Forum Discussion
New Profile-GPO not working like expected
Thilo Langbeinand abadiya , can this setting help you?
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#nonremovableprofileenabled
This creates a non removable profile with the work- or schoolaccount….
But we don't use a microsoft school- or work account.
Thilo Langbein, ok I understand... I was under the impression you had, since it was posted in the "enterprise" board....
Then I don't know how to work around it....
Anyway, what is the reason you would like to remove the "delete" option?
You can also force the users to sign in...https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#browsersignin
I guess they will at least have one profile....
We cannot use AAD. Our computers (on prem) domain-joined and users should get one default browser profile (C:\Users\<user>\AppData\Local\Microsoft\Edge\User Data) on first run and should stay with that profile.
Inside Edge-UI users should not able to delete (recreate) this profile. What exactly you mean with "signing into the browser"?
Signin: you can choose to signin with a Microsoft account in the browser profile. This way you can sync your settings.
Why wouldn't they be allowed to recreate this default profile? If you set policies, or even a master_preferences file, I don't see the problem or the harm of recreating this profile...
If you don't like using GPO, you can even set the configuration using Configuration Items and Baselines via SCCM.
If you don't have that, you can use a custom installation script to put the registry keys for the settings. Since it is in the HKLM Policy hive, users have no write permissions.
On top of that, the profile is stored in a userprofile writeable directory. Just delete the userdata folder, and voila, you have a new profile....