Categories




Still have a problem? Ask for help at our discussion forum.
Search


Advanced Search
Article Options
Popular Articles
  1. Handwrite for MSN Messenger
  2. Win2000 Logon Screen
  3. The difference between 64 and 32 bit processors
  4. Windows XP FAQ T
  5. Windows XP FAQ P
No popular articles found.

 »  Home  »  Security  »  Create an XP Pro Mandatory User Profile on the Local Machine
Create an XP Pro Mandatory User Profile on the Local Machine
By  Super Admin  | Published  02/25/2005 | Security | Rating:
Create an XP Pro Mandatory User Profile on the Local Machine

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named Defuser. Logout of the Administrator account and login to the new defuser account. Immediately logout of the defuser account and log back in to the Administrator account. Go back to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Double click on the new user Defuser. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\). Click OK and then close Computer Management.

Right click My Computer and select Properties from the menu then the advanced Tab/user profiles settings button. Scroll down the list and locate the user Defuser. Click on it (to highlight it) and select the Copy To button. In the Copy Profile To section, type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\). In the Permitted To Use section, click the Change button and type in the words Authenticated Users. Click the Checknames button then click Ok. Click Ok again.
Navigate to the X:\WINDOWS\All Users\Defuser folder. Right click on the ntuser.dat file and select rename from the menu. Rename the file to ntuser.man


Re-Cap

The steps above just created a mandatory user profile named DefUser. Any new or existing user that is assigned to Defuser profile cannot save any changes to the desktop or user environment. Each time the user logs off the changes are discarded. This implementation allows for a uniform desktop among designated users but not necessarily all users of the machine.

 

Assigning the Defuser User Profile to any new user

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named User1. Double click (in the right hand pane) on the new user User1. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\).

When User1 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

 

Assigning the Defuser User Profile to any existing user

Example: Existing user is User2

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder.

In the right hand pane, double click on User2. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\).

When User2 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

How would you rate the quality of this article?
1 2 3 4 5
Poor Excellent
Tell us why you rated this way (optional):

Send to Author Post on Site

Comments
  • Comment #1 (Posted by Petrov Petrovic)
    Rating
    I have followed your advice to the letter. However when logging onto the assigned account I recieve the following (in part), "Windows did not load your profile because a server copy of the profile folder already exists that does ot have the correct security. Either the current user or the Administrators group must be the owner of the folder". There is no server to speak of as the PC is in a "workgroup". In the "Permitted to use" the "Everyone" group was changed after, the location of the profile was changed to under C: to no effect. Further comment is appreciated thank you.
     
  • Comment #2 (Posted by an unknown user)
    Rating
    Excellent
     
  • Comment #3 (Posted by an unknown user)
    Rating
    "Windows did not load your profile because a server copy of the profile folder already exists that does ot have the correct security. Either the current user or the Administrators group must be the owner of the folder" This is due to the incorrect placement of profile folder path. Use the local acces path instead and try again
     
  • Comment #4 (Posted by vicente martinez de cestafe ochoa de eribe)
    Rating
    Escellent tutorial. I did exactly as this tutorial says and I had the same problem that Mr Petrovic relates. I solved it by putting the profile folder owner to the local "Administrators" group, and it worked ...!
     
  • Comment #5 (Posted by Vicente Martínez de Cestafe Ochoa de Eribe)
    Rating
    This is a excellent tutorial. I had the same problem that posted comment #1 (Mr Petrovich) but I solved it by setting the ownership of the folder that contains the profile to the Local Administrators group of the machine. And worked !!!
     
  • Comment #6 (Posted by an unknown user)
    Rating
    Doesnt work.
     
  • Comment #7 (Posted by an unknown user)
    Rating
    I followed these instructions, and it loads most of the desktop as I set it, but there are features in XP that are not correctly set. The Start menu retains the XP theme, the simple file sharing option can't be turned off. There are othre items too. This seems like a good hack, and was fun to try out, but I don't think it's a profile in the strict MS sense.
     
  • Comment #8 (Posted by an unknown user)
    Rating
    I had my machine working by connecting it to a domain first then set the mandatory profile as stated above, path location does not matter in my case, I stored it in c:manprofile, everything else is more or less as the author said. I then dropped out of the domain to a workgroup. The profile is picked up from the c:manprofile every times it loads then. I was trying to get it working without connecting to the domain, but quest I will have no choice now.
     
  • Comment #9 (Posted by Andrew Pagano)
    Rating
    The article started off quite well, but in the end I ran into the same issue as Petrov did. Unknown user #3's comment did not offer much in the way of problem resolution. I copied the path directly from the explorer window and it still gave me the log in problem. I tried adding everyone to the security group, but that did not work out. A nudge in the right direction would be quite lovely here. Thanks
     
  • Comment #10 (Posted by Andrej)
    Rating
    That is the common problem with Windows. You do something EXACTLY as written in their manuals. And it DOES NOT work. A simple madness. MS ideas of user administratrion, profiles, shares is simply put a nightmare. Comapre it to gone technologies like Netware login scripts that simply WORKED.
     
  • Comment #11 (Posted by an unknown user)
    Rating
    doesnt' work for limited users. Profile only works for the OWNER of the folder. That can only be Administrators group or the creator
     
  • Comment #12 (Posted by an unknown user)
    Rating
    Exactly what I needed to know in clear concise English
     
  • Comment #13 (Posted by an unknown user)
    Rating
    All is well done but remember some tips: - work on the defprofile to reset every application profile and licence request. - copy profile an remeber to force the ownership to the Administration group. - I have add only the authenticate user to security profile and all messsage disappers Enjoy it
     
  • Comment #14 (Posted by an unknown user)
    Rating
    good idea, but as far as I know you can only do this to roaming profiles on a network share. not local copies on your HDD.
     
  • Comment #15 (Posted by an unknown user)
    Rating
    very clear and useful
     
  • Comment #16 (Posted by an unknown user)
    Rating
    I had the same errors but once i changed ownership of the profile folder to the user it worked perfect
     
  • Comment #17 (Posted by Terence)
    Rating
    For those encountering this error: "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. " Turn off "Do not check for user ownership of Roaming Profile Folders" under Computer configurationAdministrative TemplatesSystemUser Profiles in Group Policy Editor.
     
  • Comment #18 (Posted by an unknown user)
    Rating
    i got that same error. u need to make sure the mandatory user is the owner of the folder being used for the profile.
     
Submit Comment