Problem solve Get help with specific problems with your technologies, process and projects.

Can a PC be set up to erase non-administrator profiles?

An administrator wants to know how to configure a PC used as a scanner so that it erases non-administrator profiles during the logoff process.

At our office there's a host computer used only as a scanner. Employees use it when they want to scan something, and log on with their own login names. When they log on as part of the office's domain, a new profile is created in the scanner PC and some information is stored on the hard drive.

The problem is that lots of people scan daily, and the things they scan are saved in "My Documents" but never used again, as people copy their files to their own hosts through the public hard drives.

Is there a way for me to configure the scanner PC so that it erases non-administrator profiles during the logoff process? I've looked at the options of gpedit.msc but can't find anything. I thought of creating a script and adding it to the logoff sequence but don't know how to do that.

There are several ways to do this. If this system is running as part of an Active Directory domain, set the number of cached profiles for that computer to zero. This is in Group Policy under Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Interactive Logon - Number of previous logons to cache.

Another is to use Microsoft's DELPROF tool as part of the computer's startup or shutdown script, which deletes all existing profiles except for the one currently running, but this might not work as well as the first solution.

A third possibility is to use a program like Norton GoBack, which can be used to regularly reset a PC to a given baseline state. This would not only take care of the issue of loose files, but everything else that might change, such as program settings or accidental changes to the system.

A fourth possibility, although it's probably the most expensive and inconvenient, would be to buy a scanning device that can transmit the resulting scans through your network. This way the scans could simply be sent to a person's mailbox without the need for a PC.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.