+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 44
Windows Thread, Local TEMP profile woes !!!! in Technical; Hi All, I have just found that if a student logs onto a PC and at the right moment pulls ...
  1. #1
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Local TEMP profile woes !!!!

    Hi All,

    I have just found that if a student logs onto a PC and at the right moment pulls the network cable out not only does the mandatory profile fail to load but he/she is the logged on locally with FULL access under a TEMP profile.

    None of our user have local profiles and the deny logonlocally GPO setting has been set but windows seems to think that:

    a) the user has part authenticated on the domain
    b) the user does no have a local profile so what the heck I'll create one for them
    c)i'll give them full access to the PC also.

    Although they have bog standard user rights on the PC it does however allow them to bypass the proxy filtering we have setup which is also a pain.

    My question is first and foremost does anyone know how to disable the temp profile from being created?? and not let them logon locally

    Any help as always apreciated.........

  2. #2
    Midget's Avatar
    Join Date
    Oct 2006
    Location
    In a Server Room cutting through a forest of Cat5e
    Posts
    1,298
    Thank Post
    5
    Thanked 59 Times in 49 Posts
    Rep Power
    39

    Re: Local TEMP profile woes !!!!

    I'd go and find the kid that worked this out, and give him a handshake followed by a clip around the ear.

  3. #3
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Re: Local TEMP profile woes !!!!

    I have just been through GPO revising some of the settings and have addedd the following to the list:

    Computer Config >> Admin Templates >> System >> User Profiles:

    Delete Cached Copies of roaming profiles (Enabled) also use delprof
    (NEW) Wait for remote user profile (enabled)
    (NEW) Log user off when roaming profile fails (enabled)

    I am going to wait for GPO ito update across the doamin and then try it with our test users, i'll let you know how it goes.

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Local TEMP profile woes !!!!

    If your using local default profiles and not one in the netlogon then theres a post on this subject somewhere, where people put a script in the startup section to log people off if that profile was used. I also think the "wait for network" setting should help as well.

    As for bypassing the filtering you should have your firewall set to only allow your filter access to the internet or other similar rule.

  5. #5


    Join Date
    Oct 2006
    Posts
    3,387
    Thank Post
    183
    Thanked 350 Times in 279 Posts
    Rep Power
    147

    Re: Local TEMP profile woes !!!!

    If that dont work i vagly remember someone saying "Interactive logons...."


    Have a look for that and post back as we have the same problem (but it doesnt realy matter to us as we dont have the default gateway in so they have nothing to gain by doing this...)

  6. #6

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    480
    Thank Post
    30
    Thanked 13 Times in 7 Posts
    Rep Power
    18

    Re: Local TEMP profile woes !!!!

    My god, what time they have on their hands!

    I'm going to give this a shot tomorrow in work! It'll be interesting to see what our GPO's are set too.

    I'll give you some feedback depending on the outcome.

  7. #7
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Local TEMP profile woes !!!!

    According to an MS 70-270 exam, the way to prevent users logging on whilst disconnected from the network is to set the 'cached logon count' to 0. That in combination with the 'logoff when roaming profile fails' should do the trick.

  8. #8
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Re: Local TEMP profile woes !!!!

    @ajbritton

    You are correct, I went back to basics last night and did some testing on a VMServer I have and this worked.

    I have put this in place this morning and will again test this afternoon.

  9. #9
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Re: Local TEMP profile woes !!!!

    It would seem that if you pull the NIC cable out before you logon then the cached logon count setting works however seeing as the kids are waiting for logon and then just before the profile is brought down then they pull the cable, wait for the profile error message, then put the cable back in this setting does nothing.

    The corrupt policy setting also does not work as the profile is not being classed as corrupt just "not available"

    This is becoming a pain in the a$£* to sort out.....

  10. #10

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,977
    Thank Post
    587
    Thanked 1,496 Times in 1,342 Posts
    Rep Power
    398

    Re: Local TEMP profile woes !!!!

    How about some classroom control and the kids doing this being severly disciplined as they should not be messing about with cables?

    Not everything needs a technological solution.

    Ben

  11. #11
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Local TEMP profile woes !!!!

    Assuming students are working from a single mandatory profile, then you could cache it on the PC. Get a Startup Script to copy the profile down to somewhere like C:\Profiles\Students. Configure the user accounts to get their profile from C:\Profiles\Students. Obviously you will need to set the appropriate security on C:\Profiles\Students so that the students cannot mess with the files. It might even improve logon times. If you use Robocopy in the Startup Script, then even if the profile is large, it will only have to be downloaded once.

  12. #12
    alonebfg's Avatar
    Join Date
    Aug 2006
    Location
    south west some of the time
    Posts
    834
    Thank Post
    12
    Thanked 34 Times in 21 Posts
    Blog Entries
    5
    Rep Power
    23

    Re: Local TEMP profile woes !!!!

    also set the local gpo to proxy then even if the do get to the local profile they will be forced to use the set proxy. If not do what i did and set the local profile proxy to stop and port to 0 and then they will have no internet access.(lol) if i rember righty a friend in a business set a sever iis and then set up a site and if someone tried to access the web via a local profile it bought up a error on event log so he also found out who it was so after finding out how the did it he told the boss got them sacked. will try find out how he did it if you like.

  13. #13
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Re: Local TEMP profile woes !!!!

    @alonebfg:

    How/where have you set the local proxy GPO to nothing (this is ideally what I need to do)

    Have you done this locally on each PC?? (we have 600 of them)

    Or have you done this via GPO?? (if so we have a GPO policy for proxy setup but as they are pulling the NIC cables out the GPO settings are NOT being applied.....

  14. #14
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Local TEMP profile woes !!!!

    As I said earlier you need to configure your router/firewall to allow only your proxy to the internet and not allow them to circumvent it.

  15. #15
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61

    Re: Local TEMP profile woes !!!!

    @ ChrisH:

    Have setup a rule in ISA to allow HTTP:HTTPS:FTP outbound access ONLY from our content filter and this works so that has solved that issue.

    Also have put in place GPO's so that is profile is partially downloaded the user is auto logged off, this also works, have forced proxy settings on a per machine basis instead of per user although this does not really matter due to the ISA rules.

    Local profiles are killed off each time the PC's start and in combination with cached logons set to 0 this stops that method of entry.

    So the only thing left and between you and me might take some doing, if you allow the profile to load up to the point that the background on the desktop changes and then pull the NIC cable out this kills GPO from coming down.

    As users are logged on with mere user rights there is not much they can do BUT they can trash the PC which is just a pain for me so how to stop this??

    Answers on a postcard to the usual address.........

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 7
    Last Post: 26th February 2010, 10:00 AM
  2. West London Temp to Perm
    By SpecialAgent in forum Educational IT Jobs
    Replies: 0
    Last Post: 2nd October 2007, 01:56 PM
  3. PC Temp Sensor
    By mmoseley in forum General Chat
    Replies: 4
    Last Post: 18th June 2007, 12:58 AM
  4. Local Profile issues
    By johnkay21 in forum Windows
    Replies: 2
    Last Post: 8th May 2007, 12:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •