Active Directory/Documentation/Using Common Accounts
In ECE, we switched off the common accounts a while back -- all of the studentknows login with their UnityID/passwd. Currently, we're not stopping them from writing within that local profile, as its unique to each login, but we've considered it. Student know that we can reinstall the machines at will, so they know not to use it for storage. Plus they all only have 'user' privs, so they can't do much damage.
The teaching lab machines frankly haven't been enough of a problem (we have ~200) to warrant our spending much more time on them -- once they're setup, we generally don't hear about them unless software needs installing, or a drive dies. Then we reinstall them at the end/start of the semester.
We're looking at profile cleanup/deletion scripts for use in public labs... it's much more critical to clean out the computers in those situations. CNR is currently leading the way on that since they're looking to supplant WolfPrep even faster than we are.
Ntuser.man --- certainly an option. While everyone is using the common account, probably a necessary one. Ntuser.man is easier to manage with roaming accounts/common domain account. While not normally a fan of roaming accounts, it makes sense in this case, assuming all of your lab machines are desktops always on the network.
- Create the profile you like. Save the ntuser.dat as ntuser.man in a shared location, identified by the account that will use it.
- Create the common domain account (limit it to the 30 lab workstations).
- Update the account to use the roaming profile -- point at the shared location of ntuser.man.
Rinse and repeat for your other accounts. (detailed instructions here -- yes, old, but better than my 1,2,3)