E-Mail:

Mandatory Profiles In Windows Server 2003

Thursday, October 12th, 2006
by Diana Huggins

User profiles allow a user to keep their personalized settings so they do not have to reconfigure their computer each time they log onto the computer. However, if you want users to have a pre-configured desktop environment, you can assign a mandatory user profile. The procedure for implementing this is described below.

If you want to implement a mandatory profile that is stored on the network, your first step is to create a shared folder that will store the mandatory user profile. Open the Computer Management console on the computer that will hold the profile. Create a shared folder and assign Everyone full control. You can then proceed to the following steps that involve copying the user profile you want to become mandatory to the shared folder.

  1. Click Start and click Control Panel.
  2. Double click the System applet.
  3. Select the Advanced tab.
  4. Click the Settings button under User Profiles.
  5. Select the profile you want to use and click Copy To.
  6. Type in the path to the location of the shared folder you created before beginning these steps. Click OK.
  7. Under Permitted to use, ensure that the appropriate users are listed.
  8. Click OK.

The last step is to rename the profile you just copied to the shared folder from Ntuser.dat to Ntuser.man.

A mandatory user profile prevents any changes from being saved when a user logs off the computer. For example, if they make changes to the desktop, these changes will be discarded when the user logs off. Once you have a mandatory user profile created and saved to a shared folder, you can assign a mandatory to a user profile using the following steps:

  1. Click Start and click Control Panel.
  2. Double click the Administrative Tools applet.
  3. Double click the Computer Management applet.
  4. Expand System Tools/ Local Users and Groups.
  5. Double click the Users folder.
  6. In the right pane right click the user account you want to assign a mandatory profile to.
  7. On the Profile tab, type in the path to the location of the mandatory user profile (Ntuser.man).
  8. Click OK.

Any changes the user makes will no longer be saved to their profile and the user will have the same profile each time they log onto the network.

[tags]network,windows server 2003,mandatory profile,personalized settings,ntuser.dat,ntuser.man[/tags]

3 Comments

G Scot

May 14th, 2007
at 8:07am

This bit of advice presented me with 3 problems:

1. I was able to set the Path to my Share, but when you click OK (per the instructions above) it CLOSES that screen… you have to go BACK IN to use the “Permitted to Use” option…

2. When I DID try to use the “permitted to use” option, i got an error saying that the [share] could not be deleted (even though “Everyone” has “Full Control” of it)…

3. The PROFILE is not named “Ntuser.dat”… that is the Registry file INSIDE the Profile… Please be more precise…

Roberto

April 17th, 2008
at 7:50am

I have a question! I created a user on a windows server 2003 machine; the profile path aim to \\cs23\profiles\%username%(e.g:ws22) , and everything works fine , but once I tried to open the folder of the user (e.g:ws22) I can’t because the folder was created by the system. Alright I got that, then I tried to copy the profile from the machine where the roaming profile is running as you said, and I wasn’t successful. Do you have any sugesstion?
Thanks

Angel Mistry

July 3rd, 2008
at 12:57am

It is a permission problem, This is my suggestion:
1) When assigning roaming profiles, always create a new share first. Give everyone full control at (Shared Level) & read at (NTFS Level), create a folder within the share named after the intended roaming profile user.(e.g:The folder name should match the user name).
2)You must then block permissions from being inherited from the parent object. Otherwise, everyone will have read access to the folder.(e.g: all users will be able to see the docs and pics created by this user).
3)The usual stuff: Once you have created the necessary folders and defined the appropriate permissions, it’s time to redirect the user’s profile. To do so, open the Active Directory Users and Computers console, right click on a user account, and select the Properties command from the resulting shortcut menu. When you do, you will see the user’s properties sheet. Next, select the properties sheet’s Profile tab. Enter the user’s profile path as:
(\\server_name\share_name\user_name)
4) Careful: Test your profile path by typing it in the RUN command to check for Typing errors.

(e.g of a profile path:
\\DC.domain.com(server name)\PROFILES (Share)\Briad (User Name).

ANY QUESTIONS E-MAIL ME AT:
angelmistry@hotmail.com

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

GnomeREPORT - Oct 6, 2008

Reality Checks, Grooving With A Recoup

Database, Podcast - Oct 3, 2008

Steven Choy Measures Server Performance

Resources, Tech, VoIP, Wi-Fi - Oct 1, 2008

Telephony Magazine

GnomeREPORT - Sep 29, 2008

A PC Repair Slowdown?

66 queries / 0.294 seconds.