Create a mandatory user profile

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a mandatory user profile

  1. Open Active Directory Users and Computers.

  2. In the details section, right-click the applicable user account, and then click Properties.

    Where?

    • Active Directory Users and Computers/applicabledomain/applicable container (such as Users)/applicable user account

  3. Click the Profile tab.

  4. In Profile path, type the path information ending with the .man file name extension.

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  • A mandatory user profile is a preconfigured user profile. The user can still modify the desktop, but the changes are not saved when the user logs off. The next time the user logs on, the mandatory user profile is downloaded again. User profiles become mandatory when you rename the NTuser.dat file on the server to NTuser.man. This extension makes the user profile read-only.

  • Mandatory user profiles do not allow changes to be applied to the user profile stored on the server.

  • Profile management should be done preferentially by policy. Mandatory profile use, although permitted, is less manageable and more prone to create administration problems, thus it is not recommended.

  • Use a full path in each user account:

    **\\Server\ShareName\**UserName

    For ShareName, create a Profiles folder if it does not already exist, and share the folder with authenticated users allowing read-only permissions. The shared folder must be created before the user profile can be used.

  • To provide better security, user profiles and home folders should be created on an NTFS volume.

  • When creating a mandatory profile, make sure you set the appropriate access permissions for the user or groups of users who will use this profile.

  • You can also create a mandatory user profile by using Windows Explorer to rename the NTuser.dat file to NTuser.man.

  • The administrator can assign the same mandatory user profile to as many users as needed.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Working with MMC console files
User profiles overview
Using roaming user profiles