I haven't tested this, so be careful (make a copy of the profile
before changing anything).
The usual way to make a profile mandatory is to rename ntuser.dat
to ntuser.man. You can also make the profile folder read-only.
But watch your EventLog, I'm not sure if this (read-only profile
folder) is going to cause problems when logging off.
Note also that making a profile mandatory doesn't help much in
locking down a user account. The user will still be able to change
all kinds of settings during a session, he will only be unable to
save the changes.
If you want to lock down your TS users, Group Policy is the way to
go:
Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/pro...erver2003/tech
nologies/terminal/trmlckd.mspx
--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
"Tadashi Inayama" <(E-Mail Removed)> wrote on 06 maj 2005
in microsoft.public.win2000.termserv.clients:
> or does a mandatory profile need to be a roaming profile?
>
> how can I lock down a shared local profile?
>
> my problem is that there is shared acct running on both win2k
> and win2k3 terminal servers
> and the acct need to be locked down, roaming profiles do not
> work well going from win2k and win2k3
> servers, so it seemed easier to lock down the local profile for
> that acct on all of the win2k and win2k3
> terminal servers
>
> Thanks,
> Tadashi
Similar Threads
