A mandatory profile is a read-only profile. If you want to create a profile that does not save all changes the user makes, you will have to create a mandatory profile.
- Log in with an account that has Administrator rights;
- Create a folder on the hard drive where the mandatory profile should be placed. For example C:\Profiles;
- Share the folder by right-clicking on the folder and then pressing Properties;
- Go to the Share tab;
- Press the Share button;
- Type in Everyone and then click Add;
- Click on the right at Permission level and click on Read and change it to Read/Write;
- Click Share;
- Copy the path (\\computer1\Profiles) that you then get, you will need this later;
- Click Done;
- Launch Local Users and Groups console (lusrmgr.msc);
- Create a new account;
- Find the user and double-click on the user;
- Go to the Profile tab;
- Under Profile path, enter the path of the mandatory profile (see no. 9);
- Click Save and close the window;
- Log out and log in as the user you just created;
- Make the adjustments you would like to have in the mandatory profile and log out;
- Log in again as Administrator;
Now rights need to be set on the folder and subfolders. In addition, the user must also have registry hive rights.
The mandatory profile folder with subfolders must have the following rights:
- ALL APPLICATION PACKAGES – Full Control (Start Menu does not work properly without these rights);
- Authenticated Users – Read and Execute;
- SYSTEM – Full Control;
- Administrators – Full Control.
The same permissions must be assigned to the user registry hive by loading ntuser.dat profile file using File -> Load Hive in regedit.exe.
Daarna File -> Unload Hive
Then log in
Then rename NTUSER.dat into NTUSER.man in the the user profile folder.