You could have a unique mandatory profile for every user but in most
cases this would require extra work and disk space. Since most users
will be sharing the same mandatory profile. (For example all students
would share the same mandatory profile called "student_profile" and all staff would share
a mandatory profile called "staff_profile")
It is strongly recommended that you make the following registry change
on all of the NT workstations before you start using the mandatory or roaming
This registry entry will insure that the workstation uses the mandatory
profile from the server instead of a copy of the mandatory profile stored
on the workstation.
Edit or add the value DeleteRoamingCache as type REG_DWORD. Set it to 1.
You should also manually delete any profiles that have already
been created on the workstations.
- Create a generic user account (for example a user named #student_template) that will correspond to the mandatory profile.
Give this user the ability to Log on locally to the server.
- Logon to the server using the template account (#student_template).
A new directory with the same name as the user name
will be created in the %systemroot%\Profiles directory when you first log on.
For example, if the user name is #student_template, the resulting directory name will be C:\winnt\Profiles\#student_template.
- Log off, and then log back on to the same computer using an account with administrative privileges.
- Create a directory on the server where the profiles will be stored (I recommend creating a new directory like c:\profiles
instead of using the existing c:\winnt\profiles) The user accounts who
will have mandatory profiles need only Read permissions to the
- Establish this directory as a network share. This can be accomplished
by going into windows explorer, highlighting the directory and right clicking
the mouse button and then going into the sharing option. Select Shared as
to enable sharing. Then click Ok.
- In the \\server\share from the previous step, create the directory
that will contain the student profile information. (For example create
a directory called student_profile under the profiles share. So the entire
path would be c:\profiles\student_profile)
- From the Control Panel, click System. (You have to be logged on
as a user with administrative privledges for this step to work) From the User Profiles page,
select the template profile and use the Copy To option to
enter the path of the directory you created to hold the student profile
information (in this example it is c:\profiles\student_profile).
- Modify the permissions to allow the user or group to use the profile. To do this, click the Change button, select the account, and click OK. You can select any group or specific user when setting the permissions;
I recommend making it readable by Everyone.
The profile including the folder trees and the NTuser.xxx file originally included with the profile—is written to the location you designated. The permissions are also encoded into the binary NTuser.xxx file.
(In some situations, like if you have Internet Explorer 4.X installed,
this step may fail. If this happens you
will need to do a few extra steps which are explained in the document
Solving the Copy Profile Problem)
- Use User Manager to modify template profile.
Enter the new profile path for example: \\server_name\share_name\student_profile
- Using an NT workstation log onto the Domain as the template user.
- Modify any items that need to differ from the current default. You may
want to load the applications and modifity the settings in the applications.
For example you may want to set the default document location in Microsoft Word to
the users home directory.
- Log off the workstation
- Back on the server go to the directory that the profile was copied to, check
the NTUSER.xxx file for the .man extension. If the extension is .dat,
the profile will be a roaming profile that can be modified by the user.
Change the extension to .man in order to make it mandatory and unmodifiable.
At this time you should probably set the permissions on this profile directory and everything below it to read only
for everyone as well.
- Use User Manager to modify the profile of the accounts that will
use this account. Use the Control key in conjuction with the mouse
to select multiple users.
Enter the User Profile path for example: \\server_name\share_name\student_profile