Mandatory domain profiles

We have a mixture of both pc and mac workstations at the school where i work that are all controlled from a Tiger Server.
we recently switched over to a domain and as a result instead of all of the children logging on with the user name pupil we created individual users for each student.
I wanted to create a mandatory profile for windows that I could bind to each students account so when they logged on it took thier display picture/proxy settings/ restrictions etc from this profile on the server.
A friend of mine who works in another school with a domain recommended i make a dummy local profile on one of the pcs and set up all the settings that i want, then copy the profile folder from c:\documents and settings\(username)
over to the server renaming the ntuser.dat to ntuser.man
then in the profile path for each user in mac os server workgroup manager allocate each user to use the profile from the path i place the profile in.
at first this caused errors saying it couldnt find or didnt have permission to open the profile, after much trial and error i have managed to remove this error and get the windows machines logging on to the server to actualy call up this profile, but it seems to ignore all the settings completely as if it hadnt loaded the profile at all.
does anyone have any ideas how I can successfuly get the windows workstations to get all the pupil accounts settings from the server each time they log on (read only) so that they cannot change them.
Many Thanks.
This domain has been doing my head in

We did this on our labs before we got a dedicated windows PDC.
First, create your ideal profile on a machine. After you're happy with it, change the file ntuser.dat to ntuser.man. This will force it to become a mandatory profile. Then move that entire directory into a shared space, giving users "Full Control" to that folder, or on Mac OS, chmod 777. If on a Mac, share it using SMB, on Windows, do a regular windows share.
In Workgroup Manager, specify that all the users need to use that particular profile (just point to the directory). That should do the trick.
Hope that helps,
Jason

Similar Messages

  • Use old domain controller AD user profile with new domain (profile changed)

    Dear All,
    I have built Win Server 2012 for Domain migration from Windows Server 2003 to Windows Server 2012. I have tested all thing on VMware including user creation and tested Domain join using power shell for Win 7 and .VBs batch file for Win XP computers all thing
    are working fine.
    Let 1st I introduce my current environment. I have existing Win Server 2003 domain controller (abc.com) with 130 client computers and 200 users I am going to plan migrate my current environment to Win server 2012 Domain (xyz.com) Keep in mind that Domain
    name is changed but Domain Controller (Server) names are same i.e MY-PDC . I have tested domain join on multiple computers using existing clone of client computers and create all existing users using .csv file and power shell with required
    credentials and OU.I am facing the user profile issue when I join domain and login with existing user which was previously the user of same computer the required profile does not login and computer creates new user profile in Document and Settings section
    of Win XP.
    I need your expert opinions because copy old profile data and create new outlook profile for each user is a big headache for any one. Hope you people can understand and help me in this issue.
    Please provide best answer and result on priority I will be thankful to all of you.
    Regards,
    Arsalan

    Hi Arsalan,
    Please check if USMT can help you to achieve this target.
    User State Migration Tool 4.0 User's
    Guide
    Meanwhile, please also refer to following articles and check if can help you.
    How
    to Migrate Windows User Profile to New Account
    Keeping user old domain profile
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

  • ITunes doesn't open when using cached domain profile

    I have iTunes 10.5.2.11 installed on my Windows 7 machine.
    When I am connected (via a LAN) to the Active Directory domain, iTunes works fine, opens etc.
    However, when I login to the laptop at home using my cached domain profile, iTunes does not load, or even give an error message.
    Help?

    gta129,
    Do you have iTunesHelper set to start up when you login? To check if it's in the list of login items:
    1. Open System Preferences.
    2. Click the Accounts pane.
    3. Select your user.
    4. Click the Login Items tab.
    5. See if iTunes Helper is listed here.
    Hope this helps,
    Jennifer B.

  • InDesign keeps crashing ever since I switched the user to a domain profile from a local, what can I do?

    InDesign keeps crashing ever since I switched the user to a domain profile from a local, what can I do?

    He's running ID CS6 on Yosemite, and it is random as of now. No particular thing makes it crash, it just displays that the program has stopped running. However when we switch to his local profile he can work with no issue.

  • Move user profile to new domain profile on same computer

    If you want to copy data and most of the preferences, I suggest Fab's AutoBackup 6 Pro.
    http://www.fpnet.fr/

    Hello all
    I've been given the tedious task of replacing a server with a new one using a different domain, then rejoining all of the desktops to the new domain.
    There won't be any kind of migration, just rejoining desktops to new domain.
    Has anyone got any recommendations on what would be the best way to transfer the desktops user profiles from the old domain profile to the new domain profile?
    Any advice would be appreciated.
    Thanks
    This topic first appeared in the Spiceworks Community

  • CS5 issues with mandatory roaming profiles

    Hi,
    I have seen lots of problems reported with using CS5 on networks with mandatory roaming profiles but not found any answers yet?
    Has anyone managed to get it working yet?
    We have gone to using standard network default profiles but it is not where we really want to be.
    Regards
    Darren

    Dreamweaver is designed to work in a multi-user environment, and it creates a configuration folder for each user in that person's application data folder or library. You need to contact Adobe technical support if you need a different setup.

  • New Domain Profile can't see Oracle ODBC Driver

    Has anyone ever moved a desktop to a new domain? If so, have you ever run across the new domain profile not being able to install software that edits the registry? Here's what I did:
    1. Changed TCP/IP settings to DHCP on desktop.
    2. Moved cable in network room from old hub to new hub.
    3. Joined new domain on desktop.
    4. Rebooted the machine and logged in with domain credentials.
    5. Added domain account to local machine administrators group.
    6. Logged off and logged back on with new privilages.
    Here's where it got weird. I then tried to test a VPN connection to an external data warehouse. The VPN connected properly, but when I attempted to make a connection to the database (through Crystal Reports), it bombed and said the ODBC driver wasn't installed (it was under the old profile). So, thinking I was smart, I grabbed the Oracle 9i client disk and reinstalled the client to get the ODBC driver back.
    At which point, I received an error stating I didn't have permission to write a key in the registry. This is semi-funny, since I was then able to re-install JInitiator, which does write to the registry, with no problem. Any suggestions??????
    Glenn McWilson
    Workforce Development Council of Seattle-King County
    [email protected]
    206.448.0474

    A few simple things to check: printer powered on? USB cable OK? Is it connected, as well?
    If it doesn't automatically show up in the printer setup utility, try choosing "More Printers" and then select Epson USB. See if it shows up then.

  • How do you find out if the domain profile is active in the firewall?

    A script needs to determine if a firewall profile is active.  Does anybody know of a function to do this?
    The problem I a trying to solve is when a server boots it may not activate the domain profile.  It happens if the server is booted before a domain controller comes on line or if and adapter team is in use.  To solve this, I run a script at boot
    up that waits and then restarts the nla service and typically the domain profile will become active.  However it isn't fool proof.  I want to modify the script to verify that the domain profile has become active.  However, I cannot find a function
    to determine if the domain profile is active. Can someone help with this?

    Are you using something with PowerShell 4.0 that has the NetSecurity module? The second part of that question will be based on the version of the Windows Operating System. To check, try this: Get-Module -Name NetSecurity. If you do, you can based your logic
    around the Get-NetFirewallProfile and, perhaps, the Set-NetFirewallProfile cmdlet.
    Get-NetFirewallProfile -Name Domain
    Get-NetFirewallProfile -Name Domain | select Enabled
    Get-NetFirewallProfile -Name Domain | select -ExpandProperty Enabled
    (Get-NetFirewallProfile -Name Domain).Enabled
    To enable (or, activate) the profile, you can pipe your Get- cmdlet to the Set- version of the cmdlet.
    Get-NetFirewallProfile -Name Domain | Set-NetFirewallProfile -Enabled:True
    Without access to this version of PowerShell and this module, you'll either need to use netsh and/or WMI. I haven't checked myself, but I wouldn't be surprised if you can find something in the
    Gallery.

  • Changed domain profiles - now unable to verify identify for password recovery

    This problem seems to have incorporated parts of other threads. I do not know if the anyone else ended up at the same place - frankly, the IBM / Lenovo support process is bewildering.
    Anyhow, we switched domains recently. I dropped the domain profile to a local profile, then rejoined to the next domain. Problems ensued.
    At this point, I have gone into BIOS and purged all fingerprint information (after uninstalling CSS 8.0 and fingerprint 5.6 software). Reinstalled CSS (8.1) and FP 5.6. Was eventually able to delete the fingerprint profiles associated with the previous user profile. Enrolled FP for the new profile.
    I am repeatedly asked to verify my identify. However, I am unable to modify / recover the CSS password. I can complete the three questions to get into the password manager, but never can reset the CSS pw)
    Frankly, I do not even know if I am describing this correctly. Uugh. Any help would be greatly appreciated.

    What I had to end up doing was re-sync the password used on the old domain with the password stored in the CSS.
    I did this be changing my password under the windows change password function. The password had to match exactly. After that, I logged into CSS normally, without a hitch. Once confirmed, I could modify my windows password normally, and CSS somehow synchronized with this.
    Hope this helps.

  • Win7 pro joins essential2012r2 domain profile migrate but has encrypted folders

    Have a workstation set as workgroup that had encrypted folders for user. Workstation renamed and join to Essentials 2012r2 server using utility. It also merged user profile to domain. User did not say about encrypted folders. Now can not access files in
    folders. I have located the certificate and key from original user profile. How to recover access to encrypted files?  Does workstations need to be dropped from domain and change back to original name and workgroup?  User profile is already associated
    with domain profile.  
    Thanks for any help

    Hello,
    The folders were encrypted with EFS on the desktop of a user profile when the system was on a workgroup.  Then the computer name was changed and join to the domain for Essentials 2012r2 with the connect utility.  The utlilty then migrated the users
    profile to the domain login.  The folders are now on this users profile desktop.  When looking at the security access it is displaying the old user/oldwksname as authorized to access.  These folders can not be moved or copied as the domain user
    does not have permission to do so. 
    I locted the cert and key from the old user profile/appdata path.  Can these be used to gain access.  under cert manager of domain profile it does not have the associated key to the cert for export.
    thank you

  • Getting domain profile object

    I want to access the domain profile object from my provider.
    i know how to access the domain name using the profile and policy api but how can i get the domain profile object?

    what info do u want to get from it?

  • Windows 8.1 keeps forgetting my domain profile

    I just did a fresh install of Windows 8, did updates, then upgraded to 8.1 via store.  I created the default local account then after 8.1 was updated I connected to my domain.  I can log into my admin domain account fine but Windows can't remember
    my profile.  Any apps I set up, shortcuts on the desktop, or favorites added to IE, when I restart its all erased and back to square one.  I've tested it a few times and each time Windows has to set up my profile like its my first time ever logging
    in.  How do I prevent this from happening?

    Hi,
    How about your local account? Is it also had this problem? If this problem just happened on Domain Account, it is probably your account file damaged during join into domain.
    Firstly, please check Event Viewer if it identify this events.
    Secondly, Open Registry and access to the volume below:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    Check and delete the problem account list. After that, exit your account from domain and join it again for test.
    Roger Lu
    TechNet Community Support

  • Mandatory creation profile on scheduling agreements

    Hello Gurus,
    I need to put a value on creation profile field on schedulling agreements. I have to choices:
         - Put the value on supplier data. It is a plant-dependant value i my client doesn't want to create this data.
         - Made it mandatory. This possibility doesn't appear through Scheduling Agreement -> Define Screen Layout at Document Level as usual in fields on Purchase docs.
    Anyone has an idea how made it mandatory (or de badi to change the value by code)
    Best regards,
    Nacho

    Dear Experts,
    I'm not getting any response regarding Creation profile which I posted last week.
    Can anybody explain me the use of Creation profile in Schedule line?
    From Standard SAP help documentation I'm not convince.
    Best Regards
    PKB

  • Windows 8.1 x64 enteprise default domain profile creation nightmare

    I have huge problem to create default windows 8.1 x64 enteprise profile without sysprep.
    I am create xml file with default start apps (for enteprise 8.1up1) for my domain users and that is ok.
    I have default profile that I am customize and rename into Default profile. All setting is ok (My computer, proxy, control panel list and other settings). Problem are in metro apps like metro calculator, or calendar etc..
    This is error for every metro apps that I have for my domain users accept local administrator:
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    Microsoft.WindowsLive.Calendar.wwa
    and APPID
    Unavailable
    to the user .......-277033270-7741) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    What can I do about this. I am try every DCOM and registry permission solution but without success?

    I am found problem. I think maybe I am problem. I am export start menu in xml format and this is what I want to do:
    <launcher version="2"><view name="Start"><group><tile AppID="Microsoft.Windows.Desktop" size="wide310x150" FencePost="0"/><tile AppID="Microsoft.InternetExplorer.Default" size="square150x150" FencePost="0"/><tile AppID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\EXCEL.EXE" size="square150x150" FencePost="0"/><tile AppID="Microsoft.Office.OUTLOOK.EXE.15" size="square150x150" FencePost="0"/><tile AppID="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\WINWORD.EXE" size="square150x150" FencePost="0"/></group><group><tile AppID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\calc.exe" size="square150x150" FencePost="0"/><tile AppID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe" size="square70x70" FencePost="1"/><tile AppID="Microsoft.AutoGenerated.{923DD477-5846-686B-A659-0FCCD73851A8}" size="square70x70" FencePost="0"/><tile AppID="Microsoft.Windows.Shell.RunDialog" size="square70x70" FencePost="0"/><tile AppID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" size="square70x70" FencePost="0"/><tile AppID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\SnippingTool.exe" size="square150x150" FencePost="0"/><tile AppID="Microsoft.Windows.MediaPlayer32" size="square150x150" FencePost="0"/><tile AppID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" size="square150x150" FencePost="0"/><tile AppID="{6D809377-6AF0-444B-8957-A3773F02200E}\Double Commander\doublecmd.exe" size="square70x70" FencePost="1"/></group></view></launcher>
    I use this xml block in local gpedit.msc location User configuration - administrative template - start menu and taskbar - Start Screen Layout. Path for xml file is ok and my strat screen is Ok after this. Problem is that other store apps after I am apply
    this xml file, when I click for example on store calculator it is minimized on taskbar and cant be started. In error log I am found error 10016 for calculator. Why I cant start other store apps if I am configured only start menu icons? I have windows 8.1 update
    1 x64 enteprise.
    Before I am apply this xml file my store apps is work ok for all domain users.

  • Default Domain profiles for different OUs / departments - GPO ?

    Hi,
    i know there is only one default domain user profile possible.
    We are using Windows 2012 R2 and Windows 7/ 8.1 Clients.
    We would like to delegate a few OUs.
    How is the best way to handle delegation and different profiles ?
    Should we create only one default domain user profile without any sofware installed ?
    Next we save this profile in Netlogon ?
    And each department / different OU admin deploy his software ?
    Is it possible to control where will be use the default user profile ?
    Maybe by security filtering ?
    Is this the right way ?
    Thank you very much & best regards
    Andi

    Hi Andi,
    Based on your description, did you mean that want to set default domain user profile? From Darrell Gorter’s
    description in
    this thread, this option seems to be unsupported and known it have issues.
    Meanwhile, please refer to following article and check if can help you.
    A Better Way to Customize the Windows
    Default Profile
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

Maybe you are looking for

  • How to determine the "Last Value" in exception aggregation

    Hi gurus, I have a KeyFigure with an exception aggregation -Last value- by time. I report on a multiprovider ("containing" a infocube and a realtime infocube with BPS-InputLayout). I can correct separate Items with this BPS-Layout. So, at the end I h

  • Linked Lists by Lookup/ Retrieve value in workflow

    I have two lists linked by a look-up. Genere List has title of genres and a Radio button named Active selectable values Yes/No. Track list has a lookup field to Genere List and displays the title of the Genere. I have a List Workflow on Track  that s

  • Replace the text in DUTCH language to ENGLISH in sap-scripts

    1)In a layout am having a text say "posisdvnsdb" in dutch language i know the form name print prog name and the window name. how can i find whether it is hardcoded or getting the text from print program by looking at the script editor solution requir

  • DFS in Windows Server 2012 R2

    Hi, I am trying to configure DFS Replication through powershell. And I am able to upto a certain limit. The group is getting created. But error is while adding members. Doing manually also results in the error in the same stage. In powershell the err

  • How to add a Cipher Suite using RSA 1024 algorithm to the 'SSL Cipher Suite Order' GPO

    Following a VA test the Default Domain GPO has been set to enable the SSL Cipher Suite Order.  Following the change Symantec Endpoint Protection Manager doesn't work properly as the the Home, Monitors and Reports pages are blank and an Schannel error