Solved

group policy mandatory profile

Posted on 2009-05-03
3
1,048 Views
Last Modified: 2012-05-06

Dear experts

I have mandatory profile and it is working fine and I add some group policy to the user that I want them to be applied to tighten the security ,but the group policy does not applied  , I read that if have mandatory profile you can not apply group policy ,

there is any work around to get the group policy applied?

Fast response is appreciated
0
Comment
Question by:M_omeir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24290659
You can not apply changes to a mandatory profile after you you make the profile mandatory.

It would defeat the purpose of making it mandatory.

You need to rename the file and folder back to normal apply changes and then make it mandatory again.



zf
0
 

Author Comment

by:M_omeir
ID: 24309620
thanks

but i want to modify through group policy there is no way to do through script
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24309844
I know this is not what you want to hear but your best/safest/most reliable way to handle this is to make
the profile NON mandatory long enough for the policy changes to update and then return it to mandatory.

(I do this myself as needed by changing the users password logging in myself applying changes and logging out and then give the user a new password)  

There is no other way that is reliable(that Im aware of)....once you rename the ntuser.dat to ntuser.man it is locked from changes from: the OS/the user/GPO's etc...


The one and only option that I know of but had more troubles then success with
is to manually edit the ntuser.man(dat) file and the time involved is much longer then the above.

By loading the ntuser.man(dat) hive by hive and key by key into regedit or using regeditpro(never used it just read about it) you can make changes directly to the file itself.

regeditpro(not an endorsement just a google search find)
http://www.robotronic.de/regedit/index.html


zf
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question