View Single Post
  #3  
Old February 5th 10, 08:48 PM posted to microsoft.public.windowsxp.security_admin
json
external usenet poster
 
Posts: 3
Default Default profile by Workstation

To set up a "Default profile":

1.Configure one particular model user account completely and exactly as you
wish. (This might be easier if you use a local [not domain] user such as "Any
User" or "Template", particularly if the machine hasn't joined a domain yet.)
The user account for this purpose shouldn't be used normally and should be a
local user. Sometimes you'll need to create a brand new user (ex: "Model")
for this.
2.Reboot, then log in as some user with Administrator rights but not the
user you configured. (If the user you configured is logged in, or even if
that user isn't logged in any more but you haven't rebooted, some files will
be "locked" and you will not be able to copy them.)
3.With Explorer navigate into \Documents and Settings\username-you-configured
4.Edit-SelectAll and Edit-Copy
5.Navigate to \Documents and Settings\Default User
◦Navigate back up to \Documents and Settings
◦Using Tools-Options turn on display of "hidden" files and folders if it
isn't already turned on for the local Administrator (Default User does exist,
but usually isn't seen because it's marked "hidden".)
◦Navigate back down inside .\Default User
6.Edit-Paste
7.Navigate back up to \Documents and Settings
8.If you don't have a special user account set aside for Administration,
take this opportunity to turn display of "hidden" files and folders back off
Using Tools-Options.
Once the "Default User" template is set up the way you want it, delete all
the other user profiles (except "All Users" and "Administrator" and any other
fixed local users and of course your model user). This will force all users
to be treated as "new" users and given a copy of the Default User template
the next time they login.

You can even force every user to get a fresh copy of the Default User
template on every login by arranging that their profile disappears before
they login again. You might do this with a "reboot to restore clean" utility
such as DeepFreeze. Or you might do this with a logout script. But don't do
it unless you've provided users with some other place to store their files
and ensured they're using it. Deleting a user's profile will also delete
their My Documents folder and all its contents, which will cause great upset
among users unless they store their files somewhere else.

Note well that if a user profile already exists (either as [possibly cached]
local files, or as a "roaming" profile), it will supercede your Default User
settings. In fact if roaming profiles are enabled and you test with a user
account for which a profile already exists on the network, your tests will
seem to indicate that Default User doesn't work at all.


batch file:

@echo off
set /P user=Please enter username:
net user %user /DOMAIN|findstr "Group"|findstr "Basic Users" NUL
If %ERRORLEVEL% EQU 0 goto BasicUsers
net user %user /DOMAIN|findstr "Group"|findstr "Advanced Users" NUL
If %ERRORLEVEL% EQU 0 goto AdvancedUsers
net user %user /DOMAIN|findstr "Group"|findstr "Haxors" NUL
If %ERRORLEVEL% EQU 0 goto Haxors

REM add/remove as needed here for your purposes
:BasicUsers
net use z: \\serverone\folder1\subfolder2 /user:HardCOdedDomainName\%user
/persistent:no
goto end
:AdvancedUsers
net use z: \\servertwo\folderx\subfolderz /user:HardCOdedDomainName\%user
/persistent:no
goto end
:Haxors
net use z: \\serverthree\xfiles\subfolder2 /user:HardCOdedDomainName\%user
/persistent:no
goto end
:end

Hope this helps you as the previous one wasn't really of any worth, don't
think he/she read your question.


"TM" wrote:
Can you force a default profile by workstation? In other words, can you
ignore a user's profile for a particular workstation, but still allow the
user to log on?

Ads