I'm facing a challenge where the majority of our devices use standard user profiles, but for a small group (around 10%), we need all users who log in to use mandatory profiles. These users also access the other 90% of devices, so I need a solution that works across the board. Initially, I thought about creating an Organizational Unit (OU) for those 10% of computers. However, I've come across various guides that suggest simply renaming the ntuser.dat file to ntuser.man, but I'm unsure how to do this if the user has never logged into the computer before. Any advice on how to effectively set this up?
3 Answers
It sounds like you're tackling a tricky issue. The key is to create the mandatory profile on one machine first. Once that's done, you can set up a Group Policy Object (GPO) that copies the mandatory profile file to each device in your designated OU. You’ll also want to use a GPO to create the local user on each machine too. This way, it streamlines the process across your different devices. Good luck!
Before doing anything, it's important to create the mandatory profile on one computer first. After that, setting up the GPO to transfer that profile to all relevant devices will save you a lot of hassle. And remember to set up the local user account via GPO too!
Have you looked into the specifics of the guides you mentioned? It sounds like you might be misunderstanding them. Check out the guides related to mandatory profiles on official websites. They often have more detailed instructions that can clarify your questions.
Yeah, some of those guides can be a bit misleading. I found information on Microsoft Learn that could help you out. It talks about creating mandatory profiles but make sure to follow the specific steps for your environment.
Great advice! I’ve seen that method work well. Just keep in mind what needs to be included in that mandatory profile, as there’s a chance there might be a simpler solution, like a kiosk setup, that could resolve your issue without the mandatory profiles.