Shared User Profile in Windows 7

Posted on 2014-03-07
Last Modified: 2014-03-24
I work for a university and manage several computer labs. We use a product called Deep Freeze which resets the system state every time the computer is restarted so that no changes the students make stick. This has been very useful while we have been using a generic account for lab use but we are in the process of changing the login process of our labs so that each student logs in using their own unique Active Directory account. This has presented me with a problem because the default profile I've created for this is very bloated but necessary and causes very slow login times for the students (up to 10 minutes). Since the computers are in a frozen state, they have to go through this process every time they login since their profiles are thrown out with every reboot. The default profile needs to be this large because of the large variety of software that is installed and the amount of first use configuration that would need to be done one each application if I used a clean default profile.

What I would like to do is set the workstations in my labs to use the same user profile folder with none of the copying that happens when using the default profile with every user that logs in or have all AD users somehow redirect to an existing local account. ForensIT has a third party app that does this but I don't have the budget to purchase it for all of my lab computers so I need a manual solution. The change needs to happen at the workstation level and not the AD level because this would only be used for labs inside my building and not throughout the rest of the university.

I tried using a script that another tech here at the University wrote that set the default profile to use a bunch of symbolic links to  folders outside of the default folder but the links don't copy over to the user profile when a new user logs in. I've copied the original version of the script below.

mkdir c:\users\Default\AppData\Local
mkdir c:\users\Default\AppData\Roaming
mkdir c:\users\Default\AppData\LocalLow
:: Make the directories
xcopy c:\windows\web\AppData\Local\Mozilla c:\users\Default\AppData\Local\Mozilla\ /e /y /v /h /r
xcopy c:\windows\web\AppData\Local\Google c:\users\Default\AppData\Local\Google\ /e /y /v /h /r
xcopy c:\windows\web\AppData\Roaming\Mozilla c:\users\Default\AppData\Roaming\Mozilla\ /e /y /v /h /r
xcopy c:\windows\web\AppData\Roaming\Microsoft c:\users\Default\AppData\Roaming\Microsoft\ /e /y /v /h /r
:: Copy four full directories and place them into the specified location. Even if the dir is empty
dir /B c:\windows\web\AppData\Roaming >> c:\users\Default\AppData\Roaming\roaming.txt
dir /B c:\windows\web\AppData\Local >> c:\users\Default\AppData\Local\local.txt
dir /B c:\windows\web\AppData\LocalLow >> c:\users\Default\AppData\LocalLow\locallow.txt
::Get the information in the directories, names only. Append it to those files
for /f %%i in (c:\users\Default\AppData\Roaming\roaming.txt) do (

    mklink /h "c:\users\Default\AppData\Roaming\%%i" "C:\windows\web\AppData\Roaming\%%i"

:: copy all folders in .txt to that path, no duplicates
for /f %%i in (c:\users\Default\AppData\Local\local.txt) do (

    mklink /h "c:\users\Default\AppData\local\%%i" "C:\windows\web\AppData\local\%%i"

:: copy all folders in .txt to that path, no duplicates
for /f %%i in (c:\users\Default\AppData\LocalLow\locallow.txt) do (

    mklink /h "c:\users\Default\AppData\LocalLow\%%i" "C:\windows\web\AppData\LocalLow\%%i"

:: copy all folders in .txt to that path, no duplicates
DEL c:\users\default\AppData\Local\local.txt
DEL c:\users\default\AppData\LocalLow\locallow.txt
DEL c:\users\default\AppData\Roaming\roaming.txt
::Clean up the mess
ECHO Double Check the Directories, We will wait
:: Tell them to double check the work.
::Wait for them and ask to exit

Are there any suggestions on how I should proceed with this?
Question by:Ins0mniac81
  • 6
  • 3
LVL 28

Expert Comment

ID: 39913895
It's taking so long because you're manually copying every file and recreating it.  Have you though of just using mandatory profiles?

Create the profile you need and once it's set the way you like it, rename NTuser.dat to

That's the way it was done way back in the NT4 days and it still works.  I used to set that for certain account groups.  If you have group policy, you can set accounts to use that mandatory profile as well.

Author Comment

ID: 39914636
I had thought that mandatory profiles also made a copy the first time a user logged in. If that's not the case then this would be what I'm looking for. How do I implement that for all users locally without adding it to the AD user profile?

Author Comment

ID: 39914638
Is it a setting in the local group policy that I could gain access to through gpedit.msc?
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 28

Expert Comment

ID: 39915318
If you use mandatory profiles, you don't have to reset the system every time the user logs out.  The mandatory profiles prevent the settings from taking effect.  Every time the user logs out, then logs back in, it's reset to the default mandatory profile.  You would only have to run deep freeze once per semester, although you'd probably need a new image with all the patches by the next semester.  The profiles don't get deleted each time and the students will have rather quick log after the first one.  You should still limit the profile size in active directory.

You could also run delprof.exe (which used to be in the Windows resource kits) and remove the profiles if the disk gets too full.  Roaming profiles normally get deleted, but they remain on disk if someone reboots the system without logging out first.  I had to do that when I was still working with 9 GB SCSI disks just 5 years ago.  There was 1 GB of free space available, which was just enough for 30 different lingering profiles which had to be periodically cleared.  I was glad when they finally replaced those systems.

The environment I worked with had a mix of mandatory, local, and roaming profiles.

I'm not sure about your last post.  Are you asking about how to create a mandatory profile?  You log into one account.  Set everything the way you want.  Log out of the account.  Rename that account's NTuser.dat to  When you create accounts, point the profile file to the on the master account.

You can also load the or NTuser.dat hive to temporary hive in your registry, make the registry modifications then export it back.  This requires a much deeper understanding of the registry

Here's some background on mandatory profiles.

Author Comment

ID: 39917327
Thank you Serialband for the suggestion. Now that I understand it a bit further, this is not what I'm looking for. There are a few reasons. First, Deep Freeze is a program that runs constantly in order to maintain the current frozen system state and cannot be run to restore the system to a previous state. It prevents changes to the system as a whole and not just to a profile as it seems a mandatory profile does. Also, it seems that you are saying that I would need to create a local account and point it to the mandatory profile. The computers are on a domain and are free for any domain user to log into and so I would need a solution that works for any user that might log in. My own understanding of roaming/mandatory profiles leads me to believe that the only way to use a mandatory profile in a way that might be useful in my circumstances would be to add the profile to each account at the AD level. Unfortunately, I can't do this as this profile would only apply within my building and the students need to be able to log into the labs in other building which are supported by different teams.

What I really need is some way to assign a group to an existing profile at the local level so that a profile does not need to be created at each login (since each login is essentially a first login due to Deep Freeze maintaining a frozen system state). Either something like this or a way to drastically reduce the size of the Default profile by redirecting things like Appdata and Documents to a central folder as I attempted to do with the symbolic links in my attached script.

Thanks you!

Author Comment

ID: 39923321
Can anyone else offer a suggestion?
LVL 28

Expert Comment

ID: 39923773
Microsoft had Steady State for XP, but they have alternatives for Windows 7.  You could try Windows Automated Installation Kit (WAIK) and the Microsoft Deployment Toolkit (MDT)

Accepted Solution

Ins0mniac81 earned 0 total points
ID: 39939396
Its not a perfect solution but I've had some limited success using a slightly modified version of the script I pasted into the original post to set all of the AppData folders in the Default profile to junctions to a separate location on the HD (I had to modify it to recognize the folder name spaces in the text files). Then using a startup script using ln.exe found here ( to copy the junctions to the new account manually.

ln --splice --copy c:\users\default\appdata %userprofile%\appdata

There are still a few bugs to work out since Autodesk products are still treating it as if it is their first time being run even after this process.

Author Closing Comment

ID: 39949790
This result is still imperfect but better than nothing.

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question