+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
Windows Thread, Creating a small mandatory profile in Technical; I am testing out mandatory profiles for the first time, does anyone have a walk through for creating the actual ...
  1. #1
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98

    Creating a small mandatory profile

    I am testing out mandatory profiles for the first time, does anyone have a walk through for creating the actual profile.

    Basically I am trying to make it as small as possible to reduce network traffic. Our current roaming profiles are about 30mb big and that is too much.

    What applications should I load and configure, Is there any software that I need to look out for like adobe stuff?

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,194
    Thank Post
    1,923
    Thanked 2,413 Times in 1,767 Posts
    Rep Power
    840
    Before you start - log on as administrator and go into RealPlayer, Quicktime, Acrobat Reader, JRE and check they're updated to where you want/need and test out flash and shockwave (BBC schools stuff is a good bet for making them fall over - I use Little Animals and Science Clips)

    I move a mandatory profile user into Users in AD and make them a member of Administrators temporarily.
    Go to the profile and rename ntuser.man to ntuser.dat (it's now a normal profile)

    Then I logon as the mandatory profile user:
    Go into Word, Excel, and set any defaults you use as standard :
    e.g. default page size, default font, lose the "automatically create drawing canvas", add the picture toolbar, make default number of worksheets 1...

    Go into BBC schools and try out the same flash/shockwave breakers as before - Try out RealPlayer using BBC Radio 2 or something.

    Start RealPlayer, Acrobat Reader & QuickTime to make sure any Accept licence agreement stuff has been accepted.

    After that, it's your own software

    Before I finish, I delete cookies and temporary files to keep everything as small as poss

    I go into google and turn Safe Search to its maximum (do this after deleting cookies as its in a cookie!)

    After that log off - make the profile mandatory (rename ntuser.dat to ntuser.man) and put your user back where they should be in AD and remove them from Administrators.
    Last edited by elsiegee40; 26th June 2008 at 01:20 PM. Reason: Added in the rename bit

  3. 7 Thanks to elsiegee40:

    button_ripple (2nd May 2008), garethedmondson (14th December 2009), Ryan (30th April 2008), stevenlong1985 (15th December 2008), tonyd (18th June 2008), zag (30th April 2008), Zoom7000 (17th September 2008)

  4. #3

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    Walk through the registry and strip out everything that isn't neccessary (there's a whole load of junk in there) and then do the same for the profile's files (there's even more). Redirect *everything* you can - desktop, favourites, cookies, application data, temporary internet files - to a network location accessible to the user, so they don't have to carry the baggage around with them.

  5. Thanks to powdarrmonkey from:

    Ryan (30th April 2008)

  6. #4
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    30
    I want to switch to mandatory profiles over summer, so this is very useful.

  7. #5

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,194
    Thank Post
    1,923
    Thanked 2,413 Times in 1,767 Posts
    Rep Power
    840
    I have just amended my earlier post to say that you must put Google Safe Search on Maxiximum AFTER you delete cookies - Safe search level is stored in a cookie!

  8. Thanks to elsiegee40 from:

    K.C.Leblanc (30th April 2008)

  9. #6
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    Quote Originally Posted by powdarrmonkey View Post
    Walk through the registry and strip out everything that isn't neccessary (there's a whole load of junk in there) and then do the same for the profile's files (there's even more). Redirect *everything* you can - desktop, favourites, cookies, application data, temporary internet files - to a network location accessible to the user, so they don't have to carry the baggage around with them.
    Can you go into a bit more detail on the registry stuff?

    I'm trying to get this as small as possible and dont really know what I'm looking at.
    Last edited by zag; 30th April 2008 at 04:11 PM.

  10. #7
    Ryan's Avatar
    Join Date
    Jan 2008
    Location
    Scotland
    Posts
    537
    Thank Post
    12
    Thanked 16 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    30
    Redirection help would be useful. I have tried to implement this before and was forced to do a monster u-turn as offline files decided to rear its ugly head and screw things up

  11. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    elsiegee40 is spot on, however one common problem with mandatory profiles is that the home drive is remembered, and of course (most of the time) each user has their own home drive.

    The way I get around this, is create a copy of the domain administrator account (called admin2) and within Active Directory, remove the Home Folder directory for admin2. Leave it on Local Path and leave it blank.

    When a user (configured to use the mandatory profile) logs on, the logon script will/should create the home directory dynamically without conflicting with any settings saved in the profile, because there's no home directory information saved

  12. #9

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,194
    Thank Post
    1,923
    Thanked 2,413 Times in 1,767 Posts
    Rep Power
    840
    Quote Originally Posted by Michael View Post
    elsiegee40 is spot on, however one common problem with mandatory profiles is that the home drive is remembered, and of course (most of the time) each user has their own home drive.

    The way I get around this, is create a copy of the domain administrator account (called admin2) and within Active Directory, remove the Home Folder directory for admin2. Leave it on Local Path and leave it blank.

    When a user (configured to use the mandatory profile) logs on, the logon script will/should create the home directory dynamically without conflicting with any settings saved in the profile, because there's no home directory information saved

    I have absolutely no problem with home drives... the Home drive for each pupil is redirected - using the Profile tab for the pupil in AD

    Connect U: to \\servername\intake-nn\%username%

  13. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Yes I agree, home drive information in AD and a logon script should usually do the trick, but I've seen it happen many times whereby home drive information stored in the profile (when the profile's being created) create conflicting results, such as home drives not being mapped correctly.

    If the administrator account you're creating the profile with has no home drive, then there's nothing to conflict with

  14. #11

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    You can only redirect so much with group policy; for other things, like 'Application Data', 'Desktop' etc you will find a set of registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\UserShellFolders.

  15. #12

    Join Date
    Jun 2005
    Location
    London, UK
    Posts
    115
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    21
    You can redirect Application Data and Desktop with Group Policy.

  16. #13

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    you can?

  17. #14
    Unvalidated User
    Join Date
    Nov 2007
    Location
    the Pub
    Posts
    255
    Thank Post
    7
    Thanked 11 Times in 10 Posts
    Rep Power
    0
    The main prob I had was the My Documents redirection (the only redirect I do) it wouldnt work as like previously said it gets stuck on the one it was done on. So the trick is to create the original without and AD policys in effect.
    I do shared mandatorys here, saves loads of hassle ( I have 1 for pupils, or 2 as one on each DC so its load balanced)
    Also (at least with shared) its important to use the Advanced tabs on My Computer-> propertys to copy the final profile with the right ACLs. You would of though it was a simple matter of setting the ACLs on the resulting files but you are supposed to use this tab to do that (must alter other non file stuff also, maybe the reg hive?)
    Also have found redirection occasionally not working (strange message in event log) and if a pupil then saves to my documents and it hasnt redirected its not pretty when they log off! I then use VB to create icons and printers after.
    Last edited by blacksheep; 1st May 2008 at 10:18 PM.

  18. #15
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,726
    Thank Post
    176
    Thanked 229 Times in 211 Posts
    Rep Power
    69

    Thumbs up

    Just started using mandatory profiles on our workstation PCs (auto logon for adult education) rather than the HDGuard (think Deepfreeze) system we have at the moment. Makes life a lot easier with consistent settings.

    I've redirected My Documents, Start Menu and Desktop, stored in Sysvol so it's replicated and won't go down (well if it does then it means AD is broke anyway lol)

    If I remember rightly to redirect Favorites in XP \ 2003 you have to use a reg patch, just need to find out what happens if a user adds their own in with mandatory profile - hopefully it'll wipe it on next logon...

    There's a step by step guide here, very useful

    Mandatory Profiles - EduGeek.net Wiki



SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Can you have a local mandatory profile?
    By dtakias in forum Windows
    Replies: 16
    Last Post: 3rd March 2009, 12:35 PM
  2. Replies: 3
    Last Post: 11th March 2008, 01:28 PM
  3. mandatory profile in vista
    By FN-GM in forum Windows Vista
    Replies: 11
    Last Post: 7th August 2007, 01:00 AM
  4. Mandatory profile and GPO settings
    By windy in forum Wireless Networks
    Replies: 14
    Last Post: 7th April 2006, 12:17 PM
  5. Modifying a mandatory profile - printers
    By GrumbleDook in forum Windows
    Replies: 4
    Last Post: 23rd January 2006, 11:54 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •