sbotsford at sjsa.ab.ca
Wed Feb 7 18:54:30 GMT 2007
Keith Lynn wrote:
> What are the implications of locking the ntuser.dat file on the user's
> server profile? That is, if I make the ntuser.dat file read-only, what
> affects will that have on the client?
The follwoing is worth what you paid for it. Maybe.
The client machine will fuss when the user logs out, and complain that
it cannot copy the profle back. Sometimes this means that other stuff
in the profile directory won't get copied back too.
If you don't want the users to mess with the profile, then rename it
from .dat to .man.
This creates a mandatory profile. I think win clients know that this is
not changeable and don't try. Users can make changes in the local copy,
but they don't stick. This is usually more hassle than it's worth, as
some programs use the registry to save state. (E.g. Nikon View saves
the last open folder, and brings you back to that point on the next
A third way to do it is to let the users have their individual profiles
run a script that copies a standard profile over the user profile every
night. This has to be
a profile usable by everyone, or has to be that user's profile from
A fourth way to this is to make user that your netlogon share has the
profile you want users to use, then just delete the ntuser.dat files
every night. The client saves the file without a problem, but the next
day, it's not there so the default user profile is loaded instead.
The best way, I think would be to script the editing of the user's
ntuser.dat file to reset the keys that you want set. Probably can be
done with policies too. I'm just learning about policies.
More information about the samba