<CopyProfile>true</CopyProfile> not working...

phoeneous

I thought all was well with my imaging but I cannot for the life of me figure out why <CopyProfile>true</CopyProfile> is not working in my sysprep.xml file when running sysprep.

This is what I do:


1. Install Windows 7 Pro.

2. When install is complete and the first configuration windows comes up, push ctrl+shift+f3 to enter into Audit mode.

3. When pc reboots, login with built-in Admin account and configure it the way I want ALL other accounts to be.

4. When all customizations have been made, copy the sysprep.xml file that I made from WAIK with the <CopyProfile>true</CopyProfile> tag to c:\windows\system32\sysprep\.

5. While still logged in to the only Admin account that I have ever logged in with, run sysprep /generalize /oobe /unattend:sysprep.xml.

6. When the pc reboots, boot with imagex and capture the image to either a WDS server or an external hard drive.

7. Deploy the image.


When I follow those above steps, the Admin account that I configured DOES NOT copy over to any future accounts that I log in with.

What exactly am I doing wrong?

/very frustrated

Hyper-Me

Have you tried it with a different user than Admin?

Supposedly it works with whatever user is logged in when running sysprep.

Unfortunately, profile copy through sysprep has been something MS hasn't gotten exactly right, ever.

phoeneous

Hyper-Me wrote: »

Have you tried it with a different user than Admin?

Supposedly it works with whatever user is logged in when running sysprep.

Unfortunately, profile copy through sysprep has been something MS hasn't gotten exactly right, ever.

Yup, tried it with 3 different dummy admin accounts. I even tried sysprepping an already sysprepped image and using an annswer file with just the copyprofile tag. Apparently Im not the only one with this issue, Ive read countles blogs and forums that show the same problem.

Gaber

Try copying your unattend file to c:\windows\system32\sysprep\panther

If this still isn't working specify the exact file location of the unattend in sysprep so for e.g:
sysprep /generalize /oobe /unattend:c:\windows\system32\sysprep\unattend.xml replace unattend.xml with what you have called your unattend file.

phoeneous

Gaber wrote: »

Try copying your unattend file to c:\windows\system32\sysprep\panther

If this still isn't working specify the exact file location of the unattend in sysprep so for e.g:
sysprep /generalize /oobe /unattend:c:\windows\system32\sysprep\unattend.xml replace unattend.xml with what you have called your unattend file.

Does this method work for you?

phoeneous

This is why I love MS...

In this kb article, they say:

In Windows Vista and in Windows Server 2008-based computers, the CopyProfile setting must be present during the generalize phase.

Then, in this kb article, they say:

This parameter must be set to "true" in the specialize pass

And then you have this!!!

However this process does have a drawback. It does not propagate all settings to Default User and there is no known documentation as to what will and will not be propagated. It also can be difficult to determine if a setting did not carry over to a new user because it was considered inappropriate (i.e. not copied to Default User by design) or is being reset by Minisetup/Specialize or first logon processes.

Seriously? wtf is that all about?

Gaber

It needs to go in the specialize pass. The only thing I have noticed that it doesn't copy over are icons I set in the taskbar.

From reading over the KB, it seems it looks by default for the unattend.xml in the sysprep folder.

Hyper-Me

lol.

Like i said, profile copy during sysprep has always been a sore spot with MS.

I find its easier to use group policy (expecially Preferences) to manipulate the desktop how I need it for different users.

phoeneous

Hyper-Me wrote: »

lol.

Like i said, profile copy during sysprep has always been a sore spot with MS.

I find its easier to use group policy (expecially Preferences) to manipulate the desktop how I need it for different users.

Is it possible to use gpo preferences to run a gpo just once on first logon for new users?

Gaber

phoeneous wrote: »

Is it possible to use gpo preferences to run a gpo just once on first logon for new users?

What are you trying to achieve? You can set this up in the unattend file if you wanted to.

phoeneous

Gaber wrote: »

What are you trying to achieve? You can set this up in the unattend file if you wanted to.

Actually you can't, only some settings are carried over if you use unattend.

How to customize the default local user profile when you prepare an image of Windows Vista, Windows Server 2008, Windows XP, or Windows Server 2003

Not all customizations will propagate to new profiles. Some settings are reset by the new user logon process. To configure those settings, use Group Policy settings or scripting.

I will have to use gpo to do the following but I only want it applied once per user at their first logon on any machine.

1. Remove pinned taskbar items but allow user to pin.
2. Apply company wallpaper but allow user to change it.

The gpo's that I have found will not allow a user to pin taskbar items or change wallpaper.

Hyper-Me

You can assign a wallpaper by preference and have it to where they can change it.

I havnt seen the Windows 7 preferences yet, but i bet the pinning items are there as well. You set the preference to "apply once" and it does it the first time that user logs in or gets a new profile, but not again.

phoeneous

Hyper-Me wrote: »

I havnt seen the Windows 7 preferences yet, but i bet the pinning items are there as well. You set the preference to "apply once" and it does it the first time that user logs in or gets a new profile, but not again.

I can't find it. Under 'Shortcuts', the Taskbar isnt an option for the path to delete an icon. Go figure...

RobertKaucher

phoeneous wrote: »

This is why I love MS...

In this kb article, they say:




Then, in this kb article, they say:



And then you have this!!!



Seriously? wtf is that all about?

In my opinion the deployment documentation is full of errors and contradictions that manage to leak into books and then never go away.

RobertKaucher

Have you seen this?
Sysprep a Windows 7 Machine ? Start to Finish V2 - Blog.BrianLeeJackson.com

Hyper-Me

Do the following as a script that runs once and never again

The Deployment Guys : Pin Items to the Start Menu or Windows 7 Taskbar via Script

phoeneous

RobertKaucher wrote: »

Have you seen this?
Sysprep a Windows 7 Machine ? Start to Finish V2 - Blog.BrianLeeJackson.com

Yes but it doesn't help me. Unfortunately, Microsoft has said "Not all customizations will propagate to new profiles. Some settings are reset by the new user logon process. To configure those settings, use Group Policy settings or scripting."

I'm pretty sure I'm not the only sysadmin that wants to remove those three taskbar items from the image. I find it hard to believe that a script is required to do this simple task.

Anyway, I found the script below but it's giving me object errors on line 16. Looking into it now.

Option Explicit

Dim objShell, objAllUsersProgramsFolder, strAllUsersProgramsPath, objFolder, objFolderItem, colVerbs, objVerb

Const CSIDL_COMMON_PROGRAMS = &H17 
Const CSIDL_PROGRAMS = &H2 
Set objShell = CreateObject("Shell.Application") 
Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS) 
strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path 

Set objFolder = objShell.Namespace(strAllUsersProgramsPath) 
Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk")
Set colVerbs = objFolderItem.Verbs 
For Each objVerb in colVerbs 
    If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next

Set objFolder = objShell.Namespace(strAllUsersProgramsPath) 
Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk")
Set colVerbs = objFolderItem.Verbs 
For Each objVerb in colVerbs 
    If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next

Set objFolder = objShell.Namespace(strAllUsersProgramsPath) 
Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk")
Set colVerbs = objFolderItem.Verbs 
For Each objVerb in colVerbs 
    If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
Next

phoeneous

'Credit goes to Eric G. for writing this script.
'More info at http://frontslash.wordpress.com/2010/03/01/removing-internet-explorer-and-windows-media-player-from-taskbar/#comment-178

Option Explicit

Const CSIDL_COMMON_PROGRAMS = &H17
Const CSIDL_PROGRAMS = &H2
Const CSIDL_STARTMENU = &HB

Dim objShell, objFSO
Dim objCurrentUserStartFolder
Dim strCurrentUserStartFolderPath
Dim objAllUsersProgramsFolder
Dim strAllUsersProgramsPath
Dim objFolder
Dim objFolderItem
Dim colVerbs
Dim objVerb

Set objShell = CreateObject("Shell.Application")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCurrentUserStartFolder = objShell.NameSpace (CSIDL_STARTMENU)
strCurrentUserStartFolderPath = objCurrentUserStartFolder.Self.Path
Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS)
strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path

'Internet Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Internet Explorer.lnk") Then
    Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs")
    Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk")
    Set colVerbs = objFolderItem.Verbs
    For Each objVerb in colVerbs
        If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
    Next
End If
'Windows Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Accessories\Windows Explorer.lnk") Then
    Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs\Accessories")
    Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk")
    Set colVerbs = objFolderItem.Verbs
    For Each objVerb in colVerbs
        If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
    Next
End If
'Windows Media Player
If objFSO.FileExists(strAllUsersProgramsPath & "\Windows Media Player.lnk") Then
    Set objFolder = objShell.Namespace(strAllUsersProgramsPath)
    Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk")
    Set colVerbs = objFolderItem.Verbs
    For Each objVerb in colVerbs
        If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
    Next
End If

rwwest7

This is how I do it:
-Disable UAC. It is more trouble than good.
-Login with any account you want (Joe)and configure the settings how you want.
-Reboot
-Login as an admin
-Change settings to show hidden files
-Go to C:\Users
-Right-click the folder Joe, then right-click again and paste.
-You should now have a folder called Joe and one called Joe Copy.
-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default.
-Next time someone logs in they will get all the settings you set up for Joe.

There are a few quirks, and this isn't "microsoft approved", but I've done over 300 laptops with this method and so far so good. You really do need to disable UAC if you do it this way, for reasons I won't go into but trust me you need to.

phoeneous

rwwest7 wrote: »

There are a few quirks, and this isn't "microsoft approved", but I've done over 300 laptops with this method and so far so good.

Been there, tried that. You're going to have problems down the road, trust me.

EDIT:

Meant to quote this:

-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default.

Sorry.

rwwest7

phoeneous wrote: »

Been there, tried that. You're going to have problems down the road, trust me.

For example? It's been about 4 months since the initial roll out and all the problems we had at first have been corrected by disabling UAC.

UAC limits what a local administrator can do on a computer, which is just dumb. If I didn't want them to have admin rights I wouldn't give it to them! I like being able to elevate privilidges if logged on as a standard user, but if I'm logged on as an admin I should be able to do whatever I want.

Hyper-Me

rwwest7 wrote: »

but if I'm logged on as an admin I should be able to do whatever I want.

You can, if you just edit the UAC GPO settings.

rwwest7

Hyper-Me wrote: »

You can, if you just edit the UAC GPO settings.

That's what I did. Just sayin it's kinda silly to have to go that far.

Hyper-Me

rwwest7 wrote: »

That's what I did. Just sayin it's kinda silly to have to go that far.

If users would learn to not do every single thing on their computer as a full blown administrator, there would be no need for UAC.

At least the feature is robust enough to let you customize it how you want it to work.

phoeneous

See my edit, I quoted the wrong text.

These will cause you problems, not UAC.

-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default.

rwwest7

phoeneous wrote: »

See my edit, I quoted the wrong text.

These will cause you problems, not UAC.

I know what you meant. I'm just saying the few problems we did have were resolved by turning off UAC. I know this way of doing it isn't for everyone, but as long the users have local admin rights and UAC is off then so far (4 months and 300 laptops later) we've had zero issues directly related to the profile renaming.

Before turning off UAC we'd often have users logged on with a temp profile and I'd have to go into the registry and delete the temp link and remove the .bak from the original link and everything was fine again. Some users also weren't able to install certain software without doing so in "XP mode", but since turning off UAC life has been good.

Are there any specific problems you know of that you can tell us about?

phoeneous

rwwest7 wrote: »

Are there any specific problems you know of that you can tell us about?

Yes, it causes keys in the registry to reference the wrong account. It has nothing to do with uac.

Gaber

phoeneous wrote: »

Actually you can't, only some settings are carried over if you use unattend.



I will have to use gpo to do the following but I only want it applied once per user at their first logon on any machine.

1. Remove pinned taskbar items but allow user to pin.
2. Apply company wallpaper but allow user to change it.

The gpo's that I have found will not allow a user to pin taskbar items or change wallpaper.

Apologies, I misread what you asked. Thought you wanted to know how to set the first user to login in the unattend after a system has been imaged

rwwest7

phoeneous wrote: »

Yes, it causes keys in the registry to reference the wrong account. It has nothing to do with uac.

This is exactly where UAC comes into play. With UAC turned on admins can't access and write to the entire C: drive.

I create a generic account like WIN7 to update the Default profile. Later on if a program wants to create a folder and looks in the registry and sees it needs to be created in C:\Users\WIN7, then if UAC is on it can't create the folder. But with UAC turned off the program is free to create and use whatever it wants in C:\Users\WIN7.

phoeneous

rwwest7 wrote: »

This is exactly where UAC comes into play. With UAC turned on admins can't access and write to the entire C: drive.

I create a generic account like WIN7 to update the Default profile. Later on if a program wants to create a folder and looks in the registry and sees it needs to be created in C:\Users\WIN7, then if UAC is on it can't create the folder. But with UAC turned off the program is free to create and use whatever it wants in C:\Users\WIN7.

Its not about controlling what users/admins can or cant do, its about letting the OS do its job correctly. If it needs to create a registry key, it needs to reference the correct account. There is a reason why your method is unsupported.

rwwest7

phoeneous wrote: »

Its not about controlling what users/admins can or cant do, its about letting the OS do its job correctly. If it needs to create a registry key, it needs to reference the correct account. There is a reason why your method is unsupported.

Go to C:\ProgramData\Microsoft\User Account Pictures\Default Pictures on a Windows 7 machine as an admin and try to delete or rename any picture in that folder. You're an admin, and it's not about controlling what admins can or can't do, so you should be able to delete any pictures you want from YOUR hard drive correct?