locked
Public Access PC - only one domain profile RRS feed

  • Question

  • Hi all,

    I have a suite of about 400 public PCs (like an internet cafe) with a third party booking system, MyPC by ITS.  The PCs are all on a server 2012 domain and the clients are currently XP, soon to be Win 7.  Now, when customers log on they authenticate against the booking system, which then forward the logon credentials to the PC to logon.  They ALL use the same domain profile, which is none roaming.  On XP, I created a user profile, tweaked it then copied it over to default user using the copy profile feature.  In 7 I've done the equivalent using audit mode and copyprofile=true in the answers file.

    Now, because they are public access, security is very strict.  We need it so that it is either impossible to save files to the userprofile, or make it so that on logoff they are cleared.  Currently that is done via a VBS script but it is not perfect.  

    Can I replace this archaic system with something like a mandatory profile or by making use of the domain guest account? 

    Short version: I want a way to have a single non roaming domain profile which is used by thousands of users to clean itself every session.

    Thanks!

    Thursday, September 25, 2014 12:04 PM

Answers

  • Hi,

    For me, I prefer mandatory use profile which can only make transitory changes to their environment, that means any changes that users make to the local environment aren't saved, and the next time they log on they are back to the original profile.

    Creating a Mandatory User Profile

    http://technet.microsoft.com/en-us/library/gg241183(v=ws.10).aspx

    Customize the default local user profile when preparing an image of Windows

    See this part: (How to turn the default user profile into a mandatory user profile in Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2)

    http://support2.microsoft.com/kb/973289


    Yolanda Zhu
    TechNet Community Support

    • Marked as answer by Planehazza Friday, September 26, 2014 12:00 PM
    Friday, September 26, 2014 6:52 AM

All replies

  • Hi,

    For me, I prefer mandatory use profile which can only make transitory changes to their environment, that means any changes that users make to the local environment aren't saved, and the next time they log on they are back to the original profile.

    Creating a Mandatory User Profile

    http://technet.microsoft.com/en-us/library/gg241183(v=ws.10).aspx

    Customize the default local user profile when preparing an image of Windows

    See this part: (How to turn the default user profile into a mandatory user profile in Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2)

    http://support2.microsoft.com/kb/973289


    Yolanda Zhu
    TechNet Community Support

    • Marked as answer by Planehazza Friday, September 26, 2014 12:00 PM
    Friday, September 26, 2014 6:52 AM
  • Thanks that is great! I'd been researchin mandatory profiles, and that last part, "How to turn the default user profile into a mandatory user profile in Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2" is exactly what I need.  I've just followed that guide and it works perfectly.  Can you tell me if having a profiles folder on the NETLOGON share of the DC is a bad idea? Or should I be getting the server guys to create a profile$ share instead?  

    It is probably overkill as this domain does not have any roaming profiles or any folder redirection.  All the customers using these 400 PCs log on with a single domain user account.  This also means that when I want shortcuts updating I don't have to rely on a GPO or thirdy party admin tool - I can simply update the mandatory profile on the server and wait for the PCs to logoff and back in again (2 hour sessions).

    Thanks!

    Friday, September 26, 2014 12:00 PM
  • Hi,

    Netlogon share is used to store the logon scripts and possibly other files, for better management of the user profile, I suggest you create a new share to store the mandatory profile.


    Yolanda Zhu
    TechNet Community Support

    Tuesday, September 30, 2014 8:27 AM