1. Let’s start by logging on to our reference machine with user: Administrator
2. Goto your Mandatory profile share, and select all the files and folders you don’t want in your mandatory profile.
3. This is the part you will as an admin repeat many times, rename your ntuser.man back to ntuser.dat
4. Now start the registry editor with admin credentials.
5. Presented with the console select users. Now goto the top menu and select File and next click Load Hive
6. Select the ntuser.dat from your mandatory profile
7. When presented with the question how you want to name the loaded hive, teach yourself to always choose a recognizable name. In my case it’s: .manprof
8. First point on the registry agenda: setting security rights make shure that everyone has full control
9. Now it is time to start the cleanup. First select the mandatory profile hive then select search. Enter the name of your mandatory profile and hit search.
10. Search the hive for the username of the user used to generate the hive and delete/replace the values as appropriate.
11. Delete all the subkeys of : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Because the key contains various path’s to the generated user’s local cached profile folder, it will cause issues when you delete the intire key, instead deleate all sub components.
12. Make shure you check the following locations for any unwanted autoruns.
13. Delete the following keys so you won’t have any interference with your companies GPO’s
14. Go to the root of users, and select your “recognizable name” In my case this was .manprof and select from the file menu unload hive
14. Rename your ntuser.dat back to ntuser.man
15. You can delete all temp files, as shown in the image above.