+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2008 R2 Thread, Windows 7 mandatory profile. in Technical; Hi All. Bit late to the party as always, but need some advice. We have mandatory profiles here for pupils ...
  1. #1
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39

    Windows 7 mandatory profile.

    Hi All.

    Bit late to the party as always, but need some advice.

    We have mandatory profiles here for pupils and have done for as long as I've been here but have only ever used XP. They have never given me any problems and do exactly what we need.

    Now with the change to 7 I wonder if anyone here can help with this question.

    Not all of our PC's are going to be changed over at once, so although I really need to get this sorted I am a bit confused if I can actually make it work.

    Our mandatory profile is picked up through the profile tab in AD as per the below picture:

    Class AD.jpg

    If I change the 'profile path' option to look at this new .V2 profile I need to make, will it then not apply to any machine the pupils log onto still running XP?

    Is it all or nothing or can I make it look for the XP profile 'or' the 7 profile?

    Kol.

  2. #2
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,184
    Thank Post
    47
    Thanked 152 Times in 133 Posts
    Rep Power
    46
    You name the profiles the same thing for example

    Student.v2 - win 7
    Student - XP

    Then just point to \\server\share\Student in AD and the PC will differentiate between the two.

  3. #3

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,779
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    Yup, use the same profile name but add .v2 to the name of the profile directory, placing that in the same share as the XP profile. Don't change the profile path in AD - it's smart and can tell if it needs the v2 profile itself.

  4. #4
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Ah I see, all our profiles are just chucked into one massive folder called.... 'Profiles'... and then named explicitly in the AD user properties profile path.

    If I sub-folder these two profiles, I would not have to drill down so far and name the explicit profile? Just point it to the sub-folder?

    Kol.

  5. #5

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,779
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    You'd put:

    \\servername\sharename\profile

    into AD. Then you'd have two folders in \\servername\sharename called:

    profile (containing the XP profile)
    profile.v2 (containing the Vista/7 profile)

    That's it.

  6. #6
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Thanks I think I can bash my way through that one now!

    Can anyone point me to a guide for creating the pupil mandatory profile?

    Something a bit specific for our sector? Not like the generic MS ones...

    We are on a domain and I will be reinstalling 30 ICT computers over this week. We don't have any imaging server or software apart from an old copy of GHOST 11 (not the full suite just the imaging part) so it will be a real PITA as it will all be manual installation/update/AV/programs/office .

    Anyone got a nice simple, clean, pukka, works-every-time guide?

    Kol.

  7. #7
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Oh no!

    Anyone?

  8. #8

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,779
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    Uggh, I've tried to find my guide that I did on here a while back. There's an MS approved way (involving sysprep, much faff and time) or there's my way, which involves:

    Create a user with no GPs applied, log on to a PC, set the profile settings that you'd like (e.g. loading Office for the first time, Creative Suite for the first time, etc). You then log off, log in as admin, copy the profile to a share accessible to everyone, and load the ntuser.dat into Regedit.

    You then change the permissions on the hive you have loaded into Regedit so that Everyone has full control. You can use this opportunity to change settings on the hive via regedit, and cut its size down a bit if needed.

    Change the NTFS permissions on the share for the profile so that students can Read but not Write to it. Now change ntuser.dat to ntuser.man. Change the profile path of a test student to point to the profile directory (don't include .v2 in that name).

    Now log in, test, tweak, test and re-test.

    I cannot accept any responsibility for this causing havoc on your particular domain! I can only say that we have been running with this exact system for nearly four years now, and the profiles have been reliable (and they delete from workstations at logoff etc). For best result, I combined this with redirected AppData - that way, programs that don't like redirected Appdata also get a nice local Appdata folder that is deleted when they log off. Logons are quick for us as a result - it's best to try to keep the profile below 1MB.

  9. Thanks to 3s-gtech from:

    Koldov (18th February 2014)

  10. #9
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Quote Originally Posted by 3s-gtech View Post
    You then log off, log in as admin, copy the profile to a share accessible to everyone, and load the ntuser.dat into Regedit.

    ...it's best to try to keep the profile below 1MB.
    Hmmm... OK, struggling a bit with this one as:

    a) The copy to button is greyed out, is there another way?

    b) All profiles I create show as 50-70MB! I thought I was hiding and deleting stuff! Where has all this extra stuff come from? Appdata? I can see why you wouldn't want to pull that down everytime 30 kids log-on, but how do I remove this now and redirect it?

    Kol.

    P.S. Sorry for stupid questions, I've never done this before...

  11. #10

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,779
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    a) Copy and paste the profile folder (C:\Users\username) in Explorer. Shouldn't be greyed out there.
    b) Most of that size will be guff stuffed into the profile - things like Media Player items. Go through it looking at the folder sizes and cut out the chuff - there's not much that'll need to stay.

  12. #11
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    464
    Thank Post
    44
    Thanked 73 Times in 68 Posts
    Rep Power
    20
    Quote Originally Posted by Koldov View Post
    We are on a domain and I will be reinstalling 30 ICT computers over this week. We don't have any imaging server or software apart from an old copy of GHOST 11 (not the full suite just the imaging part) so it will be a real PITA as it will all be manual installation/update/AV/programs/office .

    Kol.
    Please don't. If you don't have the time or equipment to setup a full blown wds or mdt at the very least capture an image with imagex sysprep that image and then deploy that to the other 29

  13. #12
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Quote Originally Posted by 3s-gtech View Post
    a) Copy and paste the profile folder (C:\Users\username) in Explorer. Shouldn't be greyed out there.
    b) Most of that size will be guff stuffed into the profile - things like Media Player items. Go through it looking at the folder sizes and cut out the chuff - there's not much that'll need to stay.
    There's not a lot in there really apart from AppData\Local\Microsoft\Windows\WebCache\WebCacheV 01.dat = 32MB

    Is that an Internet History cache? I haven't even been on the internet in this profile! Safe to delete? I've deleted history etc. Didn't make a difference...

    There is also a big folder to do with Windows Mail?

    Quote Originally Posted by MordyT View Post
    Please don't. If you don't have the time or equipment to setup a full blown wds or mdt at the very least capture an image with imagex sysprep that image and then deploy that to the other 29
    So I take it you don't suggest using that old copy of Ghost? Thing is I'm getting close to the wire on this one and don't have a lot of time to learn the 'nuances' of new software (well, new to me)... Anyway it doesn't look like I'm going to have the mandatory profile thing down in time, so I'm not going to put Win7 on the machines if I can't lock it up.

    Kol.
    Last edited by Koldov; 20th February 2014 at 03:39 PM.

  14. #13

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,779
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    Safe to delete both files. Then have a look at FOG, if you want a simple alternative to Ghost. Free and awesome.

  15. #14
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    464
    Thank Post
    44
    Thanked 73 Times in 68 Posts
    Rep Power
    20
    Quote Originally Posted by Koldov View Post
    So I take it you don't suggest using that old copy of Ghost? Thing is I'm getting close to the wire on this one and don't have a lot of time to learn the 'nuances' of new software (well, new to me)... Anyway it doesn't look like I'm going to have the mandatory profile thing down in time, so I'm not going to put Win7 on the machines if I can't lock it up.

    Kol.
    To be honest, setting up MDT would take less then a day from scratch for someone who never used it before. You could simply setup one PC, open MDT, tell it to capture a image, and it does the rest.

    Other alternatives such as fog or clonezilla as well. Just don't setup each one. Ghost works as well.

  16. #15
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    505
    Thank Post
    101
    Thanked 50 Times in 46 Posts
    Rep Power
    39
    Ok thanks for your help so far.

    A couple of questions though...

    A folder called Pupil.pdm.V2 has been written back to the profiles folder to which admin has no access to. Does anyone know what that is?

    Also nothing has come up in the Start Menu at all! I had removed most of it in the original profile I created but then pinned some standard programs there, but they do not appear.

    Kol.

    Edit: Ah well, it seems I have bigger problems... First log-in is fine, but subsequent log-ins throw up errors, MSCEP complains, GPO's don't apply, some web pages don't load and desktop icons don't appear! I am out of time to get this rolled out over the half-term, so I guess I can take my time until April the 8th...

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 22nd March 2012, 01:02 PM
  2. Windows XP, Mandatory profiles and GPO Failure
    By dhorowitz in forum Windows
    Replies: 4
    Last Post: 29th April 2011, 05:26 PM
  3. Replies: 6
    Last Post: 28th March 2011, 11:32 PM
  4. Replies: 23
    Last Post: 15th March 2011, 09:24 AM
  5. Windows 7 & XP Mandatory Profile
    By pritchardavid in forum Windows
    Replies: 1
    Last Post: 22nd November 2009, 07:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •