Categories

General Articles
Hardware
Internet
Jokes
Miscellaneous Page 1
Miscellaneous Page 2
Security
Software
Spyware and Adware
Start Up Applications
System Performance Page 1
System Performance Page 2
Troubleshooting
Usability Page 1
Usability Page 2
User Interface Page 1
User Interface Page 2
User Interface Page 3

Need help? Visit our Discussion Forum!
Search


Advanced Search
Article Options
Popular Articles
  1. Handwrite for MSN Messenger
  2. Windows XP FAQ T
  3. The difference between 64 and 32 bit processors
  4. Win2000 Logon Screen
  5. Windows XP FAQ S
No popular articles found.

 »  Home  »  Security  »  Create an XP Pro Mandatory User Profile on the Local Machine
Create an XP Pro Mandatory User Profile on the Local Machine
By  Super Admin  | Published  02/25/2005 | Security | Rating:
Create an XP Pro Mandatory User Profile on the Local Machine

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named Defuser. Logout of the Administrator account and login to the new defuser account. Immediately logout of the defuser account and log back in to the Administrator account. Go back to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Double click on the new user Defuser. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\). Click OK and then close Computer Management.

Right click My Computer and select Properties from the menu then the advanced Tab/user profiles settings button. Scroll down the list and locate the user Defuser. Click on it (to highlight it) and select the Copy To button. In the Copy Profile To section, type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\). In the Permitted To Use section, click the Change button and type in the words Authenticated Users. Click the Checknames button then click Ok. Click Ok again.
Navigate to the X:\WINDOWS\All Users\Defuser folder. Right click on the ntuser.dat file and select rename from the menu. Rename the file to ntuser.man


Re-Cap

The steps above just created a mandatory user profile named DefUser. Any new or existing user that is assigned to Defuser profile cannot save any changes to the desktop or user environment. Each time the user logs off the changes are discarded. This implementation allows for a uniform desktop among designated users but not necessarily all users of the machine.

 

Assigning the Defuser User Profile to any new user

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named User1. Double click (in the right hand pane) on the new user User1. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\).

When User1 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

 

Assigning the Defuser User Profile to any existing user

Example: Existing user is User2

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder.

In the right hand pane, double click on User2. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:\).

When User2 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

How would you rate the quality of this article?
1 2 3 4 5
Poor Excellent
Tell us why you rated this way (optional):

Send to Author Post on Site
Comments
  • Comment #1 (Posted by Petrov Petrovic)
    Rating
    I have followed your advice to the letter. However when logging onto the assigned account I recieve the following (in part), "Windows did not load your profile because a server copy of the profile folder already exists that does ot have the correct security. Either the current user or the Administrators group must be the owner of the folder". There is no server to speak of as the PC is in a "workgroup". In the "Permitted to use" the "Everyone" group was changed after, the location of the profile was changed to under C: to no effect. Further comment is appreciated thank you.
     
  • Comment #2 (Posted by an unknown user)
    Rating
    Excellent
     
  • Comment #3 (Posted by an unknown user)
    Rating
    "Windows did not load your profile because a server copy of the profile folder already exists that does ot have the correct security. Either the current user or the Administrators group must be the owner of the folder" This is due to the incorrect placement of profile folder path. Use the local acces path instead and try again
     
  • Comment #4 (Posted by an unknown user)
    Rating
    Doesnt work.
     
  • Comment #5 (Posted by an unknown user)
    Rating
    I followed these instructions, and it loads most of the desktop as I set it, but there are features in XP that are not correctly set. The Start menu retains the XP theme, the simple file sharing option can't be turned off. There are othre items too. This seems like a good hack, and was fun to try out, but I don't think it's a profile in the strict MS sense.
     
  • Comment #6 (Posted by an unknown user)
    Rating
    I had my machine working by connecting it to a domain first then set the mandatory profile as stated above, path location does not matter in my case, I stored it in c:manprofile, everything else is more or less as the author said. I then dropped out of the domain to a workgroup. The profile is picked up from the c:manprofile every times it loads then. I was trying to get it working without connecting to the domain, but quest I will have no choice now.
     
  • Comment #7 (Posted by Andrew Pagano)
    Rating
    The article started off quite well, but in the end I ran into the same issue as Petrov did. Unknown user #3's comment did not offer much in the way of problem resolution. I copied the path directly from the explorer window and it still gave me the log in problem. I tried adding everyone to the security group, but that did not work out. A nudge in the right direction would be quite lovely here. Thanks
     
  • Comment #8 (Posted by Andrej)
    Rating
    That is the common problem with Windows. You do something EXACTLY as written in their manuals. And it DOES NOT work. A simple madness. MS ideas of user administratrion, profiles, shares is simply put a nightmare. Comapre it to gone technologies like Netware login scripts that simply WORKED.
     
  • Comment #9 (Posted by an unknown user)
    Rating
    good idea, but as far as I know you can only do this to roaming profiles on a network share. not local copies on your HDD.
     
Submit Comment