One of my education clients encountered an interesting use case: in an exam environment, specific users needed to consistently use freshly created user profiles.
While this might seem like a typical scenario for mandatory or shared profiles, certain constraints – such as Office shared activation and synchronized users – prevented us from using those configurations. As a solution, we implemented a scheduled task that runs at computer startup to clean up these specific user profiles. This straightforward scripting approach effectively addressed the issue.
This scheduled task script, which removes the specified user profile, you can find in my GitHub repo: https://github.com/AkosBakos/Blog/blob/main/RemoveUserProfile.ps1
The next challenge was how to quickly apply user-related settings from Intune. Imagine that during an exam, after the login process, users must already have settings for Edge, Office, File Explorer, and other applications. Waiting for the first Intune synchronisation to occur is not feasible in this time-sensitive context. To address this, we developed a script that “hives” the NTUSER.DAT file, makes the necessary changes, and then removes the previously created hive. As a result, every newly logged-on user receives these new registry keys, applied from the modified NTUSER.DAT file.
Find this script below: https://github.com/AkosBakos/Blog/blob/main/SetDefaultHKU.ps1
PS: these registry key paths you can find in the https://admx.help or in the https://admx.help/?Category=Windows_11_2022
However, there are significant drawbacks to this approach. First, whenever new user-related settings are developed in Intune, we must include them in the NTUSER.DAT file and reschedule the script.
Second, due to the creation of new user profiles, the login process experiences a slight delay.