4

Is it possible to force windows to create profiles for members of one active directory group in a different folder from members in another active directory group?

The school here uses DeepFreeze to protect public computers. In a nutshell, DeepFreeze prevents all changes to a hard drive such that every time you restart the machine the disk is identical to it was at the time you froze it. This is a bit different than restoring to an image, in that it never really wrote changes to disk in a permanent way in the first place. This has a few advantages over images: faster recover times, and it's easy to thaw the machine for a few minutes to perform maintenance such as windows updates (which can even be automated). DeepFreeze also allows you to configure a "thawspace" partition, where changes are persistent across reboots.

One of the weaknesses of DeepFreeze is that you end up needing to create a new profile every time you log in, unless your profile existed at the time the machine was frozen. And even then, any changes you make to your profile while working on a frozen machine are lost.

As students have frequent legitimate needs to log in to our classroom machines, there is currently a lot of cleanup involved from time to time in removing their old profiles and changes, so I want to extend DeepFreeze to protect our classroom computers as well as public computers. The problem is that faculty have a real need to keep a stateful profile locally on these classroom computers. The solution I would like to use is to configure Windows via group policy (or even manually, if that's the way I'll have to do it) to place profile folders on the thawspace partition, but only for members of the faculty security group.

Is this possible?

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
  • What version of windows? Policies related to profiles changed quite a bit between XP, and Vista/7. – Zoredache Dec 15 '10 at 18:55
  • Mostly XP, but we will be adding some Windows 7 machines soon. If this is possible for Windows 7 only, I'd still like to know what is required. – Joel Coel Dec 15 '10 at 18:57
  • hmm don't think deepfreeze and AD were meant to work together. been awhile since I've looked but isn't there a gpo setting for removing profiles on logout? – tony roth Dec 15 '10 at 23:26
  • @tony The deep freeze administrator console will actually go to active directory and import it's machine list from your active directory groups if you want it to. – Joel Coel Dec 16 '10 at 14:32

2 Answers2

3

You could use roaming profiles (RP) in a slightly unusual fashion: configure the location of the roaming profiles so that they are stored on a local drive not affected by DeepFreeze. For example, set the roaming profile path like:

E:\Profiles\%UserName%

instead of the more ususal:

\\Server\Profiles\%UserName%

Alternative:

There are several products on the so-called "profile management" market. They basically work like this: During logoff, an exporter kicks in that exports all/changed/some files and registry keys to some sort of user store. During logon the exported data is imported.

You might want to check out Flex Profiles which used to be free (not sure about today).

Helge Klein
  • 2,101
  • 1
  • 16
  • 22
  • The problem with roaming profiles in this scenario is that deep freeze means you have to download the entire profile every time you log in, rather than just the differences as in the normal case. – Joel Coel Dec 24 '10 at 16:13
  • I added another possible solution: roaming profiles stored on a local drive not affected by DeepFreeze. – Helge Klein Dec 24 '10 at 20:37
  • That's an interesting idea -- I'll consider it. I think it'll still likely to copy the profile from the thawed drive to the C: drive on each login, but it should go much faster than via the network. I also want to avoid needing to create a matching drive on faculty office machines, which means extra work telling not to use roaming profiles for that group... but it bears investigation. – Joel Coel Jan 28 '11 at 04:46
0

My first thought is roaming profiles:

http://technet.microsoft.com/en-us/library/cc738596%28WS.10%29.aspx

Jeshizaemon
  • 204
  • 1
  • 2
  • 9