Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

group policy mandatory profile

Posted on 2009-05-03
3
1,036 Views
Last Modified: 2012-05-06

Dear experts

I have mandatory profile and it is working fine and I add some group policy to the user that I want them to be applied to tighten the security ,but the group policy does not applied  , I read that if have mandatory profile you can not apply group policy ,

there is any work around to get the group policy applied?

Fast response is appreciated
0
Comment
Question by:M_omeir
  • 2
3 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24290659
You can not apply changes to a mandatory profile after you you make the profile mandatory.

It would defeat the purpose of making it mandatory.

You need to rename the file and folder back to normal apply changes and then make it mandatory again.



zf
0
 

Author Comment

by:M_omeir
ID: 24309620
thanks

but i want to modify through group policy there is no way to do through script
0
 
LVL 12

Accepted Solution

by:
zoofan earned 250 total points
ID: 24309844
I know this is not what you want to hear but your best/safest/most reliable way to handle this is to make
the profile NON mandatory long enough for the policy changes to update and then return it to mandatory.

(I do this myself as needed by changing the users password logging in myself applying changes and logging out and then give the user a new password)  

There is no other way that is reliable(that Im aware of)....once you rename the ntuser.dat to ntuser.man it is locked from changes from: the OS/the user/GPO's etc...


The one and only option that I know of but had more troubles then success with
is to manually edit the ntuser.man(dat) file and the time involved is much longer then the above.

By loading the ntuser.man(dat) hive by hive and key by key into regedit or using regeditpro(never used it just read about it) you can make changes directly to the file itself.

regeditpro(not an endorsement just a google search find)
http://www.robotronic.de/regedit/index.html


zf
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question