Spoof a Temporary Profile

Version 2

    Exchange ID

    AEL00059

    Description

    In some cases mandatory profile use is not possible or desirable. Perhaps you may need to selectively apply a non-persistent profile based on user or device but leave other users alone. In these cases you may want to use temporary profiles. Temp profiles pull from the default user profile and are destroyed at logoff.

    This configuration includes a variety of methods to determine the SID of the User. If Powershell is installed, then that framework is used. If not, the SID can be pulled from either a Registry location if the OS is Microsoft Vista or later, or from the WMI infrastructure. This configuration leverages an If-Then-Else Group Condition to determine the method, and then custom actions to retrieve the User SID. Then, at logoff, a Set Registry Value action is used to flip the profile type to temporary using the previously-obtained User SID, which tells the logoff process to destroy the profile.

    Additionally, a set of actions are provided in the Computer Startup node to disable the use of Roaming Profiles on the machine in question. These nodes are left disabled in the base config, but can be enabled by an administrator. If Temporary Profiles are put in use, then disabling Roaming Profiles for the machine can help avoid potential issues with corrupting profiles at logoff, stale profiles on the machine after logoff, and other ineractive issues. These settings use the native Group Policy actions.

    This configuration also includes a custom script to determine if Powershell is installed on a machine. This script could be useful in other situations.

    Download

    See Attachment : Spoof a Temporary Profile.zip (below)