Q

Can a PC be set up to erase non-administrator profiles?

An administrator wants to know how to configure a PC used as a scanner so that it erases non-administrator profiles during the logoff process.

At our office there's a host computer used only as a scanner. Employees use it when they want to scan something, and log on with their own login names. When they log on as part of the office's domain, a new profile is created in the scanner PC and some information is stored on the hard drive.

The problem is that lots of people scan daily, and the things they scan are saved in "My Documents" but never used again, as people copy their files to their own hosts through the public hard drives.

Is there a way for me to configure the scanner PC so that it erases non-administrator profiles during the logoff process? I've looked at the options of gpedit.msc but can't find anything. I thought of creating a script and adding it to the logoff sequence but don't know how to do that.

There are several ways to do this. If this system is running as part of an Active Directory domain, set the number of cached profiles for that computer to zero. This is in Group Policy under Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Interactive Logon - Number of previous logons to cache.

Another is to use Microsoft's DELPROF tool as part of the computer's startup or shutdown script, which deletes all existing profiles except for the one currently running, but this might not work as well as the first solution.

A third possibility is to use a program like Norton GoBack, which can be used to regularly reset a PC to a given baseline state. This would not only take care of the issue of loose files, but everything else that might change, such as program settings or accidental changes to the system.

A fourth possibility, although it's probably the most expensive and inconvenient, would be to buy a scanning device that can transmit the resulting scans through your network. This way the scans could simply be sent to a person's mailbox without the need for a PC.

This was first published in October 2006

Dig deeper on Microsoft Group Policy Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close