Nice, thanks! I did not know this myself. From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Thursday, August 29, 2013 8:34 AM To: [email protected] Subject: [NTSysADM] Super mandatory profiles
I thought I was pretty well up on profile stuff but I'd never heard of a "super mandatory" profile....essentially just a mandatory profile with the "prevent logon if roaming profile not available" GPO set, although doing it this way removes any reliance on GPO whatsoever Just in case anyone else is as ignorant as myself, thought I'd post the details... Super Mandatory Profiles The super mandatory profile is a mandatory profile with an additional layer of security. Windows must successfully load the super mandatory profile or the user cannot log on to the workstation. Occasionally, transient issues may prevent a roaming or mandatory profile from loading. When this happens, Windows will create a temporary profile for the user based on the default network user profile or the default local user profile. Windows deletes temporary profiles when the user logs off. Super mandatory profiles prevent creating a temporary user profile and restrict the user from logging on, should there be any problem with finding or loading the mandatory profile. Create a super mandatory profile 1. Create a mandatory profile by following the Create a mandatory profile procedure. 2. While logged on as a domain administrator, connect to the network share you created or used in step 1. This should be the share path to the roaming or mandatory user profile. For example, the share path in the contoso.com<http://contoso.com> domain is \\finance\RUP\<file:///\\finance\RUP\>. 3. Right-click the user folder for which you want to configure a super mandatory user profile. Click Rename. Add .man.v2 to the end of the folder name. Close Windows Explorer. 4. As a domain administrator, open the Active Directory Users and Computer management console 5. Right-click the user account for which you want to configure a mandatory user profile. 6. Click the Profile tab. Type the network path you created in step 1 in the Profile Path text box. Add .man to the end of the profile path. For example, a mandatory profile path for user1 in the contoso.com<http://contoso.com> domain would be \\finance\RUP\user1.man<file:///\\finance\RUP\user1.man>. -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk<http://appsensebigot.blogspot.co.uk/>
