In the previous post about the workplace and profiles (Workplace and Profiles) I spoke about the spoof profile executable I created. After that post I received a few questions about what the executable does. This post is to explain the working of the executable.

First of all, the program determines the SID of the user. The SID then is used to find the corresponding registry hive under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList it will then change the value of state to 644 which will trigger the User Profile Service to delete the profile when  the users logs off.

This way you can use local profiles instead of a mandatory profile which will save you in:

  • Time creating a mandatory profile
  • Update your mandatory profile after windows updates (because basically what is trapped in the mandatory profile won't be targeted at windows update)
  • Advanced configurations (it will work out of the box)


Comments powered by CComment