If you feel this tip has saved you time or effort, please consider buying us a cuppa coffee to keep things going!

Guide for preparing a mandatory profile for Windows 7 users

Windows 7 can use a mandatory profile when logging into a windows domain, much like XP, but the process in setting up the mandatory profile require a few more steps.

Prepare Windows 7 Local User Account

Install Windows 7 on your reference machine and install all the applications that you would like the mandatory profile to enforce preferences for.

Log in, and active the administrator account - open a command prompt and run net user administrator /active:yes

Create a new local user account.

Log in as that new user and run all the applications and set the preferences as required, also set windows preferences like the wallpaper, start menu settings etc.

Log out of the the local user account.

Log in as administrator.

Windows Enabler

Download Windows Enabler from: http://www.angelfire.com/falcon/speedload/Enabler.htm

Windows enabler will allow you to use the Copy Profile button - this is the same button that you create profile copies on an XP machine, but on windows 7 this option is disabled by default.

Run windows enabler - follow the notes on the site linked above to get started.

Copy the User Profile

Open the User profiles control panel item and click  Configure advanced user profile properties. Now that you have Windows Enabler running, you should be able to click on the Copy To... button.

Give everyone full access to the profile by using the "permitted to use" button, choose a path to save your profile and click OK.

Open the folder where you saved your profile, and make it a mandatory profile by renaming NTUSER.dat to NTUSER.MAN

Replace Hard Username References

Although you used the copy profile tool, There will still be a few references to the old username in the ntuser.dat/man file. I have not experiences issues with this, but for completness it is recommended that you replace these hard references with the %username% variable.

Open the registry editor (regedit.exe), Select the HKEY_USERS folder.

Click File -> Load Hive. Browse to the ntuser.man file you created above and click open. Give it a name, like temp.

Right click the folder for the hive you just loaded and choose Export. This will export the whole ntuser file as a .reg file.

Open this .reg file with notepad. Click Edit -> Replace. In the Find what: box, type the username you initally created the account with (the local username) and in the Replace with: box type "%username%" (without the quotes.

Once the replacement is complete, save the file and close notepad.

Double click the .reg file to import it back into the regisrty - this will replace the username entries in the NTUSER.dat/man file that is still loaded to %username%.

Back in regedit, select the temp hive and choose File -> Unload Hive.

Copy the profile folder to the server and put it in the share where your XP mandatory proifle is, but with .V2 at the end of the folder name. It needs to have the same name as the profile path in Active Directory. For example, if the profile path in Active Directory is \\server\profiles\mandatory then copy the new profile to \\server\profiles and make the folder name mandatory.V2

References

http://joeelway.spaces.live.com/blog/cns!2095EAC3772C41DB!2708.entry?sa=45099244

http://www.edugeek.net/forums/windows-7/53190-windows-7-xp-mandatory-roaming-profiles.html

http://www.angelfire.com/falcon/speedload/Enabler.htm