Question

(URGENT) Delete the profile of user on login and logoff

Asked by: pawankk


In windows 2003 Domain (GPO)Is there any policy or  restirction through which the  profiles( local setting temp, temp inteernet files, history of the users) can be refreshed and deleted on login automticaly  if yes how, it can be  applied?

Is there any policy  through which we can restirct  users from running setup or installing any files or spywares on the  sytem or  registry. If there is any policy or user restirction then kindly tell me how is it possible

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-10-28 at 08:04:21ID22040912
Tags

delete

,

profile

,

logoff

Topic

Miscellaneous Networking

Participating Experts
2
Points
50
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. spyware??
    Hi I know what you are all thinking, another spyware question...... Well i have downloaded ad-aware and run it, cleaned up all the spyware etc, then ran hijack this and posted on the website and have cleaned out anything dodgy and i am still getting the following proble...
  2. GPO Setting for Clearing Document History
    Is there a computer GPO that will always clear the users recent document list at logoff.
  3. Spyware,
    I would like to know more about spyware. What is the detection/prevention methodology to fight with spyware in a typical enterprise organization. 2) Tool that many big organization (enterprise level) use to fight with spyware
  4. Auto Logoff GPO for 2003 AD
    i want to setup a GPO to auto logoff users after given idle time. It is my intention that this will terminate any open local or terminal sessions after say one hour of idle time. I am running windows 2003 AD native.
  5. GPO Force Logoff and shutdown
    I want to apply a policy to either logoff or shutdown the domain computers in the evening. Apart from setting the logon hours for users and turning on the force logoff GPO is there anything else i need to do? Where is the force shutdown GPO? When i applied the policy to...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Machin__ShinPosted on 2006-10-28 at 18:29:50ID: 17827412

There is a way in GPO to make it so that you don't keep a local profile, you can go to Computer Configuration ->Administrative Templates->System->User Profiles and you can Delete cached copies of roaming profiles. By Default Temporary internet files, Temp and History directories are not transferred over when using roaming profiles. They are only stored on the local machine.

As for restricting users from installing things maybe in GPO, Run Only Allowed Applications from
User Configuration->administrative templates->System.
 Or just put them in a restricted User group.

a host file that can be replacated via WINS or just applied to the local machine from http://www.mvps.org/winhelp2002/hosts.htm
Usually stops most spyware.
Also you could try using an antispyware util from www.pctools.com or www.webroot.com. Both are among the best anti-spyware utils.

 

by: pawankkPosted on 2006-10-30 at 01:36:00ID: 17832440

machine_shin



GPO Sysytem> User pofiles i Have tried it  but there is no option as such to delete the  History, Temporary internet files or Temp folders on every login  can it be used though Login script can u give me  complete codes and way to  configure login script as I am a layman to it.

Alowed apllications  i have to completly list down the softwares taht can be  executed and list will go to is there any way to block msi, or setup or to lock registry so that  any application files caanot be registred o installed on the PC


 

by: Machin__ShinPosted on 2006-10-30 at 04:02:19ID: 17832907

As initially suggested put them on guest/restricted group to prevent installation of things. Also there is a "do not run specific applications" part in the GPO almost beneath that run restrict one.

The Temporary Internet files, temp directory and history are not stored on a roaming profile as soon as the local copy is deleted those will go too.
 If you want to use a logon script paste the following in notepad and save with the following path including quotation marks(change server to your server name) "\\SERVER\netlogon\tempdel.bat"

_________________________________

@echo off
REM echo off hides the commands from the user
REM the following deletes all the contents of the folders you specified, but not the folders themselves
REM except index.dat as you cannot delete that file normally so some of the internal folders will remain.
for /d %%G in ("%userprofile%\local settings\temporary internet files\*.*") do rd "%%G" /s/q >nul 2>&1
del "%userprofile%\local settings\temporary internet files\*.*" /s/q >nul 2>&1
for /d %%G in ("%userprofile%\local settings\temp\*.*") do rd "%%G" /s/q >nul 2>&1
del "%userprofile%\local settings\temp\*.*" /s/q >nul 2>&1
for /d %%G in ("%userprofile%\local settings\history\*.*") do rd "%%G" /s/q >nul 2>&1
del "%userprofile%\local settings\history\*.*" /s/q >nul 2>&1
REM the /s switch deletes all files and sub-folders
REM /q suppresses the y/n and stopping on files you can't delete. It also hides what your deleting
REM >nul 2>&1 eliminates error and information messages so the user sees nothing, you can of course change that "nul" part to a file name and it will make a log file instead

__________________________________

select your users in AD right click, go properties->Profile->logon script
just type in tempdel.bat then ok

 

by: kadadi_vPosted on 2006-10-30 at 08:20:41ID: 17834730

If you created the users in domain controller ( active directory serices with DNS server) and at client side they are loging with domian user then there is already restriction for installationapplications or to make any change the windows control panel settings .menas it needs the administarive rights....ok

 

by: Machin__ShinPosted on 2006-10-31 at 00:38:07ID: 17840483

how are you getting on?

 

by: pawankkPosted on 2006-11-07 at 08:09:47ID: 17890490

Machine

1. I have redirected the  my documents and  desktop folders to a different drive can i give full path of that folders  in login script  then default user profile path ""%userprofile%\"  

2. I want to make printer default and install on every login can i  give the vbscript commands in same login script.

3. i want that all the files of all users working goes in a single folder with specified user permissions can it be possible and ant to restirct all other folders and drives for user access an want to restore the PC by deleting all history, documets, desktop, temp, temporary internet files all accessed by any user ad  make the pc fresh fo the new user if is posoibl how i can  proceed wioth y problem.

 

by: pawankkPosted on 2006-11-07 at 20:48:13ID: 17895582

Machin__Shin

thanx buddy for the login script i tried it as log off script but  have a problm in it it does not delete hidden folders like  Application Data, Print hood is it posible to change there attributes unhide and system and then delte these folders as i want that very time user  login the  profiles are created automatically

 

by: Machin__ShinPosted on 2006-11-07 at 21:53:12ID: 17895766

I've got a couple more Japanese Exams to do in the next few days. I will give you more advice after that.

 

by: pawankkPosted on 2006-11-09 at 08:06:54ID: 17907071

machin_Shin

 best of luck for ur exams buddy

waiting for ur exams to be succesfull
and then my probs will be sorted

 

by: pawankkPosted on 2006-11-13 at 08:22:12ID: 17930991

excpet mchin no one here to rply the queries ..i think machin  is  stil busy in exams

 

by: Machin__ShinPosted on 2006-11-22 at 21:23:57ID: 18001012

You can add the attrib command into the loging script if you want. But if you are trying to remove the entire profile every Login you will probably encounter the issue where the files are still being used.
 ( command = attrib *.* -s -h -r /s/d)
The users shouldn't mind seeing stuff from those directories and I doubt you want to redo the entire thing from scratch everytime. Just make it a set profile that you like on the roaming profile under non-cached mode and delete or clear said directories if you want to. but easiest is to make the profiles Mandatory.
In order to do it set up your profile as you like it change the ntuser.dat extension to NTuser.man and they cannot change the background or the registry for that user file.
And for cleaning your net files and what not maybe trial out

http://www.download.com/ZeroNetHistory-2005/3000-2248_4-10540287.html?tag=lst-0-2

I only hope I did well on my exams I think I passd all but maybe the listening. (totemo hayai hanasu koto desu yo)

 

by: Machin__ShinPosted on 2006-11-22 at 21:25:13ID: 18001016

Oh and by the way I should have mentioned the user can actually change the background and what not but when they log back in everything is reset.

 

by: pawankkPosted on 2006-11-23 at 21:02:41ID: 18005862

Machin
thanx buddy
 I have tried these attrib command before and was successful  in deleting other folder through log off script except  these folders Application Data, Local Setting,  and files Ntuser.dat, ntuser.log, ntuser.ini.

I have told u my purpose is that i want to refresh the profile and registry of each user. Will mandatory profile will work is there any resource for mandatory and roaming profiles and what is the difference between them.

 

by: Machin__ShinPosted on 2006-11-24 at 02:29:58ID: 18006687

A mandatory profile locks the User registry against change. It doesn't save it to the Profile on Lo off. And You can have Roaming Mandatory Profiles.

This should explain it and it should suit your needs.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/mandatory_user_profiles.asp

 

by: pawankkPosted on 2006-12-02 at 05:36:36ID: 18059608

Machin  

i  have renamed the individual

ntuser.dat located in c:\documents and settings\user1 folder to ntuser.man of each user but still the  changes made to
internet explorer
home page
internet explorer toolbars are still active  is there any way to disable them
secondly i want to  make the registry read only so that no  user changes are saved in registry of windows  is there any way out.

 

by: Machin__ShinPosted on 2006-12-05 at 15:56:52ID: 18081087

try logging out then logging back in......you might notice it's all back to the same.
In regard to the additional stuff those are controllable through GPO's.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...