Any way to auto delete a user profile? Shared/restricted computer

Discussion in 'Windows 7' started by Myrrh, Feb 18, 2011.

  1. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,511
    627
    60
    I need help with figuring this one out, maybe I've been looking for so long I am overlooking the obvious.

    A bunch of standalone Win7 computers in a library (or coffeeshop or whatever). No servers, no domain.

    What we want is for anyone in the room to be able to sit down at a computer and log on, do stuff (we will configure some local policies to restrict what they can and can't do). This would be with either the guest account or a local standard user account with no password.

    Trouble is, if they change anything we want it to go away so the next person gets a "clean" experience.

    I think the easiest thing to do would be to setup the Default User profile with all the desired default settings so that any time a "new" user logs on it creates a "new" profile.

    The trouble is, how to automatically delete the profile whenever the user logs off or the computer is shut down. I found something called "delprof" but it's from the XP era. I found some stuff mentioning WMI and powershell but for that I am clueless. I found some reference to "Windows 7 Guest Mode" which is exactly what I want, but was scrapped before RTM.

    All I need is how to make it so when the user logs off, next time that user logs on they get a brand new profile as if they'd never used the machine before.

    Any ideas, thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. thethingy

    thethingy MDL Senior Member

    Sep 7, 2010
    301
    41
    10
  3. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,511
    627
    60
    SteadyState was discontinued and doesn't support Windows 7 at all.

    Not particularly interested in an expensive commercial solution when all I need is probably a script of some sort.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. DAz999

    DAz999 MDL Member

    May 19, 2007
    132
    40
    10
    this one is free and you can set it up to take snapshot and then restore to previous oeiginal snapshot thus returning your system to as it was before a user used it.

    comodo.com/home/data-storage-encryption/data-recovery.php

    this site, has some links to the white papers from M S on how to use group policy to configure your pc to steadystate

    news.softpedia.com/news/Windows-7-Steady-State-Alternative-Available-from-Microsoft-159484.shtml
     
  5. Enigma256

    Enigma256 MDL Senior Member

    Jan 17, 2011
    357
    309
    10
    #5 Enigma256, Feb 19, 2011
    Last edited: Feb 19, 2011
    Installing software? Writing scripts? Come now, let's not over-complicate things! ;)

    When Windows cannot access a user profile for any reason--e.g., a roaming profile residing on an unresponsive server, a local profile with screwed up permissions, a profile located on a disk that no longer exists, etc.--Windows will use a temporary profile that is automatically destroyed at the end of that login session.

    Once you know about this behavior, exploiting it is trivial: Create user "Test", create empty directory "\Users\Test", make sure the user "Test" has no write privs to that directory, sit back, relax, and enjoy the show.
     
  6. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,511
    627
    60
    #6 Myrrh, Feb 19, 2011
    Last edited: Feb 19, 2011
    (OP)
    Wow Enigma, talk about not seeing the forest for the trees. This is worth a big "DUH!" -- once I have tried it and found out how successful it will be. I will report back.

    edit: "DUH!"



    Basic testing was successful, except that when I create "test" first, then when the user logs on it creates "test.computername" so I think logging on once then denying access to the folder would be the "right" way to do it.

    here's a preliminary plan I will test for the client and see if this accomplishes what they want:
    • create the user
    • log on as the user
    • configure everything exactly the way it should be: desktop/theme, printer settings, networking, default save location, etc.
    • log off; log on as admin
    • apply the user's profile to the system default profile
    • deny the user to their profile folder
    • enjoy!

    If in the future they decide some setting needs changed, we just grant the user access to the folder and go through the steps again.

    Further, the popup that tells the user they logged on with a temporary file and nothing will be saved, was likely going to be my next question, how do I inform the user their changes will be lost? Solved. :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...