Shared roaming profiles for all users (XP)?

John H Terpstra jht at
Sat Nov 23 04:58:01 GMT 2002

On Sat, 23 Nov 2002, xfesty wrote:

> Hash: SHA1
> Hiya.
> Is there anyway to make non changable roaming profiles for all users
> with XP workstations, and Samba 3.0HEAD from CVS acting as a PDC?

I documented the exact process for you earlier today. Please refer to the
expressly clear instructions given for creating a mandatory profile for
Windows XP.

If you do not follow this process you will not achieve what you need.
A mandatory profile is precisely what you need - a profile that no user
can change. It can not be read-only, but it is not writable. To be
writable NTUser needs to ba a .DAT file, the .MAN extension blocks
writability. To be usable by a group of users the profile needs to be set
so that the ACE includes that group. The group can either be a global
group, or the global/local group called "Everyone".

> I'm setting up a bunch of workstations for an internet cafe, and all
> users need to basically have the same settings (i.e. desktop icons,
> Internet Explorer settings, start menu items, etc.) as others, yet not
> be able to change them.
> I tried setting the profile dir to the same for all users, and making
> it read only, but I'm experiencing two problems -
> (1) XP will refuse to load the profile if its read-only, and

Correct. See above.

> (2) XP won't load the profile if it wasn't created by the same user.

Correct. See above and refer to email earlier today.

> I'm also finding cookies in IE sometimes aren't being properly set,
> people can't view hotmail attachments, MSN messenger refuses to work,
> and a bunch of other oddities.
> Anyway past this?  I remember back when I was using Windows 2K Server
> as a PDC, it was possible to have this.

Yep. Follow the information in the MS WIndows 2000/XP Resource kit.

- John T.
John H Terpstra
Email: jht at

More information about the samba-technical mailing list