Windows Thread, Creating a small mandatory profile in Technical; I am testing out mandatory profiles for the first time, does anyone have a walk through for creating the actual ...
29th April 2008, 06:05 PM #1
Creating a small mandatory profile
I am testing out mandatory profiles for the first time, does anyone have a walk through for creating the actual profile.
Basically I am trying to make it as small as possible to reduce network traffic. Our current roaming profiles are about 30mb big and that is too much.
What applications should I load and configure, Is there any software that I need to look out for like adobe stuff?
29th April 2008, 06:15 PM #2
Before you start - log on as administrator and go into RealPlayer, Quicktime, Acrobat Reader, JRE and check they're updated to where you want/need and test out flash and shockwave (BBC schools stuff is a good bet for making them fall over - I use Little Animals and Science Clips)
I move a mandatory profile user into Users in AD and make them a member of Administrators temporarily.
Go to the profile and rename ntuser.man to ntuser.dat (it's now a normal profile)
Then I logon as the mandatory profile user:
Go into Word, Excel, and set any defaults you use as standard :
e.g. default page size, default font, lose the "automatically create drawing canvas", add the picture toolbar, make default number of worksheets 1...
Go into BBC schools and try out the same flash/shockwave breakers as before - Try out RealPlayer using BBC Radio 2 or something.
Start RealPlayer, Acrobat Reader & QuickTime to make sure any Accept licence agreement stuff has been accepted.
After that, it's your own software
Before I finish, I delete cookies and temporary files to keep everything as small as poss
I go into google and turn Safe Search to its maximum (do this after deleting cookies as its in a cookie!)
After that log off - make the profile mandatory (rename ntuser.dat to ntuser.man) and put your user back where they should be in AD and remove them from Administrators.
Last edited by elsiegee40; 26th June 2008 at 01:20 PM.
Reason: Added in the rename bit
7 Thanks to elsiegee40:
button_ripple (2nd May 2008), garethedmondson (14th December 2009), Ryan (30th April 2008), stevenlong1985 (15th December 2008), tonyd (18th June 2008), zag (30th April 2008), Zoom7000 (17th September 2008)
29th April 2008, 08:53 PM #3
Walk through the registry and strip out everything that isn't neccessary (there's a whole load of junk in there) and then do the same for the profile's files (there's even more). Redirect *everything* you can - desktop, favourites, cookies, application data, temporary internet files - to a network location accessible to the user, so they don't have to carry the baggage around with them.
Thanks to powdarrmonkey from:
30th April 2008, 10:08 AM #4
I want to switch to mandatory profiles over summer, so this is very useful.
30th April 2008, 02:22 PM #5
I have just amended my earlier post to say that you must put Google Safe Search on Maxiximum AFTER you delete cookies - Safe search level is stored in a cookie!
Thanks to elsiegee40 from:
K.C.Leblanc (30th April 2008)
30th April 2008, 03:02 PM #6
Can you go into a bit more detail on the registry stuff?
Originally Posted by powdarrmonkey
I'm trying to get this as small as possible and dont really know what I'm looking at.
Last edited by zag; 30th April 2008 at 04:11 PM.
30th April 2008, 03:14 PM #7
Redirection help would be useful. I have tried to implement this before and was forced to do a monster u-turn as offline files decided to rear its ugly head and screw things up
1st May 2008, 01:01 PM #8
elsiegee40 is spot on, however one common problem with mandatory profiles is that the home drive is remembered, and of course (most of the time) each user has their own home drive.
The way I get around this, is create a copy of the domain administrator account (called admin2) and within Active Directory, remove the Home Folder directory for admin2. Leave it on Local Path and leave it blank.
When a user (configured to use the mandatory profile) logs on, the logon script will/should create the home directory dynamically without conflicting with any settings saved in the profile, because there's no home directory information saved
1st May 2008, 01:11 PM #9
Originally Posted by Michael
I have absolutely no problem with home drives... the Home drive for each pupil is redirected - using the Profile tab for the pupil in AD
Connect U: to \\servername\intake-nn\%username%
1st May 2008, 01:15 PM #10
Yes I agree, home drive information in AD and a logon script should usually do the trick, but I've seen it happen many times whereby home drive information stored in the profile (when the profile's being created) create conflicting results, such as home drives not being mapped correctly.
If the administrator account you're creating the profile with has no home drive, then there's nothing to conflict with
1st May 2008, 07:19 PM #11
You can only redirect so much with group policy; for other things, like 'Application Data', 'Desktop' etc you will find a set of registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\UserShellFolders.
1st May 2008, 09:44 PM #12
- Rep Power
You can redirect Application Data and Desktop with Group Policy.
1st May 2008, 10:03 PM #13
1st May 2008, 10:11 PM #14
- Rep Power
The main prob I had was the My Documents redirection (the only redirect I do) it wouldnt work as like previously said it gets stuck on the one it was done on. So the trick is to create the original without and AD policys in effect.
I do shared mandatorys here, saves loads of hassle ( I have 1 for pupils, or 2 as one on each DC so its load balanced)
Also (at least with shared) its important to use the Advanced tabs on My Computer-> propertys to copy the final profile with the right ACLs. You would of though it was a simple matter of setting the ACLs on the resulting files but you are supposed to use this tab to do that (must alter other non file stuff also, maybe the reg hive?)
Also have found redirection occasionally not working (strange message in event log) and if a pupil then saves to my documents and it hasnt redirected its not pretty when they log off! I then use VB to create icons and printers after.
Last edited by blacksheep; 1st May 2008 at 10:18 PM.
2nd May 2008, 11:32 AM #15
Just started using mandatory profiles on our workstation PCs (auto logon for adult education) rather than the HDGuard (think Deepfreeze) system we have at the moment. Makes life a lot easier with consistent settings.
I've redirected My Documents, Start Menu and Desktop, stored in Sysvol so it's replicated and won't go down (well if it does then it means AD is broke anyway lol)
If I remember rightly to redirect Favorites in XP \ 2003 you have to use a reg patch, just need to find out what happens if a user adds their own in with mandatory profile - hopefully it'll wipe it on next logon...
There's a step by step guide here, very useful
Mandatory Profiles - EduGeek.net Wiki
By dtakias in forum Windows
Last Post: 3rd March 2009, 12:35 PM
Last Post: 11th March 2008, 01:28 PM
By FN-GM in forum Windows Vista
Last Post: 7th August 2007, 01:00 AM
By windy in forum Wireless Networks
Last Post: 7th April 2006, 12:17 PM
By GrumbleDook in forum Windows
Last Post: 23rd January 2006, 11:54 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)