How to make a mandatory profile for Immidio Flex Profiles Advanced Edition Disclosure and Warranty The information, concepts, and ideas contained in this document are the property of Immidio. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Immidio. Any product descriptions or representations in this document are for identification purposes only and are not to be construed as a warranty of specific properties or guarantee or warranty of any other type. Immidio shall assume no liability, either explicit or implied, for the documentation. Information in this document, including URL and other Internet Web site references, is subject to change without notice. All sample code described in this document is provided by Immidio for illustrative purposes only. These examples have not been thoroughly tested under all conditions. Immidio, therefore, cannot guarantee or imply reliability, serviceability, or functionality of these programs or code examples. All brand names and product names used in this document are trademarks of their respective holders and are recognized as such. © 2008-2010 Immidio. All rights reserved. Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 2 Contents How to make a mandatory profile .......................................................................................................4 Create a user...................................................................................................................................4 Create a share for the mandatory userprofile ..................................................................................6 Copy and Rename the profile template ...........................................................................................7 Settings permissions .......................................................................................................................9 Renaming NTUSER.DAT ................................................................................................................. 12 Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 3 How to make a mandatory profile This document describes how to make a mandatory profile in Windows 7, Windows 2008 or Windows 2008 R2. Create a user Make a local user on the Windows 2008 R2 server Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 4 Make the user member of the local administrators group on your server Login with this user and… Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 5 …customize the template profile (for example by adding or renaming some icons) Logoff and login again with another (domain) administrator account Create a share for the mandatory userprofile Create a share on your file server and set share permissions to Everyone on Reader… Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 6 …and NTFS permissions to Authenticated Users, Read and Execute Copy and Rename the profile template Now that we’ve created a share, copy the complete template profile folder from the C:\Users directory to the new share Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 7 Rename the template folder to <templatename>.V2 (You have to add the .V2 in the name of your folder, because it’s the new profile type in Windows Vista, Windows 7, Windows Server 2008 and 2008 R2) Delete the Local and LocalLow folders from the AppData folder (Make sure your hidden files are visible) Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 8 Setting permissions The next step is to set the right permissions on the mandatory profile, open REGEDIT and load the NTUSER.DAT hive Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 9 Right-click on the Mandatory profile and choose permissions Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 10 Delete the template user and add the Authenticated Users (Full Control) Unload the NTUSER.DAT from your registry (Very important ! Otherwise your settings won't be saved) Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 11 Renaming NTUSER.DAT Rename the NTUSER.DAT to NTUSER.MAN When you configure a GPO to specify the location of the Mandatory profile, you’ve to choose to following location: \\<servername>\<sharename>\<templatename> without the .V2! Immidio Flex Profiles Advanced Edition – © 2010 Immidio Author: R. Wiesemann – Systems Engineer Immidio 12