Guest Joseph T Corey Posted September 21, 2007 Posted September 21, 2007 Has anyone successfully created a terminal server environment where you had non-roaming mandatory profiles? I'd like to take the idea of a mandatory profile and apply it to all new local accounts that are created, but for numerous reasons I can't use roaming or TS roaming profiles. I'd accept a solution that just deleted the local account at logoff. I've looked at delprof, but that seems to be better suited as a startup or shutdown script. Any help is appreciated! -- Joseph T. Corey MCSE, Security+ Systems Administrator jcorey@cmu.edu
Guest Lanwench [MVP - Exchange] Posted September 21, 2007 Posted September 21, 2007 Re: Non-Roaming mandatory profiles Joseph T Corey <jcorey@andrew.cmu.edu> wrote: > Has anyone successfully created a terminal server environment where > you had non-roaming mandatory profiles? I'd like to take the idea of > a mandatory profile and apply it to all new local accounts that are > created, but for numerous reasons I can't use roaming or TS roaming > profiles. I'd accept a solution that just deleted the local account > at logoff. I've looked at delprof, but that seems to be better suited > as a startup or shutdown script. Any help is appreciated! Hmmm. What's your actual goal, overall? You can delete cached copies of profiles easily via group policy, but I don't know if it works with local-only policies (I don't use those). What's the reason you can't use a TS profile? There won't be any data stored in it, if you use folder redirection as you should be doing anyway, note..... By mandatory, do you mean, ntuser.man? If you're going to delete/recreate the profile every time, why bother? (and no, I don't know how you could do it anyway). You might try crossposting in m.p.windows.terminal_services and m.p.windows.group_policy for more expert help. I'm sure you can kluge something together but I'm no guru there.
Guest Joseph T Corey Posted September 21, 2007 Posted September 21, 2007 Re: Non-Roaming mandatory profiles My goal is to lose the profile when a user logs out to meet requirements for data retention. Group Policy can only accomplish this when you're using roaming profiles. Why I can't use roaming profiles isn't important. I'm looking to see if anyone has come up with a solution that deals with local profiles. I've tried running "delprof" and "rd /q /s '%userprofile%'" as a logoff script, but it still keeps certain pieces of the profile that are still in use. Most importantly it hasn't unloaded the registry when the logoff scripts execute so the ntuser.dat file remains. -- jc "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl... > Joseph T Corey <jcorey@andrew.cmu.edu> wrote: >> Has anyone successfully created a terminal server environment where >> you had non-roaming mandatory profiles? I'd like to take the idea of >> a mandatory profile and apply it to all new local accounts that are >> created, but for numerous reasons I can't use roaming or TS roaming >> profiles. I'd accept a solution that just deleted the local account >> at logoff. I've looked at delprof, but that seems to be better suited >> as a startup or shutdown script. Any help is appreciated! > > Hmmm. What's your actual goal, overall? > > You can delete cached copies of profiles easily via group policy, but I > don't know if it works with local-only policies (I don't use those). > What's the reason you can't use a TS profile? There won't be any data > stored in it, if you use folder redirection as you should be doing anyway, > note..... > > By mandatory, do you mean, ntuser.man? If you're going to delete/recreate > the profile every time, why bother? (and no, I don't know how you could do > it anyway). > > You might try crossposting in m.p.windows.terminal_services and > m.p.windows.group_policy for more expert help. I'm sure you can kluge > something together but I'm no guru there. >
Guest Lanwench [MVP - Exchange] Posted September 21, 2007 Posted September 21, 2007 Re: Non-Roaming mandatory profiles Joseph T Corey <jcorey@andrew.cmu.edu> wrote: > My goal is to lose the profile when a user logs out to meet > requirements for data retention. Group Policy can only accomplish > this when you're using roaming profiles. Right - or, I think, TS profiles. > > Why I can't use roaming profiles isn't important. Well, a TS profile isn't really a roaming profile, but I imagine you have some reason for not wanting to use that either. > I'm looking to see > if anyone has come up with a solution that deals with local profiles. > I've tried running "delprof" and "rd /q /s '%userprofile%'" as a > logoff script, but it still keeps certain pieces of the profile that > are still in use. Most importantly it hasn't unloaded the registry > when the logoff scripts execute so the ntuser.dat file remains. What about installing the user profile hive cleanup utility to see if it helps? I really can't think of any way to do this, but perhaps someone else will chime in. > > -- jc > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl... >> Joseph T Corey <jcorey@andrew.cmu.edu> wrote: >>> Has anyone successfully created a terminal server environment where >>> you had non-roaming mandatory profiles? I'd like to take the idea >>> of a mandatory profile and apply it to all new local accounts that >>> are created, but for numerous reasons I can't use roaming or TS >>> roaming profiles. I'd accept a solution that just deleted the local >>> account at logoff. I've looked at delprof, but that seems to be >>> better suited as a startup or shutdown script. Any help is >>> appreciated! >> >> Hmmm. What's your actual goal, overall? >> >> You can delete cached copies of profiles easily via group policy, >> but I don't know if it works with local-only policies (I don't use >> those). What's the reason you can't use a TS profile? There won't be >> any data stored in it, if you use folder redirection as you should >> be doing anyway, note..... >> >> By mandatory, do you mean, ntuser.man? If you're going to >> delete/recreate the profile every time, why bother? (and no, I don't >> know how you could do it anyway). >> >> You might try crossposting in m.p.windows.terminal_services and >> m.p.windows.group_policy for more expert help. I'm sure you can kluge >> something together but I'm no guru there.
Guest Joseph T Corey Posted September 24, 2007 Posted September 24, 2007 Re: Non-Roaming mandatory profiles I was thinking along the same lines with the user profile hive cleanup but it doesn't unload the profile fast enough. I'm pretty sure this is by design because I think you're able to perfrom user registry actions with a logoff script (thus the reason I can't delete ntuser.dat with logoff script). For now I've schedule delprof every 30 minutes which greatly limits the amount of time a profile is available. Hopefully this meets my requirements for now, but I'd still love to hear if anyone is successfully doing this on the fly. -- Joseph Corey MCSE, Security+ jcorey@cmu.edu "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:u7s55yG$HHA.484@TK2MSFTNGP06.phx.gbl... > Joseph T Corey <jcorey@andrew.cmu.edu> wrote: >> My goal is to lose the profile when a user logs out to meet >> requirements for data retention. Group Policy can only accomplish >> this when you're using roaming profiles. > > Right - or, I think, TS profiles. >> >> Why I can't use roaming profiles isn't important. > > Well, a TS profile isn't really a roaming profile, but I imagine you have > some reason for not wanting to use that either. > >> I'm looking to see >> if anyone has come up with a solution that deals with local profiles. >> I've tried running "delprof" and "rd /q /s '%userprofile%'" as a >> logoff script, but it still keeps certain pieces of the profile that >> are still in use. Most importantly it hasn't unloaded the registry >> when the logoff scripts execute so the ntuser.dat file remains. > > What about installing the user profile hive cleanup utility to see if it > helps? > > I really can't think of any way to do this, but perhaps someone else will > chime in. >> >> -- jc >> >> "Lanwench [MVP - Exchange]" >> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >> message news:eWhExAG$HHA.3548@TK2MSFTNGP06.phx.gbl... >>> Joseph T Corey <jcorey@andrew.cmu.edu> wrote: >>>> Has anyone successfully created a terminal server environment where >>>> you had non-roaming mandatory profiles? I'd like to take the idea >>>> of a mandatory profile and apply it to all new local accounts that >>>> are created, but for numerous reasons I can't use roaming or TS >>>> roaming profiles. I'd accept a solution that just deleted the local >>>> account at logoff. I've looked at delprof, but that seems to be >>>> better suited as a startup or shutdown script. Any help is >>>> appreciated! >>> >>> Hmmm. What's your actual goal, overall? >>> >>> You can delete cached copies of profiles easily via group policy, >>> but I don't know if it works with local-only policies (I don't use >>> those). What's the reason you can't use a TS profile? There won't be >>> any data stored in it, if you use folder redirection as you should >>> be doing anyway, note..... >>> >>> By mandatory, do you mean, ntuser.man? If you're going to >>> delete/recreate the profile every time, why bother? (and no, I don't >>> know how you could do it anyway). >>> >>> You might try crossposting in m.p.windows.terminal_services and >>> m.p.windows.group_policy for more expert help. I'm sure you can kluge >>> something together but I'm no guru there. > > >
Recommended Posts