Announcement

Collapse
No announcement yet.

Static profiles

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Static profiles

    Hi,

    I'm looking for a way to force all domain users to use a single profile. I want them to be unable to change the profile in any way. Users will only be using IE in kiosk mode, so I want to lock down their systems as much as possible with GPOs, but many settings (such as keyboard shortcuts) appear to require user-specific options in the registry or their profile.

    System is set up as a domain with 2008 Server and Vista clients. All accounts are domain accounts.

    Thanks,

  • #2
    Re: Static profiles

    Have a look at Mandatory Profiles - they may do what you want.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Static profiles

      Hi,

      Thanks for that tip, I've managed to implement something along those lines, using a profile on a share with read only permission for users. I've also specified a GPO forcing use of the server roaming profile and preventing it updating on logoff. So far so good.

      However, it now gives a warning message when the user logs off saying it was unable to fully synchronise the profile with the server, check the event log. Is this error message normal? Is there a way to prevent it showing and logging an event for this functionality? Have I perhaps set it up incorrectly?

      Thanks,

      Comment


      • #4
        Re: Static profiles

        The error is normal considering that you've denied write access to the share, but since you've configured the profile not to be updated, I'm not sure if that should still be appearing or not. Could you post details of exactly what settings you've configured?
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Static profiles

          GPO:

          Computer Configuration -> Administrative Templates -> System -> User Profiles

          Delete cached copies of roaming profiles: Enabled
          Do not log users on with temporary profiles: Enabled
          Prevent Roaming Profile changes from propagating to the server: Enabled
          Wait for remote user profile: Enabled

          ADU&C -> Users -> Test User -> Profile
          Profile path: \\server\Profiles\DefaultUser\

          "Users" have Read permission on the Profiles folder.
          Profiles folder is shared with Read permission to "Users"
          "Users" have Read & Execute and List Contents on subfolders.

          Comment

          Working...
          X