How can I make a user profile temporary?

Question

When you add a user to the Guests group, then login as that user, then open "Configure advanced user profile properties", the status for that user is "Temporary" instead of "Local".

How can set a user to have a temporary profile without adding them to the guests group?

Edit: This behavior is the same from Windows 2000 through Windows 10, but I'm mostly interested in 7 SP1 and 10 1607. I know about mandatory profiles and Shared PC Mode but I'm looking for a solution that doesn't use these.

Is there a reason you do not want to/cannot use the mandatory profiles and shared PC mode? — music2myear, May 16 '17 at 18:38
@music2myear Mandatory profiles take a lot to create and maintain, especially a large organization with multiple sites and OS versions. They also have issues with UWP apps and use network bandwidth. Shared PC Mode makes all profiles temporary--I only want some profiles temporary. The Guests group solution was perfect, but some Adobe software blocks guests. — Jason, May 17 '17 at 14:27
I notice that users under the local `Guest` group share the same permissions as the local `User` group. It may be possible to change some local Group Policy settings to grant the `User` group more permissions, so that they can use the Adobe software you are having trouble with. I cannot say how to accomplish this just yet, I would have to do some testing. — Cheesus Crust, May 19 '17 at 14:23
@CheesusCrust Users who only have "user" group permissions don't have the problem. Since you seemed interested in this aspect of it, it's Flash Professional CS6 and Media Encoder CC 2017 that we've found that blocks guest users. — Jason, May 19 '17 at 14:39

Steven · Answer 1 · 2017-05-25T18:05:48.700

Set the profile for a user to a read-only folder to force a temporary profile.

Temporary User Profiles (Windows)

A temporary user profile is issued each time an error condition prevents the user's profile from loading. Temporary profiles are deleted at the end of each session, and changes made by the user to their desktop settings and files are lost when the user logs off. Temporary profiles are only available on computers running Windows 2000 and later.

Step 1: Create Dummy Folder (once)

Create a new folder C:\Users\dummy
Leave empty with default permissions

Note: This folder is not accessible by default as it requires administrative approval to modify, even for Administrators. You can more explicitly force read-only by removing the Administrators permission from the folder.

Step 2: Assign Dummy Folder To Users

Create new user(s) as you normally would, if not already done
In an administrative command prompt, type the following for each USERNAME:
net user USERNAME /PROFILEPATH:C:\Users\dummy /HOMEDIR:C:\Users\dummy

Step 3: Rename Existing User Folder (Optional, Windows 10 only)

If Windows 10 cannot access the specified user folder (from Step 2), it will attempt to load an existing profile. To prevent this, rename an existing profile from USERNAME to USERNAME.old.

Notes:

When logged in, the user profile is displayed with Type: Roaming and Status: Temporary.
This works for everyone: Users, Guests, Power Users, and even Administrators.
This is not destructive and can be reverted easily without side-effects.
The user maintains all file permissions, including access to an existing user profile.
Tested on up-to-date Win 7 Enterprise and Win 10 Creators Update 1703, but it sshould work on Windows 2000 and later.

Windows 10 Note:

Windows 10 will display the following warning dialog upon logging on with an inaccessible (read-only) profile. Simply click Dismiss to continue.

I tried this on 1607 and get "You account has been disabled". I created a new user, logged in with that user, logged out, logged in as admin, made your changes, logged in with that user again, and got the error. I tried it a couple times. — Jason, May 23 '17 at 15:35
What is the purpose of unchecking and checking read-only on an empty folder? It says, "Only applies to files in the folder". If you add files to the folder _after_ doing this, those files aren't read-only. — Jason, May 24 '17 at 14:58
After creating the folder, the "Read-only" checkbox shows as indeterminate (solid square) which could be confused as checked. You must click the box twice to clear then check. Finally, there is no reason to put any files in the dummy folder. — Steven, May 25 '17 at 01:39
Yes, but you can't set a folder as read-only (only files). So if there's no files in the folder, there's no point of doing that. — Jason, May 25 '17 at 15:05
You are correct, and I removed that step. For an empty folder, the Read-only checkbox does nothing. It fails as a user profile, because it requires administrative approval to modify. Finally, the dummy folder should remain empty, as the only point of it is to be inaccessible to cause the user profile loading to fail. See edit — Steven, May 25 '17 at 18:12
The bounty specified no side effects. I didn't award the bounty because of the error message on login and that it also marks the profile as "roaming". Also, in my environment I couldn't get it to work at all, but I admittedly didn't try a new test environment. — Jason, Jun 01 '17 at 15:40

Jason · Accepted Answer · 2018-08-03T17:26:38.953

1

I came across the answer in a blog by Ralph Jansen, a Microsoft MVP. It requires changing a single registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[SID]\State to 0x80 (128 in decimal).

https://web.archive.org/web/20151218221641/https://ittechlog.wordpress.com/2014/06/27/switch-a-local-profile-to-temporary/

edited Aug 03 '18 at 17:26

answered Jun 08 '17 at 19:43

Jason

7,635
4
27
43

score 0 · Answer 3 · edited May 03 '22 at 23:10

Step 1: Make a normal account from admin, e.g. "Temp Account"

Step 2: DON'T make any changes to the permissions, leave it as a local account.

Step 3: Log in into the account you just created

Step 4: SWITCH the user back to the admin (Notice: Switch, not log out or lock)

Step 5: Go to C://Drive -> Users -> Temp Account

Step 6: Delete the entire folder

Step 7 (Optional): Remove from the recycle bin to avoid possible corruptions

Step 8: Log back in into Temp Account

Step 9: Log out of Temp Account, Then Log in again.

Step 10: You're set! Now this account will be automatically deleted every time you sign out of it and will not store any data unless copied to public folders. But it can still be chosen in the account menu.

I've worked with Windows a long time, and I had no idea this works this way. — music2myear, May 04 '22 at 02:22

How can I make a user profile temporary?

3 Answers3