Re: prevent users from saving to local profile

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"tony" wrote:
> I am using document, desktop, application, start menu
> redirection. for all
> users however the user can still navigate to
> their own profile under the local machine
>
> c:Documents and SettingsUsername and save stuff there.
>
> what do I have to do to restrict them from writing to this
> profile?
>
> I really dont want them to create any local profile on the
> local machine as
> these are lab machines and dont want them to be
> cluttered with stuff.

Hi,

First of all, Hide Drives in My Computer Group Policy will stop the
navigation. There is no way to prevent the profile downloading as the
OS is built that way. There are, however, ways to have the profile
deleted on logoff. It works "most" of the time so I also have a
startup script that cleans out everything in the C:\Documents and
Settings except the Default and All Users.

1> Group Policy done on COMPUTER OU (not at the Domain GP).
Computer Config- Windows Settings - Security Settings - Local Policies
- Security Options - "Interactive Logon: Number of previous logons to
cache = 0

2> This setting can be done on Domain GP.
Computer Config - Admin Templates - System - User Profiles - "Delete
cached copies of roaming profiles" = Enabled.

Batch file I use as a startup script on my Computers (In group policy)


<start script>

@echo off
pushd "C:\Documents and Settings"

set Exempt=*Administrator* *All Users* *Default User* *LocalService*
*NetworkService*
for /d %%a in (*.*) do echo %Exempt% | find /i "*%%a*" > nul ||
rmdir /s /q "%%a"
popd

<end script>

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-prevent-users-saving-local-profile-ftopict374438.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1216580
.

Relevant Pages

  • Re: Disappointing SBS 2003 Experience
    ... And IMHO that's a workstation issue not a server experience ... The old profile is under the documents and settings the old profile ... Can't get to My Documents in the local machine that were there ...
    (microsoft.public.windows.server.sbs)
  • Re: New computer, several domain users, profile problems
    ... you may use GPO to remove their local profile at logoff (they would have a roaming profile not to loose their settings) ... I logged on as local machine administrator, ... When I logged on as the domain user, ...
    (microsoft.public.windows.server.general)
  • RE: Private settings on my laptop
    ... am still getting the same "can not migrate profile because user settings are ... NOTHING is marked private. ... I understand that you cannot copy profile to domain ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: "Classic logon" screen in XP does not remeber the user name
    ... If you used the File and Settings ... that you can access them fine in the profile you want to use them in. ... and log onto a workstation, that workstation immediately goes to a ... you can work from the server and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Internet Explorercache (further info)
    ... Just for future reference for you...Zone Alarm and Mailwasher are not ... > It is looking more like I will need to delete the profile and then rebuild ... > this saves user settings in IE, OE, My Documents, Mailwasher etc, so in ... > the restore facility in Eazy Backup, it should also put my desktop ...
    (microsoft.public.windows.inetexplorer.ie6.browser)