No announcement yet.

Use same Local profile for all AD users

  • Filter
  • Time
  • Show
Clear All
new posts

  • Use same Local profile for all AD users


    I have a group of computers joined to an AD domain that are running windows 7 Enterprice and the DCs are windows 2008 R2. My objective is to get all of these computers (about 50 of them) so that when any AD user logs in they all use the same profile folder under C:\Users. This means that they would all have the same desktop, my documents, libraries and registry (HKLU). I have control over some (about 10%) of the users that will be accessing these 50 computers but most reside out of the OU that I manage so I figured I would have to use some sort of GPO loopback for this to happen. I have been looking around for a way to do this but unfortunately I have not come accross anything that will let me do this.

    However, recently I was taking a class a my local college and I notice that on the school's computer (also windows 7) when a user logs in (with their own individual AD credentials) they all get the same desktop. Upon closer inspection, any user that logged into a classroom computer got redirected to use the C:\users\classroomuser profile. This means that if I leave a file on the desktop and log out then the next user that logs in to that computer also sees that file in their desktop. I checked the permissions for 'C:\users\classroomuser' and it looks like 'everyone', 'administrators' and 'classroomuser' all have full access to that folder and its decendants. I looked some more and it seems that domain users is part of their local administrators group as well. And although this is a big no-no, they do have a price of software installed on all their PCs that allows them to restore the systems back with a simple reboot in the event that someone trashes it. In either case, I kept looking around to try and figure out how they were doing this so a ran a rsop.msc command to see what policies they were using to do this but I couldn't see anything outside of firewall settings, and regular system lockdown info. I looked in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and noticed that there were only two listed users (aside from the builtin stuff) one was classroomuser and one was my own. However, they both had the same value for 'ProfileImagePath'.

    My questions are, how did they manage to do set the value of that ProfileImagePath variable for my user when I logged into the system if I did not see this under any setting on GPO? how can I achieve the same functionality?

  • #2
    Re: Use same Local profile for all AD users

    Redirected folders most likely.
    Please do show your appreciation to those who assist you by leaving Rep Point