Guest Profile Reset Setup

This guide outlines the configuration of a Windows 11 local account to function as a guest account. Each session is automatically wiped after system shutdown or restart, ensuring privacy and a clean slate for every user.

• 1. Overview
• 2. Tools Used
• 3. Setup Steps
• 4. Why It Works
• 5. Optional Enhancements
• 6. Troubleshooting
• 7. Conclusion

1. Overview

Objective: Create a stable, self-resetting guest-like user account for public/shared use in a reading room or conference space.

How it works (we will use “Padilla Reading Room” throughout this guide):

• A local account called "Padilla Reading Room" is created.
• The user profile is automatically deleted on each system startup using DelProf2.exe, ensuring no user data is retained.
• A Windows Scheduled Task runs this cleanup script with SYSTEM-level privileges.

2. Tools Used

• DelProf2.exe (by Helge Klein): Safely removes Windows user profiles, including file data and registry keys.
• Scheduled Task: Executes the profile reset script on system startup with elevated privileges.

3. Setup Steps

Step 1: Create the Local User

Run the following in an elevated Command Prompt:

net user "Padilla Reading Room" /add /active:yes

net localgroup Users "Padilla Reading Room" /add

Optionally set a blank password:

net user "Padilla Reading Room" ""

(Note: you can skip this if you create the account using “Other Users” in Windows Settings)

Step 2: Download and Place DelProf2

1. Download from: https://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/
2. Extract and place DelProf2.exe in: C:\Tools\DelProf2.exe

Step 3: Create the Cleanup Script

Create a new script: C:\Tools\ResetPadillaProfile.cmd

@echo off

echo [%date% %time%] Deleting Padilla Reading Room profile >> C:\Tools\ProfileReset.log

C:\Tools\DelProf2.exe /u /id:"Padilla Reading Room" >> C:\Tools\ProfileReset.log 2>&1

Step 4: Set Up the Scheduled Task

1. Open Task Scheduler as Administrator
2. Create a new Task (not Basic Task)
3. On the General tab:

• Name: ResetPadillaProfile
• Run whether user is logged on or not
• Run with highest privileges
• Change user/group: set to SYSTEM

On the Triggers tab:

• New trigger: At startup

On the Actions tab:

• Start a program: C:\Tools\ResetPadillaProfile.cmd

Save and exit

4. Why It Works

• DelProf2 cleanly removes both the profile directory and registry entries, preventing corruption or login errors.
• Running at startup ensures profile reset happens before any login, providing a fresh experience.
• SYSTEM privileges allow deletion of any local user profile without user interaction or permission issues.

5. Optional Enhancements

• Use Group Policy to restrict access to system settings or drives.

Restrict users from:

• Accessing Control Panel and Settings
  
  
• Opening Drives (like C:)
  
  
• Running Task Manager, CMD, or Registry Editor
  
  
• Installing/uninstalling programs
  
  
• Seeing admin accounts or other users' files
  
  

Applies only to the Padilla Reading Room user. 

1. Accessing Control Panel and Settings

Open gpedit.msc, then go to each of the following paths:

User Configuration > Administrative Templates > Control Panel

Setting: Prohibit access to Control Panel and PC settings

Action: Enable

1. Opening Drives (like C:)

User Configuration > Administrative Templates > Windows Components > File Explorer

Setting: Prevent access to drives from My Computer

Enable, then choose:

Restrict C drive only

Or Restrict all drives

1. Remove “Run”, “Command Prompt”, etc.

User Configuration > Administrative Templates > Start Menu and Taskbar

Remove Run menu from Start Menu → Enable

Prevent access to the command prompt → Enable

Remove access to the Shut Down, Restart, Sleep → Enable (optional)

1. Disable Registry Editor

User Configuration > Administrative Templates > System

Prevent access to registry editing tools → Enable

1. Disable Task Manager

User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options

Remove Task Manager → Enable

• TODO: Add wallpaper and desktop icons to Default profile to pre-seed new sessions.
• Auto-login into Padilla Reading Room account for kiosk-style use (optional)
• TODO: shorten login time
• remove privacy options on first login using custom xml

6. Troubleshooting

• Log not created? Ensure C:\Tools\ProfileReset.log path exists or script has write access.
• Profile not deleted? Check Task Scheduler history and confirm it ran as SYSTEM.
• DelProf2.exe not found? Double-check the path in the script.
• Still see old data after reboot? Make sure Fast Startup is disabled in power settings.

7. Conclusion

This setup ensures a secure guest login experience for shared spaces using native Windows tools and a lightweight utility (delprof2). It is ideal for reading rooms, labs, or conference stations where user data should never persist between sessions.