Create a mandatory profile

Logon as Administrator

Create new user: ManProf
Grant the user local administrator rights

Logoff and log back on using ManProf

Customize: Start Menu / Taskbar icons / etc.

Logoff and log back on with the administrator account

Go to Folder Options and make sure ‘Show hidden files, folders and drives” is selected and that “Hide extensions for known file types” and “Hide protected operating system files” is deselected.

Copy C:\Users\ManProf to a file share or local folder and set security (Authenticated Users: Read & Execute, replace all child object permissions).

Add .Vx at the end of your folder name
ManProf.V2 (
Server 2008 / Server 2008 R2)
ManProf.V3 (Server 2012 / Windows 8)
ManProf.V4 (Server 2012 R2 / Windows 8.1)
ManProf.V5 (Windows 10 RTM and 1511 builds)

ManProf.V6 (Windows 10 build 1607 and higher / Server 2016 / Server 2019)

Delete folder ‘LocalLow’ and ‘Local’ in AppData
Rename ntuser.dat to
Delete folder: Contacts, Downloads, Links, My Documents, My Music, My Pictures, My Videos, Saved Games, Searches
Delete files: ntuser. (LOG, BLF, REGTRANS-MS File, .ini) Keep

Start registry editor

Load the mandatory profile (load hive)
Change security rights to make sure that Everyone has full control (remove ManProf from security)
Search the hive for the username (ManProf) and change it to %username%.
Go to Shell Folders [HKEY_USERS\ManProf\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

Delete all keys except:

-!Do not use this registry key

Delete unwanted Autoruns


Delete unwanted Policies


Delete unwanted Devices

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices

Delete default Printer

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows

-Delete key: Device

Unload hive

Browse to ManProf

Delete files: ntuser. (LOG, BLF, REGTRANS-MS File, .ini) Keep
Browse to: ManProf.Vx\AppData\Roaming\Microsoft\Windows\Libraries
Open these 4 files in a text editor (Document, Music, Pictures, Videos)
In each file there are two GUID’s. One referring to the library and one to the public library.

Delete the Public folder GUID line from the 4 files: <url>knownfolder:</url>

Documents: {ED4824AF-DCE4-45A8-81E2-FC7965083634}
Music: {3214FAB5-9757-4298-BB61-92A9DEAA44FF}
Pictures {B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}
Videos: {2400183A-6185-49FB-A2D8-4A392A602BA3}
Delete the ownerSID: <ownerSID></ownerSID>
Delete the serialized: <serialized></serialized>

Enable the mandatory profile for RDS / Citrix using GPO

Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles

Use mandatory profiles on the RD Session Host Server – Enabled
Set path for Remote Desktop Services Roaming User Profile – Enabled
Specify the profile path. (example: \\sldt.local\share\ManProf (do not include the .Vx).

Enable the mandatory profile for Windows 10

Computer Configuration\Policies\Administrative Templates\System\User Profiles

Delete cached copies of roaming profiles – Enabled
Set roaming profile path for all users logging onto this computer – Enabled
Specify the profile path. (example: \\sldt.local\share\ManProf (do not include the .Vx)

Laat een antwoord achter

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *