Sharing one profile for a lab (WinXP profiles)
I have asked similar questions in the past, but I am still unclear to the best method.
Windows XP workstations on a Windows server 2003 domain.
My goal: Have one user account "lab" that shares a profile. I want to make changes to one profile and have it replicate to all computers. Thus far, I am using a roaming profile to accomplish this. I am able to copy a file or create a link on one and when the next person logs in everything is there. Also, I need to use the profile at the same time. I need 20-30 computers to be logged in at the same time using the same username.
I have tried both roaming profiles (with and without folder redirection) and folder redirection by itself.) The main purpose is to share the desktop.
I want to deny access to my documents as well as the ability to change anything. I have changed the profile to a mandatory profile, but it seems the users can save files to the local profile then the local profile copies to the server. I found a setting in group policy to disable merging local profiles to the server.
Summary: Share one username/profile (at the same time) on multiple computers and deny any changes or saving.
Thanks everyone.
Software/Hardware used:
Software/Hardware used:
ASKED:
November 21, 2006 4:17 PM
UPDATED:
November 24, 2006 2:27 PM
Answer Wiki:
If you don't want anyone to be able to change the desktop profile (except temporarily on their own loged workstation) - use mandatory profiles. Simply change your roaming profile "user.dat" to "user.man". Do that on the server NOT the workstation. Then log each machine on once. You should see user.man in the local copy too. Make the User.man file NTFS read-only for users on the server. The same for the serverside START menu & desktop etc. Not 100% sure you can safely set the serverside profile folder read-only without impact to applications though.
You can of course adminstratively change the desktop by copying the revised desktop profile "user.dat" off a local machine to the server then changing it to "user.man".
To make the desktop common to multiple users...well simply using the same username at logon will do the job. However if you want to track logons separately etc, you could also simply point all roaming profiles at the same profile directory on the server (no %username% variable - just //profileserver/profile/mandatory for every account) using a template account to create the actual accounts.
Deny My Documents? Well if you do the above with a common mandatory profile for all accounts (or single account) you could redirect the folders to a common server folder and then make it NTFS read only (with text file to say why) or deny all access. I am thinking there might be a GPO setting to remove My Documents as well.
To see all answers submitted to the Answer Wiki: View Answer History.
I have changed the profile to a .MAN, but I need to stop the changes from happening in the first place because the computer is not logged off between users. There is another piece of software that takes care of logging in/off users that runs on top of Windows. Is there a way to block writing to the hard drive all together? or will this stop applications/temp files as well?