How to: Create a Mandatory profile in Windows Server 2008 R2

1.) Make a local user on the server (Windows Server 2008 R2 in my environment)
2.) Make the user member of the local administrators group on your server
3.) Login in with this user and customize for example the start menu
4.) Logoff and login again with an administrator account
5.) Create a share on your file server. For example \\SRV-RDSDC-01\TSmandatory
6.) For share permissions choose Everyone Full Control, NTFS permissions choose Authenticated Users Read
7.) Turn off Caching on this share
8.) Copy the complete template folder from the C:\Users directory to the new TSmandatory share
9.) Rename the template folder to TSmandatory.V2
You have to add the .V2 in the name of your folder, because it’s the new profile type in Windows Server 2008 and 2008 R2!
10.) Delete the Local and LocalLow folders from the AppData folder
11.) The next step is to add the right permissions on the mandatory profile
12.) Open REGEDIT and load the NTUSER.DAT hive
13.) Right-click on the TS Mandatory profile and choose permissions
14.) Delete the template user and add the Authenticated Users (Full Control)
15.) Unload the NTUSER.DAT from your registry
16.) Rename the NTUSER.DAT to NTUSER.MAN
17.) When you configure a GPO to specify the location of the Mandatory profile, you’ve to choose to following location:
\\SRV-RDSDC-01\TSmandatory\TSmandatory without the .V2!

TS_MAN_00 TS_MAN_01 TS_MAN_02

TS_MAN_03 TS_MAN_04 TS_MAN_05

TS_MAN_06 TS_MAN_07 TS_MAN_08

TS_MAN_09 TS_MAN_10

One thought on “How to: Create a Mandatory profile in Windows Server 2008 R2”

Leave a Reply