My lab setup:
1. Referance machine in my case a Windows Server 2008 r2 with XenApp installed on it.
Be aware: in case of policies: the setting “delete cached copies of roaming profiles” must be disabled,
if you use a referance machine where mandatory profiles are already used you can disable the mandatory profile by disabling the setting:
“use mandatory profiles on the RD session host server”
2. Administrator account ( local or domain )
3. Local account (throughout my lab mine will be called “Manprof”)
4. Windows Enabler V1 (downloads)
5. Share to store the mandatory profile
– I’m creating a mandatory profile to use in an environment where I’m going to use a workspace manager. Therefore my goal is minimize my mandatory profile because I will be managing all the user experience setting out of my workspace manager en GPO’s. If you’re not using a workspace manager pay attention to step 6 this is where you want to customize you profile for user experience.
– It is important that your reference machine is up to date on patches, and software update. Especially software which uses active setup.
Start
1. Let’s start by logging on to our reference machine with user: Administrator
2. Start local users an groups
3. Select new user and create your .\manprof account
4. Grant the user local administrator rights.
5. And you’re done, logoff en log back on using .\Manprof (or hostname\Manprof)
6. Customization
7. When you’re done customizing logoff en log back on with the administrator account
8. Create a share on your file server. Grant everyone read rights.
9. Select security tab, Set NTFS permissions for Authenticated Users and grant them Read & Execute rights (see example)
Also make shure you check if inheretance is enabled,
10. Go to your download folder and open Windows Enabler v1
11. Check your system tray and click on the enabler icon so it reads:
12. Open system properties
13. In the overview you will see all the locally stored profiles. You will also see that the copy to button is greyed out, click on it anyway
14. After your second click the copy to button will be selectable, now copy the profile to your created share. You can use the settings from the screenshot, or apply your own.
15. Browse to your share and select en click properties on “Manprof.V2”
16. Click advanced and click “change permissions”, now select the current rights and remove them.
17. Now you can select both security options and click apply, and at the acknowledgement you can click yes.
18. Now navigsate to your profile and navigate to AppData and delete LocalLow and Local
19. Browse to you’re share and select ntuser.dat and rename it to ntuser.man
20. Click Yes on all warnings en you’re done !