Computer-mandatory profiles stored on server

I have a single 2K domain with 2K and XPpro workstations.

Some of our workstations are shared by several users.  For these particular workstations ONLY, I want there to be a profile that is:
  1) specific and unique to that workstation
  2) comes up identically for all users that log on to that particular computer
  3) is stored on the server, for easier admin access & backup.

Setting up a profile locally under All Users or Default User has a couple of shortcomings:  2) is not satisfied because the users' individual desktop icons, etc., are appended to that of All Users, and 3) is not satisfied.

Roaming profiles satisfy 3) but not 1) or 2).

What I want is like a mandatory profile, but associated with *computers* not *users*.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi dv440,

there is no such thing as a "mandatory computer profile" you have roaming user profiles and thats it, you can create a default account on the machine that  is setup as you like and copy the profile to the default user, the settings will take effect the first time the user logs in and then will copy to their profile store on the server, but this will only work once and any mods they make will copy to their profile

you need to look at creating a stable profile and then locking down changes


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay Jay is right.

The closest you can get is a seperate user account for each machine and make it a mandatory roaming user profile (to prevent permanent changes), this satisfies 1,2 and 3 but adds the caveat that the user isn't using their own ID to log into those workstations.
Hi dv440

I agree with Jay Jay, but there is another was to overcome this hurdle. While creating group policies microsoft also thought of a similar scenario, in which users might have to user kiosk systems or terminal servers, but the administrators might not want them to be able to customize there profile on these computers. Therefore, Microsoft created a concept of Loopback processing mode of group policies. You just need to put all the shared systems in a seaprate OU & apply a new group policy with loopback processing mode enabled on it.

For further information regarding loopback policies, please refer :

Feel free to post any suggestions or queries.

dv440Author Commented:
I should add that I'm in healthcare, therefore HIPAA applies, which discourages shared logins.  So I need to add a 4th objective:
  4) users should log in with their individual domain username/password

I already know there is no simple way to this, from the book learnin' I did to get a MCSE-Security.  

I would consider third-party solutions, scripts, etc.

Thanks for the helpful replies so far, I will look into them.  
dv440Author Commented:
  5) It's okay if users add desktop icons, wallpapers, etc. to the profile once it is set up.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.