Windows 7 / Networking

Super-Mandatory User Profiles

Windows 7 also supports super-mandatory profiles. A super-mandatory user profile is similar to a mandatory roaming user profile with one important addition. If network or server problems prevent the user from downloading the mandatory profile, the user is unable to log on.

With a regular mandatory user profile, the user is still able to log on even if the mandatory user profile is unavailable. As a reminder, when a roaming profile is used, it copies the profile to the local system. If a user has previously logged on to a system and has a copy of the profile on the system, Windows 7 will use this if the share for the roaming profile is unavailable.

If you want to ensure that users are not allowed to log on unless the mandatory profile is downloaded, you can configure the profile to be a super-mandatory user profile. A profile is created as a super-mandatory profile by renaming the profile folder with a .man extension.

Note You should use super-mandatory user profiles only when the network is reliable. If network problems prevent users from accessing the share where the profile is stored, users will be prevented from logging on at all.

As a reminder, to create a mandatory roaming profile, the ntuser.dat file (located at the root of the profile) is renamed to ntuser.man. This may be stored in a network share identified as \\DC1\Profiles.

If you want the profile to be a super-mandatory profile, you could name the share Profiles.man so that it's accessed using a UNC path of \\DC1\Profiles.man. In addition to appending the share with .man, you also need to ensure that the client is configured to access the share using the full UNC path, including .man (\\DC1\Profiles.man).

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Windows 7 in a Domain
  2. The Domain
  3. What is Wrong with Workgroups
  4. The Domain Concept
  5. Active Directory
  6. Domain Security
  7. Joining a Domain
  8. Windows 7 Offline Domain Join
  9. Browsing the Domain
  10. Searching the Domain
  11. Custom Searches
  12. Assigning Permissions to Domain Members
  13. The Double-Thick Security Trick
  14. Creating a Test Bed
  15. Creating a Domain
  16. Installing Windows Server 2008 on vPC
  17. Configuring a Windows Server 2008 Server
  18. Promoting a Server to a Domain Controller
  19. Joining Windows 7 to a Domain
  20. Authentication vs Authorization
  21. Authentication
  22. Authorization
  23. Built-in Groups
  24. Organizing Users with Groups
  25. Group Scope and Group Type
  26. Creating Users and Groups in a Domain
  27. Using HomeGroup with a Domain-Based Computer
  28. Identifying and Resolving Logon Issues
  29. Hardware vs. Network
  30. Using Cached Credentials
  31. Password Expiration
  32. Determining Logon Context
  33. Logon Hours Compliance
  34. Restricting Computer Access
  35. Time Synchronization
  36. Understanding User Profiles
  37. Standard Profiles
  38. Roaming Profiles
  39. Implementing Roaming Profiles
  40. Mandatory Profiles
  41. Super-Mandatory User Profiles
  42. Modifying the Default User Profile
  43. Configuring Settings with Scripts
  44. Anti-Malware Software
  45. Microsoft Windows 7 Defender
  46. Third-Party Anti-malware Software