Squashed commit of the following:

commit 92144840b97184dcd93c78c2adf2981e125072b6
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Tue Aug 30 11:00:32 2016 -0700

    add to change history

commit ee9db211edd9b62d1fd4b2f82876c8eea2846aae
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Tue Aug 30 10:48:18 2016 -0700

    fix typo

commit b2b7cf062ca382a7a3fe5ce58452febc2bf5daae
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Tue Aug 30 10:36:11 2016 -0700

    done!

commit 116c53893b05a7f8214a72fb547a644ff2b50477
Merge: 35210cd c25b09a
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Tue Aug 30 07:29:28 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit 35210cdfc50623860a829c7a3aeb1bdd5c393c79
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 14:23:38 2016 -0700

    in progress

commit 6eb8448733b35410fb0a05e1442a909d74266cc9
Merge: 35f733c fd771a1
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 12:55:05 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit 35f733ccfc76f1f73caf31cf04103cb3be388e67
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 11:17:09 2016 -0700

    commit change

commit 4e239cb9b56bdf579eb5fea678d7d3d705bce11c
Merge: 981e445 47c3a03
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 11:16:56 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit 981e445e1996b7805f4f6f82a74699235c74edba
Merge: e433ef3 8722997
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 07:52:15 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit e433ef3bd8df2222c1dbb280c6079841e071eb6f
Merge: b19f024 4e219b5
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Mon Aug 29 07:13:57 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit b19f024bfb3d2dc064a8a18aec143e71b5f0d011
Merge: b0aeb68 7a53b06
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Fri Aug 12 10:21:23 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit b0aeb6810a263237c34fb49bda1de9f6e789237e
Merge: c1db7b7 ce1c105
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Fri Aug 12 08:10:13 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit c1db7b70ff188e4ac861a070671acd8ca106e64e
Merge: 90e973c bc6ea5a
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Thu Aug 11 14:42:12 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit 90e973c05481680aca8af3285b17bdbfc8e668e6
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Thu Aug 11 14:41:28 2016 -0700

    daily sync

commit ec65de0f785f359b26785131d858fc5568edbd20
Merge: 4f4fa84 83ed096
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Thu Aug 11 12:33:33 2016 -0700

    Merge remote-tracking branch 'refs/remotes/origin/master' into jdmp

commit 4f4fa84be789333394d057c6ac4ff92a6e2902b5
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Thu Aug 11 12:32:58 2016 -0700

    add Warren feedback

commit 7211af1feb6acb0f8b71cbd0c0d0b73290a1a893
Author: jdeckerMS <jdecker@microsoft.com>
Date:   Thu Aug 11 11:54:19 2016 -0700

    New fork for mandatory user profile

windows/manage/TOC.md

@@ -16,6 +16,7 @@
 ### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 ### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 ### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
 ## [Lock down Windows 10](lock-down-windows-10.md)
 ### [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)

windows/manage/change-history-for-manage-and-update-windows-10.md

@@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 
 | New or changed topic | Description |
 | --- | --- |
+| [Create mandatory user profiles](mandatory-user-profile.md) | New |
 | [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
 | Application development for Windows as a service  |  Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)

windows/manage/index.md

@@ -44,6 +44,7 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)</p></td>
 <td align="left"><p>Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes.</p></td>
 </tr>
+<tr><td><p>[Create mandatory user profiles](mandatory-user-profile.md)</p></td><td><p>Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings.</p></td></tr>
 <tr class="odd">
 <td align="left"><p>[Lock down Windows 10](lock-down-windows-10.md)</p></td>
 <td align="left"><p>Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.</p></td>

windows/manage/mandatory-user-profile.md

@@ -0,0 +1,168 @@
+---
+title: Create mandatory user profiles (Windows 10)
+description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
+keywords: [".man","ntuser"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Create mandatory user profiles
+
+
+**Applies to**
+
+-   Windows 10
+
+> [!WARNING]
+> When a mandatory profile is applied to a PC running Windows 10, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. 
+
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. 
+
+Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles. 
+
+When the server that stores the mandatory profile is unavailable, such as when the user is not connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile. 
+
+User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
+
+<span id="extension"/>
+## Profile extension for each Windows version
+
+The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
+
+| Client operating system version | Server operating system version | Profile extension |
+| --- | --- | --- |
+| Windows XP | Windows Server 2003 </br>Windows Server 2003 R2 | none |
+| Windows Vista</br>Windows 7 | Windows Server 2008</br>Windows Server 2008 R2 | v2 |
+| Windows 8 | Windows Server 2012 | v3 |
+| Windows 8.1 | Windows Server 2012 R2 | v4 |
+| Windows 10, versions 1507 and 1511 | Windows Server 2016 | v5 |
+| Windows 10, version 1607 (also known as the Anniversary Update) | N/A | v6 |
+
+For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/en-us/kb/3056198).
+
+## How to create a mandatory user profile
+
+First, you create a default user profile, and then you rename the profile to make it mandatory.
+
+**To create a default user profile**
+
+1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
+
+   > [!NOTE] 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+ 
+2. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. 
+
+   >[!NOTE]
+   >Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics).
+
+3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/en-us/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/en-us/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. 
+ 
+3. Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
+ 
+     - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
+     - Microsoft.BingWeather_8wekyb3d8bbwe
+     - Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
+     - Microsoft.Getstarted_8wekyb3d8bbwe
+     - Microsoft.Windows.Photos_8wekyb3d8bbwe
+     - Microsoft.WindowsCamera_8wekyb3d8bbwe
+     - Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
+     - Microsoft.WindowsStore_8wekyb3d8bbwe
+     - Microsoft.XboxApp_8wekyb3d8bbwe
+     - Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
+     - Microsoft.ZuneMusic_8wekyb3d8bbwe 
+
+3. At a command prompt, type the following command and press **ENTER**.
+
+    `sysprep /oobe /reboot /generalize /unattend:unattend.xml` 
+
+    (Sysprep.exe is located at: C:\Windows\System32\sysprep. By default, Sysprep looks for unattend.xml in this same folder.)
+    
+    >[!TIP]
+    >If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following:
+    
+    >![Microsoft Bing Translator package](images/sysprep-error.png)
+    
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+  
+5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
+
+6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
+    
+7. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
+
+   ![Example of UI](images/copy-to.png)
+
+8. In **Copy To**, under **Permitted to use**, click **Change**.
+
+   ![Example of UI](images/copy-to-change.png)
+   
+9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
+
+10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607.
+
+   - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
+   - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.  
+   
+   ![Example of UI](images/copy-to-path.png) 
+
+9. Click **OK** to copy the default user profile.
+
+
+**To make the user profile mandatory**
+
+ 
+3. In File Explorer, open the folder where you stored the copy of the profile.
+
+    >[!NOTE]
+    >If the folder is not displayed, click **View** > **Options** > **Change folder and search options**. On the **View** tab, select **Show hidden files and folders**, clear **Hide protected operating system files**, click **Yes** to confirm that you want to show operating system files, and then click **OK** to save your changes.
+
+1. Rename `Ntuser.dat` to `Ntuser.man`. 
+
+## How to apply a mandatory user profile to users
+
+In a domain, you modify properties for the user account to point to the mandatory profile in a shared folder residing on the server.
+
+**To apply a mandatory user profile to users**
+
+1. Open **Active Directory Users and Computers** (dsa.msc).
+
+2. Navigate to the user account that you will assign the mandatory profile to.
+
+3. Right-click the user name and open **Properties**.
+
+4. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is \\\\*server*\profile.v6, you would enter \\\\*server*\profile.
+
+5. Click **OK**.
+
+It may take some time for this change to replicate to all domain controllers.
+
+
+
+## Apply policies to improve sign-in time
+
+When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the following Group Policy settings.
+
+- Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled
+
+
+
+
+
+
+
+
+
+## Related topics
+
+- [Manage Windows 10 Start layout and taskbar options](windows-10-start-layout-options-and-policies.md)
+- [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
+- [Windows Spotlight on the lock screen](windows-spotlight.md)
+- [Configure devices without MDM](configure-devices-without-mdm.md)
+
+
+