Skip to main content

Create an XP Pro Mandatory User Profile on the Local Machine

Posted November 2002 by Steve Sinchak

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named Defuser. Logout of the Administrator account and login to the new defuser account. Immediately logout of the defuser account and log back in to the Administrator account. Go back to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Double click on the new user Defuser. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:). Click OK and then close Computer Management.

Right click My Computer and select Properties from the menu then the advanced Tab/user profiles settings button. Scroll down the list and locate the user Defuser. Click on it (to highlight it) and select the Copy To button. In the Copy Profile To section, type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:). In the Permitted To Use section, click the Change button and type in the words Authenticated Users. Click the Checknames button then click Ok. Click Ok again.
Navigate to the X:\WINDOWS\All Users\Defuser folder. Right click on the ntuser.dat file and select rename from the menu. Rename the file to ntuser.man

Re-Cap

The steps above just created a mandatory user profile named DefUser. Any new or existing user that is assigned to Defuser profile cannot save any changes to the desktop or user environment. Each time the user logs off the changes are discarded. This implementation allows for a uniform desktop among designated users but not necessarily all users of the machine.

Assigning the Defuser User Profile to any new user

Example:

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder. Expand the Users folder. Right click on the Users folder and select New User. create a user named User1. Double click (in the right hand pane) on the new user User1. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:).

When User1 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

Assigning the Defuser User Profile to any existing user

Example: Existing user is User2

Go to Administrative Tools/Computer Management/Expand the Local User and Groups folder.

In the right hand pane, double click on User2. Go to the profiles tab. In the Profile Path section type in X:\WINDOWS\All Users\Defuser (where X is the system drive letter. Usually C:).

When User2 logs in he/she will inherit the ntuser.man file in the X:\WINDOWS\All Users\Defuser folder.

Related Posts


If you own a Google Chromecast streaming device, you can easily share a browser tab in Chrome browser or even your entire desktop.  This can be very useful when presenting from your laptop or if you just want to watch something on a big screen that is only on your PC.  The only requirement is you must be on the same network as your Chromecast...

Read More

If you are a fan of minimalist desktop experiences, hiding the desktop icons are an easy way to clean up the Windows interface.  Instead of saving everything to your desktop, use the default profile folders such as downloads and documents.  Actually hiding all the icons on your desktop is a very simple customization hidden in the right-click context menu.  Just right-click on the desktop, select View...

Read More

Google security researchers have published details about a major security flaw found in the SSL protocol that is used to encrypt data transferred between your browser and a web server. SSL is typically used in situations where logon credentials are validated...

Read More

Enabling two-factor authentication is a great way to add an additional level of protection to your Microsoft account.  Even if your password is stolen, your account is still protected because two-factor authetication requires an additional level of verification to log in. Microsoft calls their version of two-factor authentication "two-step verification" and it works by providing you with a random code...

Read More