How to create a group policy to NOT create a local user profile?

Question

I am targetting to make certain domain joined PCs into thin clients by customer order, I want these PCs to not store local profiles for users that would log in to them. Instead, they would use the default user profile, will not be able to save a thing into "My Documents" but will be able to launch a set of predefined apps that also dump temporary files to AppData folder. I'm searching for a group policy solution to disable creating the actual profile for a logged in user, so that those temporary files would not get stored permanently.

What settings should I enable/disable in group policy so that user profiles will not be created on the system? A temporary profile is fine, as long as it gets deleted once a user logs off.

score 0 · Answer 1 · answered Aug 22 '17 at 14:09

0

Have you considered using Mandatory user profiles? Mandatory user profiles causes profiles to be read only so that accounts using them cant save info to the Client.

https://docs.microsoft.com/en-us/windows/client-management/mandatory-user-profile

answered Aug 22 '17 at 14:09

Michael Brown

3,254
2
11
11

Hmm, actually after reading some more I now consider guest rights instead. Most likely that would satisfy. – Vesper Aug 22 '17 at 14:18

score 0 · Accepted Answer · answered Aug 22 '17 at 15:53

0

Add the user you want in the local Guest group. The PC will create a temporary profile and erase it at logoff for member of that group. its by design

answered Aug 22 '17 at 15:53

yagmoth555

16,758
4
29
50

Gonna test that in a few days. Using Restricted Groups group policy to stuff a domain group into guests. – Vesper Aug 23 '17 at 06:57
Yep, this did the main trick. – Vesper Aug 26 '17 at 18:42

How to create a group policy to NOT create a local user profile?

2 Answers2