prevents any changes from being saved when a user logs off the computer. For example, if they make changes to the desktop, these changes will be discarded when the user logs off. Once you have a mandatory user profile created and saved to a shared folder, you can assign a mandatory to a user profile using the following steps:

  1. Click Start and click Control Panel.
  2. Double click the Administrative Tools applet.
  3. Double click the Computer Management applet.
  4. Expand System Tools/ Local Users and Groups.
  5. Double click the Users folder.
  6. In the right pane right click the user account you want to assign a mandatory profile to.
  7. On the Profile tab, type in the path to the location of the mandatory user profile (Ntuser.man).
  8. Click OK.

Any changes the user makes will no longer be saved to their profile and the user will have the same profile each time they log onto the network.

[tags]network,windows server 2003,mandatory profile,personalized settings,ntuser.dat,ntuser.man[/tags]

  • G Scot

    This bit of advice presented me with 3 problems:

    1. I was able to set the Path to my Share, but when you click OK (per the instructions above) it CLOSES that screen… you have to go BACK IN to use the “Permitted to Use” option…

    2. When I DID try to use the “permitted to use” option, i got an error saying that the [share] could not be deleted (even though “Everyone” has “Full Control” of it)…

    3. The PROFILE is not named “Ntuser.dat”… that is the Registry file INSIDE the Profile… Please be more precise…

  • Roberto

    I have a question! I created a user on a windows server 2003 machine; the profile path aim to \\cs23\profiles\%username%(e.g:ws22) , and everything works fine , but once I tried to open the folder of the user (e.g:ws22) I can’t because the folder was created by the system. Alright I got that, then I tried to copy the profile from the machine where the roaming profile is running as you said, and I wasn’t successful. Do you have any sugesstion?
    Thanks

  • Angel Mistry

    It is a permission problem, This is my suggestion:
    1) When assigning roaming profiles, always create a new share first. Give everyone full control at (Shared Level) & read at (NTFS Level), create a folder within the share named after the intended roaming profile user.(e.g:The folder name should match the user name).
    2)You must then block permissions from being inherited from the parent object. Otherwise, everyone will have read access to the folder.(e.g: all users will be able to see the docs and pics created by this user).
    3)The usual stuff: Once you have created the necessary folders and defined the appropriate permissions, it’s time to redirect the user’s profile. To do so, open the Active Directory Users and Computers console, right click on a user account, and select the Properties command from the resulting shortcut menu. When you do, you will see the user’s properties sheet. Next, select the properties sheet’s Profile tab. Enter the user’s profile path as:
    (\\server_name\share_name\user_name)
    4) Careful: Test your profile path by typing it in the RUN command to check for Typing errors.

    (e.g of a profile path:
    \\DC.domain.com(server name)\PROFILES (Share)\Briad (User Name).

    ANY QUESTIONS E-MAIL ME AT:
    angelmistry@hotmail.com

  • http://Mandetoryprofile angelmistry@hotmail.com

    Hi

    Please tell me that while I am configuring Mandetory profile by coping default user profile from win XP document & Setting to server shared location and changing Ntuser.DAT to Ntuser.MAN ,profle is loaded fine but problem is that while write click on desktop in New Tab only show New folder and Shortcut now show all window related file i.e word bitmap image , excel notpad like.

    pls solve my problem as soon as possible .

    Thank & Regards
    krishan kumar
    mail at yadav_ky@yahoo.co.in

  • Dave

    We use mandatory profiles and when the person logs off the profiles are suppose to be deleted but they are not. On logoff it leaves a temp profile over and over and over until the harddrive fills up then the user can’t login. The profiles are named username.domainname.000 and on….any ideas? Microsoft says its a network issue according to their help pages, could it be a cabling issue? We have a 10 gig backbone but are using old cables, I mean old at least six or eight years old.

  • Tim

    Mandatory profiles prevent changes. If you want he profiles to be deleted at logout, the users must be a member of the local Guests group.

  • Anonymous

    What about Pixelmator?