can you make a local profile into a mandatory profile?

  • Thread starter Thread starter Tadashi Inayama
  • Start date Start date
T

Tadashi Inayama

or does a mandatory profile need to be a roaming profile?

how can I lock down a shared local profile?

my problem is that there is shared acct running on both win2k and win2k3
terminal servers
and the acct need to be locked down, roaming profiles do not work well going
from win2k and win2k3
servers, so it seemed easier to lock down the local profile for that acct on
all of the win2k and win2k3
terminal servers

Thanks,
Tadashi
 
I haven't tested this, so be careful (make a copy of the profile
before changing anything).

The usual way to make a profile mandatory is to rename ntuser.dat
to ntuser.man. You can also make the profile folder read-only.

But watch your EventLog, I'm not sure if this (read-only profile
folder) is going to cause problems when logging off.

Note also that making a profile mandatory doesn't help much in
locking down a user account. The user will still be able to change
all kinds of settings during a session, he will only be unable to
save the changes.

If you want to lock down your TS users, Group Policy is the way to
go:

Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
nologies/terminal/trmlckd.mspx
 
Back
Top