To Create Profiles to and change to Mandatory Roaming

Download this DOC file

1> Create a TestProfile Account in the USERS Container (Not an OU) in AD for each Different Profile. Give it any name.

2> Make sure that you can login to the Domain from a Workstation with above Login.

3> Login into workstation using above and modify until it is the way you like it.

  • Icons
  • Start Menu and StartMenu Options
  • Active Desktop - Folder Options (view options)
  • Num Lock On if you want it.
  • Screen Saver
  • Taskbar
  • Appearance
  • Background
  • IE Settings - Temporary file settings, History, Home page
  • Run Office to get the Default Settings
  • Run all other programs once.

4> Login as Admin to the Workstation - Right Click My Computer - Go to Properties - Choose "Advanced" Tab - Under "User Profiles" Click Settings tab. This will show you all the profiles located in C:\Documents and Settings. Pick the Profile of the one one you created. (make sure it says Local) - Click the "Copy To Button" In the Location - Put a location. It can be anywhere on the server right now. Under "Permitted to Use" - Click "Change" and Change to "Everyone". Once this is done you can copy the profile folder to a Directory share you have created. Eg.\\Server\Profiles\Username\ .Logon . If you want the profile Share to be hidden, share it as Profiles$

5> If you want this to be the New Default User for your Domain then Copy the Profile to the NETLOGON share on your Server and make sure the folder is called Default User.

6> In AD, Under Profile for each student: Point to Profile SHARE (share of directory above). This makes the Profile Roaming.\\server\Profiles\username\

7> For Mandatory change user.dat to user.man in \\server\Profiles\username\. Also make sure the Profile Share Directory does not give the users "write" access to the File, only Read.

To Modify Profiles Using Regedit

See it on Video

1> There is a quicker way to fix little things that just need a few registry changes and it doesn't require logging in. It makes it simple to do multiple profiles one after the other. It does require using regedit.exe though so for those unfamiliar with regedit, the above solution would be more appropriate.

1> On the admin profile do the settings needed. Find the registry key affected and export it to a reg file (right click - export). Open it in notepad (right click - edit) and do a find and replace.
Eg. Find HKEY_CURRENT_USER Replace with HKEY_USERS\1
Note that the 1 here is just a variable. You can use whatever name you like as long as that is the key name you use when you load the user.man (below) Save the reg file.

2> Map a drive to the Profiles$ folder (or whereever your profiles folder is) Create a folder called !Modifying. COPY the user.man from the profile folder to the !Modifying Folder. The reason that you copy it is if it is open in regedit it cannot be used during that time.

3> Open Regedit and click on HKEY_USERS – Go to File – Load Hive. Find the !Modifying Folder above and click on the User.man. Give it the name 1. (This corresponds to the 1 above in HKEY_USERS)

4> Now you will see another registry key called 1 underneath HKEY_USERS which is essentially the "HKEY_CURRENT_USER" when a user logs on. 5> Now you can either make a manual change OR you can just click the about reg file that you created above. It will ask if you want to merge and click yes. As the file has the correct key it will automatically add those keys to the 1 key (user.man) you loaded. 6> When you are done modifying click on the Hive and choose UNLOAD HIVE. This is EXTREMELY important. The user.man will NOT be released by exiting Regedit. You HAVE to unload it. Copy/Move the user.man over top of the profile user.man

To Modify Mandatory Profiles after creating them

1> Create a User account on the server that doesn't have a profile OR Group Policy restrictions. Logon to a workstation once using that account. This will create a local profile folder.

2> Logon to workstation as an Administrator and map a drive to the profiles share containing the mandatory profile you want to modify. On the C:\ of the workstation open Documents and Settings and then the local profile folder for the account you used in step 1. Delete the CONTENTS (but not the upper folder). Copy the CONTENTS of the mandatory profile from the profiles share into the local profile folder. Rename ntuser.man to ntuser.dat.

3> Logoff and logon again as the user account in step one. You should now see the mandatory profile settings. You can now make any settings changes you wish.

4> Logoff and follow steps 4 - 7 in the section above "To create profiles".

5> I recommend making a backup of your previous Mandatory Profile before copying over the modified profile.