Forum Discussion
New Profile-GPO not working like expected
We cannot use AAD. Our computers (on prem) domain-joined and users should get one default browser profile (C:\Users\<user>\AppData\Local\Microsoft\Edge\User Data) on first run and should stay with that profile.
Inside Edge-UI users should not able to delete (recreate) this profile. What exactly you mean with "signing into the browser"?
Signin: you can choose to signin with a Microsoft account in the browser profile. This way you can sync your settings.
Why wouldn't they be allowed to recreate this default profile? If you set policies, or even a master_preferences file, I don't see the problem or the harm of recreating this profile...
If you don't like using GPO, you can even set the configuration using Configuration Items and Baselines via SCCM.
If you don't have that, you can use a custom installation script to put the registry keys for the settings. Since it is in the HKLM Policy hive, users have no write permissions.
On top of that, the profile is stored in a userprofile writeable directory. Just delete the userdata folder, and voila, you have a new profile....
On profile creation a new "Profile 1" folder is created under C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data
But we sync Bookmarks file from C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data\Default which is then not use anymore.
So, our users browser profile must stay under C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data\Default