Mandatory profile works differently in XP??

[Pat Wisch]

Hello,

I really would like to find an answer to this question. I've
exhausted all the resources I have access to- Microsoft Knowledge
Base, Windows XP Resource Kit documentation, newsgroups...etc.
Microsoft wants $35 to talk to me about this, and I don't think I
should have to pay for an answer to this question.
My question is this:

I use mandatory profiles as part of how I lock down workstations in a
university computer lab. The mandatory profiles work differently with
Windows XP than they did with Windows 2000. The difference is that in
Windows XP the locally cached profile on the workstation is deleted
every time the computer is rebooted. This did not happen in Windows
2000. In Windows 2000, the locally cached profile would stay on the
workstation.
This new behavior in Windows XP is NOT desirable. If someone removes
the network cable from the workstation after a reboot, when they log
in they will get a profile based on the Default User which will not
have necessary group policy settings applied. This gives the user
access to parts of the file system we do not want them to access.

I would really like to find a way to make Windows XP NOT delete the
locally cached mandatory profile, in other words, the same behavior as
in Windows 2000. I know about the group policy setting available in
Computer Configuration\Administrative Templates\System\User Profiles
"Delete cached copies of roaming profiles" I have set that to
disabled, but apparently it doesn't work with mandatory profiles.

I know Microsoft people monitor this newsgroup, and I would really
appreciate if someone could let me know how to make the locally cached
profile not be removed at reboot.

Thanks.
Pat

 

[Pat Wisch]

Thanks to Craig from one of the Microsoft XP newsgroups, I have a
partial answer....
There is a registry value called RefCount in
HKLM\software\microsoft\windows
NT\currentversion\ProfileList\some-long-assed-user-SID

When the RefCount DWORD value is set to 1, the locally cached
mandatory profile remains after a reboot. The problem is that whenever
the mandatory profile user logs off, the RefCount value is set to 0.
If RefCount is 0, the locally cached mandatory profile is deleted.

I also determined that the locally cached mandatory profile is removed
at system startup, not when the system shuts down. (I logged in using
the recovery console, and the locally cached mandatory profile was
still there; after I let the system boot up, it was gone).

I have no idea what the RefCount value is supposed to do....it appears
that normally it is a value of 1 when a user is logged in, and a value
of 0 when the user logs out. It doesn't look like it matters what
type of profile it is, when a user is logged in, the value is 1; when
the user is logged out, the value is 0.

In any case, it may be a possible workaround. I've been messing around
with a group policy shutdown script that will set the RefCount value
to 1 at system shutdown. I use a utility called regini.exe to do this.
It worked, but I'll need to set that value for three different user
accounts with mandatory profiles that all share the same group policy.


It still would be better to have some nice clean registry setting that
would stick and prevent the mandatory profile from being deleted!