Non-Roaming mandatory profiles

  • Thread starter Thread starter Joseph T Corey
  • Start date Start date
J

Joseph T Corey

Guest
Has anyone successfully created a terminal server environment where you had
non-roaming mandatory profiles? I'd like to take the idea of a mandatory
profile and apply it to all new local accounts that are created, but for
numerous reasons I can't use roaming or TS roaming profiles. I'd accept a
solution that just deleted the local account at logoff. I've looked at
delprof, but that seems to be better suited as a startup or shutdown script.
Any help is appreciated!

--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@cmu.edu
 
Re: Non-Roaming mandatory profiles

Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
> Has anyone successfully created a terminal server environment where
> you had non-roaming mandatory profiles? I'd like to take the idea of
> a mandatory profile and apply it to all new local accounts that are
> created, but for numerous reasons I can't use roaming or TS roaming
> profiles. I'd accept a solution that just deleted the local account
> at logoff. I've looked at delprof, but that seems to be better suited
> as a startup or shutdown script. Any help is appreciated!

Hmmm. What's your actual goal, overall?

You can delete cached copies of profiles easily via group policy, but I
don't know if it works with local-only policies (I don't use those). What's
the reason you can't use a TS profile? There won't be any data stored in it,
if you use folder redirection as you should be doing anyway, note.....

By mandatory, do you mean, ntuser.man? If you're going to delete/recreate
the profile every time, why bother? (and no, I don't know how you could do
it anyway).

You might try crossposting in m.p.windows.terminal_services and
m.p.windows.group_policy for more expert help. I'm sure you can kluge
something together but I'm no guru there.
 
Re: Non-Roaming mandatory profiles

My goal is to lose the profile when a user logs out to meet requirements for
data retention. Group Policy can only accomplish this when you're using
roaming profiles.

Why I can't use roaming profiles isn't important. I'm looking to see if
anyone has come up with a solution that deals with local profiles. I've
tried running "delprof" and "rd /q /s '%userprofile%'" as a logoff script,
but it still keeps certain pieces of the profile that are still in use. Most
importantly it hasn't unloaded the registry when the logoff scripts execute
so the ntuser.dat file remains.

-- jc

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl...
> Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
>> Has anyone successfully created a terminal server environment where
>> you had non-roaming mandatory profiles? I'd like to take the idea of
>> a mandatory profile and apply it to all new local accounts that are
>> created, but for numerous reasons I can't use roaming or TS roaming
>> profiles. I'd accept a solution that just deleted the local account
>> at logoff. I've looked at delprof, but that seems to be better suited
>> as a startup or shutdown script. Any help is appreciated!
>
> Hmmm. What's your actual goal, overall?
>
> You can delete cached copies of profiles easily via group policy, but I
> don't know if it works with local-only policies (I don't use those).
> What's the reason you can't use a TS profile? There won't be any data
> stored in it, if you use folder redirection as you should be doing anyway,
> note.....
>
> By mandatory, do you mean, ntuser.man? If you're going to delete/recreate
> the profile every time, why bother? (and no, I don't know how you could do
> it anyway).
>
> You might try crossposting in m.p.windows.terminal_services and
> m.p.windows.group_policy for more expert help. I'm sure you can kluge
> something together but I'm no guru there.
>
 
Re: Non-Roaming mandatory profiles

Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
> My goal is to lose the profile when a user logs out to meet
> requirements for data retention. Group Policy can only accomplish
> this when you're using roaming profiles.

Right - or, I think, TS profiles.
>
> Why I can't use roaming profiles isn't important.

Well, a TS profile isn't really a roaming profile, but I imagine you have
some reason for not wanting to use that either.

> I'm looking to see
> if anyone has come up with a solution that deals with local profiles.
> I've tried running "delprof" and "rd /q /s '%userprofile%'" as a
> logoff script, but it still keeps certain pieces of the profile that
> are still in use. Most importantly it hasn't unloaded the registry
> when the logoff scripts execute so the ntuser.dat file remains.

What about installing the user profile hive cleanup utility to see if it
helps?

I really can't think of any way to do this, but perhaps someone else will
chime in.
>
> -- jc
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl...
>> Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
>>> Has anyone successfully created a terminal server environment where
>>> you had non-roaming mandatory profiles? I'd like to take the idea
>>> of a mandatory profile and apply it to all new local accounts that
>>> are created, but for numerous reasons I can't use roaming or TS
>>> roaming profiles. I'd accept a solution that just deleted the local
>>> account at logoff. I've looked at delprof, but that seems to be
>>> better suited as a startup or shutdown script. Any help is
>>> appreciated!
>>
>> Hmmm. What's your actual goal, overall?
>>
>> You can delete cached copies of profiles easily via group policy,
>> but I don't know if it works with local-only policies (I don't use
>> those). What's the reason you can't use a TS profile? There won't be
>> any data stored in it, if you use folder redirection as you should
>> be doing anyway, note.....
>>
>> By mandatory, do you mean, ntuser.man? If you're going to
>> delete/recreate the profile every time, why bother? (and no, I don't
>> know how you could do it anyway).
>>
>> You might try crossposting in m.p.windows.terminal_services and
>> m.p.windows.group_policy for more expert help. I'm sure you can kluge
>> something together but I'm no guru there.
 
Re: Non-Roaming mandatory profiles

I was thinking along the same lines with the user profile hive cleanup but
it doesn't unload the profile fast enough. I'm pretty sure this is by design
because I think you're able to perfrom user registry actions with a logoff
script (thus the reason I can't delete ntuser.dat with logoff script).

For now I've schedule delprof every 30 minutes which greatly limits the
amount of time a profile is available. Hopefully this meets my requirements
for now, but I'd still love to hear if anyone is successfully doing this on
the fly.

--
Joseph Corey
MCSE, Security+
jcorey@cmu.edu

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:u7s55yG$HHA.484@TK2MSFTNGP06.phx.gbl...
> Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
>> My goal is to lose the profile when a user logs out to meet
>> requirements for data retention. Group Policy can only accomplish
>> this when you're using roaming profiles.
>
> Right - or, I think, TS profiles.
>>
>> Why I can't use roaming profiles isn't important.
>
> Well, a TS profile isn't really a roaming profile, but I imagine you have
> some reason for not wanting to use that either.
>
>> I'm looking to see
>> if anyone has come up with a solution that deals with local profiles.
>> I've tried running "delprof" and "rd /q /s '%userprofile%'" as a
>> logoff script, but it still keeps certain pieces of the profile that
>> are still in use. Most importantly it hasn't unloaded the registry
>> when the logoff scripts execute so the ntuser.dat file remains.
>
> What about installing the user profile hive cleanup utility to see if it
> helps?
>
> I really can't think of any way to do this, but perhaps someone else will
> chime in.
>>
>> -- jc
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl...
>>> Joseph T Corey <jcorey@andrew.cmu.edu> wrote:
>>>> Has anyone successfully created a terminal server environment where
>>>> you had non-roaming mandatory profiles? I'd like to take the idea
>>>> of a mandatory profile and apply it to all new local accounts that
>>>> are created, but for numerous reasons I can't use roaming or TS
>>>> roaming profiles. I'd accept a solution that just deleted the local
>>>> account at logoff. I've looked at delprof, but that seems to be
>>>> better suited as a startup or shutdown script. Any help is
>>>> appreciated!
>>>
>>> Hmmm. What's your actual goal, overall?
>>>
>>> You can delete cached copies of profiles easily via group policy,
>>> but I don't know if it works with local-only policies (I don't use
>>> those). What's the reason you can't use a TS profile? There won't be
>>> any data stored in it, if you use folder redirection as you should
>>> be doing anyway, note.....
>>>
>>> By mandatory, do you mean, ntuser.man? If you're going to
>>> delete/recreate the profile every time, why bother? (and no, I don't
>>> know how you could do it anyway).
>>>
>>> You might try crossposting in m.p.windows.terminal_services and
>>> m.p.windows.group_policy for more expert help. I'm sure you can kluge
>>> something together but I'm no guru there.
>
>
>
 

Similar threads

J
Windows 10 Mandatory Roaming User profiles
Replies
0
Views
194
Justin Schneider
J
M
Windows 10 Future of Roaming Profiles
Replies
0
Views
157
Mike Sandells
M
J
Non-Roaming mandatory profiles
Replies
1
Views
202
Johan Strange
J
A
Delete cached local copy of mandatory profile and non roaming domain user profiles ?
Replies
6
Views
360
Lanwench [MVP - Exchange]
L
AWS
Here’s the full change log for iOS 5 beta 5
Replies
0
Views
244
AWS
AWS
Back
Top