- one admin account
- one shared/public user account (
- admin account on boot drive
- shared account has all libraries moved to second drive/partition
- data/scratch disk is mapped as
MakeItZoneuser has a public directory on the
sharedluggageNAS mounted as
- users can mount their own share from the
- added a login notification re being a shared computer
Backup & Restore
- only boot drive/partition (OS + admin account) are backed up
- backup’s using Veeam
- backed up to NAS
- Restore not tested yet(!)
- Tried Win 10 Advanced System Settings->Profiles; copy option is not available
- Tried Win 7 backup, configured to only back up
- restore failed to work; didn’t copy user registry hive.
- complete pain to disable; have to manually remove scheduled tasks and remove registry entries
- pseudo backup: common short-cuts, etc can be saved on a shared drive and copied back
- restore/cleanup: delete files/copy templates, remove and recreate account
- will have to update permissions for
- will have to reinstall apps that install into Users profile (eg Fusion 360 default install is per user.)
- will have to update permissions for
Moving User Accounts to Second Partition/Drive
Windows (10+?) may break if
User directory, or a user’s home directory, is moved and (hard) linked.
Recommended process is to move the location of all the ‘libraries’ (
- Create a destination directory, e.g.
- Correct/adjust it’s
securitysettings to be similar to
- otherwise users will be able to see data of every user account
- will need to use the
advancedsecurity settings to disable/control permission inheritance
- Create sub-directory/directories for each user that will have their libraries moved
- Adjust each sub-directory’s permissions so that only
Administrators, and that user have
full control. No other user/group should have access.
- login as the user to move
- In explorer go to
- Show hidden files.
- Go into
- right click-> properties on each of the folders. If it has a
locationtab, change the location to your new user directory created above. (Different versions of windows have different parts of the
AppDatasystem as libraries…)
- Repeat the above for every other directory in
Mounting Shares With Different User Credentials from the Same File Server
Windows clients only allow a single user credential for any shares from a given file server.
However, it is based on the DNS name/IP address. You can work around this by setting up aliases for your file server.
Adding a Log in Notice
- a guest account that is destroyed on logout, and to create system accounts if/as needed
- login banner
An excellent program, but a little heavy for our situation- especially as any updates to apps or windows have to be done with it disabled (and then update the baseline image when re-enabling.)
- baseline backed up or snapshot used, unless short term throw away instance
Managing Windows Activation
E.g. to create a baseline VM that is deployed ready to be activated (licensed) for use.
- modifying default profile via
- remove local profile at logoff- https://getadmx.com/?Category=Vmware_UEM_FlexEngine&Policy=VMwareUEM.Policies.FlexEngine.Advanced.8.6::RemoveLocalProfileAtLogoff
- creating mandatory profiles on windows 10
- Create a Guest Account in Win10
- mandatory vs local profiles on win10
- Change Login Screen Background on win 10
- Group Policy in Windows
- create local mandatory profile
- manage win 10 start and taskbar layout
- create mandatory user profiles
- setting win 10 machine to wipe after each logout
- log off after idle
- even if not activated, can change windows 10 desktop and lock screen images via photos app. Download and open the image, then use the options in the ‘…’ menu.
- suspect changing lock screen image for default profile will also change the default image