Creating default domain user profiles from the local Default User profile

R

Rod Echols

The methods listed below have been verified in a non AD domain, so if you use Domain level GPOs you may need to do further testing to make sure that the local gpo settings listed below are not over written by the domain policies. Also, if there is a Default User.v2 share in your netlogon shares you may need to set the permissions to that folder to "deny all" so that the windows 7 client won't pull whatever profile is there.

Non sysprep method (sysprep method follows)

Make group policy changes (these are what causes win 7 to not look toward the server for a default profile)
• Computer Config > Administrative Templates > System > User Profiles >
o Only Allow User Profiles = Enabled
o Set Roaming Profile Path for all users logging onto this computer = Disabled
o Prevent Roaming Profile changes from propagating to the server = Enabled
• Customize the Test or Setup account
• Enable built-in Administrator account
• Log on as Administrator
• Install RichCopy from Technet
• Use Explorer to unhide system files and folders
• Use RichCopy to copy the profile from the account used to implement customizations to "Default User"
• Join machine to the domain
• Reboot
• Log on domain user and all customizations that can be transferred should be applied to the users' profile

Sysprep Method - You may want to use this method because this method should be fully supported by MS
• Login as the setup account
• Enable Administrator Account - log off
• Log on as Administrator
• Go to Manage Users
• Delete Setup account and any other accounts that have a profile folder and choose "delete files"
• Make group policy changes
• Computer Config > Administrative Templates > System > User Profiles >
• Only Allow User Profiles = Enabled
• Set Roaming Profile Path for all users logging onto this computer = Disabled
• Prevent Roaming Profile changes from propagating to the server = Enabled
• Complete all customizations
• Copy validated answer file to C: root
• Go to windows\system32\sysprep
• Right click while holding shift and choose "open command window here"
• run "sysprep.exe /oobe /generalize /unattend:c:\yourunattendfile.xml
• Once the system reboots go through whatever portion of mini-setup your answer file dictates
• Join machine to the domain
• Log on as a domain user
• Basic look and feel customizations should have been applied from the local Defaul User profile

And as long as the local policies that we set above remain intact, any domain user that logs onto the machine will receive the look and feel that you want for your organization.

Because MS has not published a comprehensive list of items/settings that cannot be applied to a default profile, you will have to experiment with that. I did find a doc that made it clear that the quick launch as well as the area of the start menu where you "pin" shortcuts do not persist when copying customizations to the default profile.

Continue reading...
 
Back
Top Bottom