JSI Tip 5450. How do I create and assign a mandatory profile in a Windows 2000 domain?

A mandatory profile does not save any changes that a user may make during their logon session. When the user logs off, the profile reverts to the configuration that the administrator configured when the profile was created.

To create a mandatory profile:

01. Create a template domain account with the same permissions as the user or group that will use the mandatory profile.

02. If you want to apply any registry hacks, temporarily make the template account a member of the administrators group on your local workstation.

03. Log on to the template account on your workstation and configure the desktop, start menu, appearance, shortcuts, software, registry hacks, etc.....

04. Log off the template account and remove the account from the local administrators group.

05. From your workstation, log on to the domain with an account that is a member of the Domain Admins group.

06. Create a share on a network server (\\ServerName\Mandatory) to hold the mandatory profile. Grant the users and groups that will use the profile Read & Execute permissions on the folder.

07. Use Control Panel / System to select the User Profiles tab.

08. Select the template account in the Profiles stored on this computer list and press Copy To.

09. Type the network location of the mandatory profile, \\ServerName\Mandatory, into the Copy profile to box.

10. Under Permitted to use, press the Change button and add the Everyone account from the domain.

11. Press OK until the System applet is closed.

12. Locate \\ServerName\Mandatory\Ntuser.dat and rename it to \\ServerName\Mandatory\Ntuser.man.

Assign the mandatory profile: 

1. Open Active Directory Users and Computers.

2. Select a user account that will use the mandatory profile and press Properties.

3. Select the Profile tab.

4. Type the profile path, \\ServerName\Mandatory, into the Profile path box and press OK

5. Repeat steps 2 - 4 for each additional user that will use the mandatory profile.

NOTE: You can also assign the mandatory profile by opening a CMD prompt and typing:

net user <UserName> /profilepath:\\ServerName\Mandatory /domain

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.