we have laptops that we give to users, but we don't want them to save anything or install anything anywhere on the laptop. if the laptop gets stolen we don't want anybody accessing any saved files. these laptops are part of the domain (but i've tried this after removing the laptop from the domain), so when they log in at the office they can use redirected MyDocuments folder, but the policy uses a proxy server, so when they take it home they have to use a local user account.we have provided secure flashdrives for people to use to save files.i' ve set the group policies to hide and restrict access to local drives abcd. i've set the common dialog box policy to only show the e drive for the flash (but the desktop still shows as the first thing in the drive list).msoffice and even notepad still allow saving to the desktop. how is that possible with the drive restrictions?i've tried to use delprof.exe in a shutdown/logoff script to delete profiles on logoff or shutdown with the /q /i /d:0 options, but profiles still exist.i've tried using the runas command in the script with a local administrator account (not administrator, and an account that has never been logged on) and even as 'nt authority\system' but it just appears to hang for a minute or five before the computer shuts down and doesn't delete the profiles. if i try to use it as a logon script the computer takes too long to boot and i get group policy timeout/load errors in the logs.i'm running XPSP3.so how can i delete profiles or files so our system isn't compromised?one simpler trick i tried that seems to work is running a logoff script that has the command 'del /q "c:\documents and settings\%username%\desktop\*.*"' (or "%userprofile%\desktop\*.*")as all the other apps and icons that should be on the desktop are either in the Default or AllUsers profiles, but i'm looking for a better solution if possible.any answers? is there a solution?and while i'm at it, is there a way to exempt certain users or groups from local group policies?

Hi, Can mandatory profile meet your requirement? When a user with an assigned a mandatory profile logs off from a computer, any changes to the profile are lost. How to assign a mandatory user profile in Windows XP http://support.microsoft.com/kb/307800/ Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Can mandatory profile meet your requirement? When a user with an assigned a mandatory profile logs off from a computer, any changes to the profile are lost. How to assign a mandatory user profile in Windows XP http://support.microsoft.com/kb/307800/ Hope it helps. This posting is provided "AS IS" with no warranties, and confers no rights. i've already set the GPO to 'do not save changes on exit' but it doesn't delete any saved files. the solution i used works for that:one simpler trick i tried that seems to work is running a logoff script that has the command 'del /q "c:\documents and settings\%username%\desktop\*.*"' (or "%userprofile%\desktop\*.*")as all the other apps and icons that should be on the desktop are either in the Default or AllUsers profiles this still doesn't explain why delprof isn't working they way i thought it would. and the problem with that is when the profile is deleted and MSOffice starts in a new profile it wants to 'set up' and looks for installation files, which are on a server they won't have access to. we don't want to copy the installation files to the laptop if we don't have to.