This information is relevant mainly for Win-XP (through Service Pack 2); it has not been checked against later versions of Windows. In fact, it's likely overly intricate -or even incorrect- for more recent versions.
Windows user configurations can be per-individual, per-machine, or per-network. Per-machine configuration, where all users of a computer saw the same configuration, was true of Windows 3.1 and even to a considerable extent Windows 9x. Giving each user their own configuration which follows them to different computers on a network is a function of Windows XP Professional Edition (and Windows 2000 ?).
The per-individual over the entire network "roaming profiles" configuration can work reasonably well, and is used by some school administrators. But it still has problems. Chief among these is it isn't clear how to make use of it in a mixed environment where some of the older client computers run a version of Windows that doesn't provide support for roaming profiles. (Having all clients run Win-XP (or Win2000 ?) is an impossibility for many schools.) Other problems are:
Administrators may desire that each user have their own login credentials, yet that all users who use a particular machine will get the exact same configuration. In other words they desire a configuration intermediate between per-machine and per-user. What's needed to do this is to preset a Generic New Account template so every user that logs in to the computer will start with a copy of the same configuration. Such a configuration is possible with Windows XP Professional Edition (or Windows 2000 ?); in fact doing so is even documented by Microsoft.
To use a per-machine (or per-network) Generic New Account template, first turn off "roaming profiles". Start the Group Policy Editor (one way to do this is to Start->Run gpedit.msc). Navigate down into [Local Computer Policy / Computer Configuration / Administrative Templates / System / User Profiles]. Enable both [Only Allow Local User Profiles] and [Prevent Roaming Profile changes from propagating to the server].
(Most [but not all] policy settings are implemented by one or more registry entries. For example one of the roaming profile settings above is in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon registry key. However it is very strongly recommended you change these settings with the Group Policy Editor rather than making changes directly in the registry. Using the Group Policy Editor is much less confusing, much less prone to error, and can provide intelligent feedback about interaction with other features. Also, the Group Policy Editor is Microsoft's current method of administering systems, and has options to affect a whole group of machines rather than just one at a time.)
To set up a Generic New Account template:
Once the Generic New Account template is set up the way you want it, delete all the other user profiles (except "All Users" and "Administrator" and any other fixed local users and of course your model user). This will cause all users to be treated as "new" users and given a copy of the Generic New Account template the next time they login.
You can even compel every user to get a fresh copy of the Generic New Account template on every login by arranging that their profile disappears before they login again. You might do this with a "reboot to restore clean" utility such as DeepFreeze. Or you might do this with a logout script. But don't do it unless you've provided users with some other place to store their files and ensured they're using it. Deleting a user's profile will also delete their My Documents folder and all its contents, which will cause great upset among users unless they store their files somewhere else.
Note well that if a user profile already exists (either as [possibly cached] local files, or as a "roaming" profile), it will supercede your Default User settings. In fact if roaming profiles are enabled and you test with a user account for which a profile already exists on the network, your tests will seem to indicate that Default user doesn't work at all.
This extra procedure is only for exceptional cases and should simply be skipped most of the time.
The profile you just copied includes not only many settings in files but also registry hive data which will be loaded as HKEY_CURRENT_USER whenever a user uses the Generic New Account template.
Very occasionally a setting you wish to be machine-wide is in HKEY_CURRENT_USER, and once in a while you'd like to make one or two more changes after setting up the Generic New Account template. If you know of particular registry settings you want to make, simply make changes under HKEY_CURRENT_USER when you're setting up one particular user exactly as you wish and are logged in as that user. Then when you copy the entire profile to the Generic New Account template, you'll copy those registry settings too. On the other hand here's how to make one or two more changes to the Default User registry settings after copying everything into the Generic New Account template:
If you propose significant changes to the registry, you should re-do the entire procedure of creating a Generic New Account template, which will supply an entirely new registry hive file. Use the above procedure only for making a very few tweaks.
When a user logs on and doesn't already have a profile, Win-XP (and Win2000 ?) will first look for %LOGONSERVER%\NETLOGON\Default User and use it as a template if it exists. Only if it doesn't exist (the common case) will Win-XP (or Win2000 ?) then use the local \Documents and Settings\Default User. You can use this fact to set up a Generic New Account template for an entire network.
Create the contents of the network-side template by setting up one user exactly as you wish then copying that entire template --including the user's registry hive-- to %LOGONSERVER%\NETLOGON\Default User.
You could customize your approach to Generic New Account templates --or even profiles for existing users-- with a "login" script.
You could point parts of the user's profile, such as their file repository, to some location outside of their profile.
Hopefully this important topic has improved considerably in recent releases. For current information straight from the horse's mouth see:
Although the technique described above on this page wasn't as widely known as other Windows management tips, it was completely legitimate (even recommended). And it was documented and explained in several places: