Windows 7 / Security and Privacy

Implementing Mandatory User Profiles

Mandatory user profiles are a type of roaming user profile. They can be used to maintain a higher security level and consistent environment for users. Although users can log on to different computers and get the same desktop settings, changes made to the desktop on the local computer will not be saved to the server where the mandatory user profiles are stored. Mandatory user profiles have the .man extension, for example, Ntuser.man.

To configure a mandatory user profile for a user, you set the user's profile path as previously discussed for roaming profiles. Then copy the profile that you want the user to have to the profile folder and change the name from Ntuser.dat to Ntuser.man. That's it-you rename the Ntuser.dat file to Ntuser.man using Windows Explorer, and it becomes a mandatory user profile.

Note:
Because profiles contain hidden system files, they aren't automatically displayed in Windows Explorer. Choose Folder Options from the Tools menu, and then click the View tab. Under Advanced Settings, select Show Hidden Files And Folders, clear the Hide Protected Operating System Files check box, and then click OK. Note also that a mandatory profile must be available for a user to log on. If for some reason the user profile becomes unavailable, the user will not be able to log on. Because of this, you should check the security on the profile to ensure that the user can access it.

Switching Between a Local and a Roaming User Profile

Sometimes you may want to switch from a roaming to a local user profile or vice versa. This could be for personal preference, you may be troubleshooting, or you may have a slow network connection and the roaming profile takes too long to download to the local computer.

To switch between local and roaming profiles, complete these steps:

  1. Click System And Maintenance\System in Control Panel. Under Tasks, click Advanced System Settings. This displays the System Properties dialog box with the Advanced tab selected.
  2. On the Advanced Tab, under User Profiles, click Settings. The User Profiles dialog box appears.
  3. After selecting the profile that is to be changed, click Change Type, and then select Roaming Profile or Local Profile as appropriate.
  4. Click OK three times.
Note:
You can change the profile type only if the profile was originally a roaming profile. If the change options aren't available, the user's profile was originally created as a local profile.
[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Users, Groups, and Computers
  2. Managing Domain User Accounts
  3. Configuring User Account Policies
  4. Enforcing Password Policy
  5. Configuring Account Lockout Policy
  6. Creating Password Settings Objects and Applying Secondary Settings
  7. Understanding User Account Capabilities, Privileges, and Rights
  8. Assigning User Rights
  9. Creating and Configuring Domain User Accounts
  10. Configuring Account Options
  11. Configuring Profile Options
  12. Troubleshooting User Accounts
  13. Implementing and Creating Preconfigured Profiles
  14. Configuring Local User Profiles
  15. Implementing Mandatory User Profiles
  16. Managing User Data
  17. Using Offline Files
  18. Configuring Offline Files on Clients
  19. Maintaining User Accounts
  20. Moving User Accounts
  21. Resetting a User's Domain Password
  22. Creating a User Account Password Backup
  23. Managing Groups
  24. Understanding the Scopes of Groups
  25. Creating a Group
  26. Creating group accounts at the command line
  27. Modifying Groups
  28. Managing Computer Accounts
  29. Moving a Computer Account
  30. Configuring Properties of Computer Accounts
  31. Troubleshooting Computer Accounts