Automatic removal of Windows Profile after logging off

This is a neat trick I’ve discovered after reading about it on the EduGeek.net computer forums. This trick is for domain environments, where it can be handy to remove the user profile clutter that builds up on a local workstation. It is also highly useful for schools, who don’t want local profiles to build up on computers for various reasons.

If you want the profile on the local computer to be deleted after you log off, get your account added to the Domain Guests group. After you log off, the profile is deleted. Next time you log on, it is a completely new and clean profile that is created. From what I understand, being added to the Guest group doesn’t alter any other permissions you have in other groups though.

Novell Netware has a similar feature that is called Volatile Profiles, which when used with Zenworks, removes the user’s profile from the computer after logging off. We have this enabled at my school, and it is something I’ve been looking to duplicate on a pure Windows platform without resolving to 3rd party software.

I’ve tested this with Windows Server 2003 and an XP Service Pack 3 client, so far so good. I’ve also just tested with Windows 7 client, which appears to work as well. I haven’t tested with Vista client, but I imagine it would work the same as Windows 7. Server 2008 domains should also have this benefit.

The only downside to the whole process is that log in times may be longer as the profile has to be created every time. I’m also not sure how this would affect cached log ins in case the network is down. Hard disk activity will also be a bit high during log in and after log off, but that shouldn’t be too big an issue depending on the computer.

Depending on your situation, this may be a nice trick to add to your arsenal in helping to keep workstations sanitized and controlled. The faster the workstation runs, the less complaints from everybody.

Microsoft Security Intelligence Report

Computer security seems like a never ending battle sometimes. You can never have enough layers of defence, your definitions can never be up to date enough, and you can never be paranoid enough. Threats seem to mutate almost daily. However, the days of threats making big waves in the mainstream news headlines appear to be over now. The threat landscape has changed.

Whereas before malware writers wanted to destroy your pc, these days they want to avoid that, since a “dead” pc is a pc not held to ransom or carrying out some other nefarious task the malware author wants done. A broken pc is of no use to these people.

I recently ran into an article that spoke about the Microsoft Security Intelligence Report, and about how some progress was being made in fighting malware. Curious, I went to go and download it. You too can get a copy by visiting www.microsoft.com/sir.

The report is quite long, but was quite interesting and even enlightening to read through. Compiled from statistics from its various anti-malware products, Microsoft has painted an interesting picture of computer security. I don’t know how accurate these numbers are, and I do know that without the statistics of the other anti-virus companies, the results are not a truthful reflection of the state of Windows computing.

The next version of the report should be quite interesting, as it will include data from Vista SP2, Microsoft Security Essentials and Windows 7.

In summary, the report vindicates what I’ve been telling friends for years about how much safer Vista was than XP. Vista has suffered far less attacks than XP. It has gotten to the point where attacks are being shifted into the application market, rather than attacking the base OS. Windows security has come a long way now, to the point where it is becoming harder for attackers to attack the base OS easily.

What it also points out is that by patching your computer, you can avoid some of the issues that have affected people. One example was that by simply having one patch, roughly 98% of attacks based though Microsoft Office would have failed to work.

I would highly recommend that if you are interested in computer security, that you take the time to read this report. It is well worth the time to do so.