can you make a local profile into a mandatory profile?

  • Thread starter Tadashi Inayama
  • Start date
T

Tadashi Inayama

or does a mandatory profile need to be a roaming profile?

how can I lock down a shared local profile?

my problem is that there is shared acct running on both win2k and win2k3
terminal servers
and the acct need to be locked down, roaming profiles do not work well going
from win2k and win2k3
servers, so it seemed easier to lock down the local profile for that acct on
all of the win2k and win2k3
terminal servers

Thanks,
Tadashi
 
V

Vera Noest [MVP]

I haven't tested this, so be careful (make a copy of the profile
before changing anything).

The usual way to make a profile mandatory is to rename ntuser.dat
to ntuser.man. You can also make the profile folder read-only.

But watch your EventLog, I'm not sure if this (read-only profile
folder) is going to cause problems when logging off.

Note also that making a profile mandatory doesn't help much in
locking down a user account. The user will still be able to change
all kinds of settings during a session, he will only be unable to
save the changes.

If you want to lock down your TS users, Group Policy is the way to
go:

Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
nologies/terminal/trmlckd.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Terminal server and deleting local profiles 1
Security Groups and Mandatory Profiles... 1
roaming profile problems 1
Terminal Server roaming profiles 1
Licensing W2K TS in Windows 2003 Domain/Forest 2
roaming profiles 2
Local / Roaming Protocol 1
very strane problem with a mandatory profile 4

Top