+ Post New Thread
Results 1 to 9 of 9
Windows Thread, Mandatory Desktop in Technical; we are in the process of moving away from winsuite to a mandatory desktop. we are using using folder redirection ...
  1. #1
    AJRussell's Avatar
    Join Date
    Jun 2009
    Posts
    28
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    12

    Mandatory Desktop

    we are in the process of moving away from winsuite to a mandatory desktop. we are using using folder redirection on user my documents and app data. these both work.

    the issue is adding the mandatory desktop to the users account. i have followed microsoft documentation on how to create it and renaming the ntuser.dat to ntuser.man. i have added it into the user properties, but this doesn't work.

    i have also tried to add it into the desktop part of the folder redirection in GPO. this still doesn't work. i have look through countless forums on the net and they all say it shoould work, but it doesn't.

    Please help

  2. #2
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,726
    Thank Post
    176
    Thanked 229 Times in 211 Posts
    Rep Power
    69
    When you say mandatory desktop do you mean profile as in users can't change settings etc or a desktop that has set shortcuts etc on and can't be modified by the user?

  3. #3
    AJRussell's Avatar
    Join Date
    Jun 2009
    Posts
    28
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    it is a desktop with set shortcuts so that user can't change it

  4. #4
    alexsanger's Avatar
    Join Date
    Oct 2009
    Location
    London
    Posts
    117
    Thank Post
    21
    Thanked 23 Times in 21 Posts
    Rep Power
    15
    You need to save the profile that you have made mandatory on a network share that the users have read access to, then set the path to this share as their profile path in AD, as you would with a roaming profile.

    You can redirect the Start Menu and Desktop folders seperately in Group Policy in the same way as My Documents and App Data, and customise them as you need.

    Easiest way is to set up a test user with the profile path you want to use for the mandatory profile. Give the user admin rights and log on with it. It will create a profile in the specified location. Log off, and change the users permissions back. Meanwhile, browse to the newly created .DAT file and rename it .MAN

    Combined with your redirection settings you should now have a mandatory profile ready to use.
    Last edited by alexsanger; 8th August 2011 at 01:09 PM.

  5. Thanks to alexsanger from:

    speckytecky (8th August 2011)

  6. #5
    AJRussell's Avatar
    Join Date
    Jun 2009
    Posts
    28
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    @ alexanger

    i have put the mandatory on a network share with read access. i have changed it from .dat to .man

    am i right in think that if i redirect the desktop to the mandatory profile folder\desktop this will put all the folders / shortcuts on the desktop?

    also when i add the path to the profile for a test user, it defaults the my documents to the local machine\documents and settings folder. am i missing something else

  7. #6
    alexsanger's Avatar
    Join Date
    Oct 2009
    Location
    London
    Posts
    117
    Thank Post
    21
    Thanked 23 Times in 21 Posts
    Rep Power
    15
    If you have not moved the desktop folder from its default location within the mandatory profile folders then you do not need to specify any folder redirection.

    You can redirect the desktop to any location you wish. The desktop folder only contains shortcuts that you would want to appear on the users desktops. If you don't want them to make changes, only give them read permissions on the folder and turn off active desktop and so on. To achieve this you do not necessarily need to worry about a mandatory profile.

    You only put the path to the .MAN into the Profile Path of the user details in Active Directory. It does not need to affect the desktop redirection. If the entire profile is stored in this location just as it was created (all folders are in the default locations) then you can specify the path in the user details in AD, and you do not need to redirect the desktop folder.

    The advantage to using a redirected folder is that you can modify it on the fly, and the changes are instant, rather than requiring the users to log off and back on.

    Hope that helps.

  8. #7
    Chad's Avatar
    Join Date
    May 2007
    Location
    Elgin
    Posts
    74
    Thank Post
    5
    Thanked 20 Times in 19 Posts
    Rep Power
    19
    Quote Originally Posted by alexsanger View Post
    The advantage to using a redirected folder is that you can modify it on the fly, and the changes are instant, rather than requiring the users to log off and back on.
    And also:

    The disadvantage to using a redirected folder is that you can modify it on the fly, and the changes are instant, rather than requiring the users to log off and back on.

    Scenario: using a DFS based shared desktop, somebody forgot to tie down the security permissions to read only on a new replica added into the DFS. It didn't take long for students to discover that, sometimes after logging in (i.e. when they were directed to that particular DFS replica), they had write access to the desktop. On saving an MP3 there, suddenly it appeared on an awful lot of desktops! Other files then followed with, let's say, some "creative" filenames which soon led to complaints.

    Luckily we were using push replication from the master share so they didn't do any permanent damage, and the "file owner" tab proved very useful

    Chad

  9. Thanks to Chad from:

    alexsanger (8th August 2011)

  10. #8
    alexsanger's Avatar
    Join Date
    Oct 2009
    Location
    London
    Posts
    117
    Thank Post
    21
    Thanked 23 Times in 21 Posts
    Rep Power
    15
    Thanks for the chuckle - it would be nice if DFS could be set to propogate NTFS permissions based on the namespace or replication settings though. (Unless it can and I don't know...).

  11. #9
    Chad's Avatar
    Join Date
    May 2007
    Location
    Elgin
    Posts
    74
    Thank Post
    5
    Thanked 20 Times in 19 Posts
    Rep Power
    19
    I think 2008R2 provides more features (such as ABE enabled DFS) but I was unable to pursue such a setup as our forest functional level is too low at the moment. Hopefully setting the NTFS/share settings can be set centrally too and will propogate through to all replicas - definitely something I'd like to see, but I don't know if that's there either at the moment.



SHARE:
+ Post New Thread

Similar Threads

  1. Local Mandatory Profile, StartMenu & Desktop
    By pritchardavid in forum Windows 7
    Replies: 0
    Last Post: 11th June 2010, 11:57 AM
  2. Remote Desktop Services - Mandatory Profiles
    By mmoseley in forum Windows Server 2008 R2
    Replies: 4
    Last Post: 15th March 2010, 09:31 AM
  3. [Pics] New Mandatory Desktop Wallpaper
    By SYNACK in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 19th January 2010, 07:10 PM
  4. Post Your Desktop
    By StuartC in forum General Chat
    Replies: 12
    Last Post: 8th August 2005, 03:26 PM
  5. VNC, Remote Desktop, etc thread
    By Inox in forum Windows
    Replies: 11
    Last Post: 2nd August 2005, 10:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •