Options
<CopyProfile>true</CopyProfile> not working...
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
I thought all was well with my imaging but I cannot for the life of me figure out why <CopyProfile>true</CopyProfile> is not working in my sysprep.xml file when running sysprep.
This is what I do:
1. Install Windows 7 Pro.
2. When install is complete and the first configuration windows comes up, push ctrl+shift+f3 to enter into Audit mode.
3. When pc reboots, login with built-in Admin account and configure it the way I want ALL other accounts to be.
4. When all customizations have been made, copy the sysprep.xml file that I made from WAIK with the <CopyProfile>true</CopyProfile> tag to c:\windows\system32\sysprep\.
5. While still logged in to the only Admin account that I have ever logged in with, run sysprep /generalize /oobe /unattend:sysprep.xml.
6. When the pc reboots, boot with imagex and capture the image to either a WDS server or an external hard drive.
7. Deploy the image.
When I follow those above steps, the Admin account that I configured DOES NOT copy over to any future accounts that I log in with.
What exactly am I doing wrong?
/very frustrated
This is what I do:
1. Install Windows 7 Pro.
2. When install is complete and the first configuration windows comes up, push ctrl+shift+f3 to enter into Audit mode.
3. When pc reboots, login with built-in Admin account and configure it the way I want ALL other accounts to be.
4. When all customizations have been made, copy the sysprep.xml file that I made from WAIK with the <CopyProfile>true</CopyProfile> tag to c:\windows\system32\sysprep\.
5. While still logged in to the only Admin account that I have ever logged in with, run sysprep /generalize /oobe /unattend:sysprep.xml.
6. When the pc reboots, boot with imagex and capture the image to either a WDS server or an external hard drive.
7. Deploy the image.
When I follow those above steps, the Admin account that I configured DOES NOT copy over to any future accounts that I log in with.
What exactly am I doing wrong?
/very frustrated
Comments
-
Options
Hyper-Me
Banned Posts: 2,059
Have you tried it with a different user than Admin?
Supposedly it works with whatever user is logged in when running sysprep.
Unfortunately, profile copy through sysprep has been something MS hasn't gotten exactly right, ever. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
Have you tried it with a different user than Admin?
Supposedly it works with whatever user is logged in when running sysprep.
Unfortunately, profile copy through sysprep has been something MS hasn't gotten exactly right, ever.
Yup, tried it with 3 different dummy admin accounts. I even tried sysprepping an already sysprepped image and using an annswer file with just the copyprofile tag. Apparently Im not the only one with this issue, Ive read countles blogs and forums that show the same problem. -
Options
Gaber
Member Posts: 19 ■□□□□□□□□□
Try copying your unattend file to c:\windows\system32\sysprep\panther
If this still isn't working specify the exact file location of the unattend in sysprep so for e.g:
sysprep /generalize /oobe /unattend:c:\windows\system32\sysprep\unattend.xml replace unattend.xml with what you have called your unattend file. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
Try copying your unattend file to c:\windows\system32\sysprep\panther
If this still isn't working specify the exact file location of the unattend in sysprep so for e.g:
sysprep /generalize /oobe /unattend:c:\windows\system32\sysprep\unattend.xml replace unattend.xml with what you have called your unattend file.
Does this method work for you? -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
This is why I love MS...
In this kb article, they say:In Windows Vista and in Windows Server 2008-based computers, the CopyProfile setting must be present during the generalize phase.
Then, in this kb article, they say:This parameter must be set to "true" in the specialize pass
And then you have this!!!However this process does have a drawback. It does not propagate all settings to Default User and there is no known documentation as to what will and will not be propagated. It also can be difficult to determine if a setting did not carry over to a new user because it was considered inappropriate (i.e. not copied to Default User by design) or is being reset by Minisetup/Specialize or first logon processes.
Seriously? wtf is that all about? -
OptionsGaber
Member Posts: 19 ■□□□□□□□□□
It needs to go in the specialize pass. The only thing I have noticed that it doesn't copy over are icons I set in the taskbar.
From reading over the KB, it seems it looks by default for the unattend.xml in the sysprep folder. -
OptionsHyper-Me
Banned Posts: 2,059
lol.
Like i said, profile copy during sysprep has always been a sore spot with MS.
I find its easier to use group policy (expecially Preferences) to manipulate the desktop how I need it for different users. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
lol.
Like i said, profile copy during sysprep has always been a sore spot with MS.
I find its easier to use group policy (expecially Preferences) to manipulate the desktop how I need it for different users.
Is it possible to use gpo preferences to run a gpo just once on first logon for new users? -
OptionsGaber
Member Posts: 19 ■□□□□□□□□□
Is it possible to use gpo preferences to run a gpo just once on first logon for new users?
What are you trying to achieve? You can set this up in the unattend file if you wanted to. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
What are you trying to achieve? You can set this up in the unattend file if you wanted to.
Actually you can't, only some settings are carried over if you use unattend.
How to customize the default local user profile when you prepare an image of Windows Vista, Windows Server 2008, Windows XP, or Windows Server 2003
Not all customizations will propagate to new profiles. Some settings are reset by the new user logon process. To configure those settings, use Group Policy settings or scripting.
I will have to use gpo to do the following but I only want it applied once per user at their first logon on any machine.
1. Remove pinned taskbar items but allow user to pin.
2. Apply company wallpaper but allow user to change it.
The gpo's that I have found will not allow a user to pin taskbar items or change wallpaper. -
OptionsHyper-Me
Banned Posts: 2,059
You can assign a wallpaper by preference and have it to where they can change it.
I havnt seen the Windows 7 preferences yet, but i bet the pinning items are there as well. You set the preference to "apply once" and it does it the first time that user logs in or gets a new profile, but not again. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
I havnt seen the Windows 7 preferences yet, but i bet the pinning items are there as well. You set the preference to "apply once" and it does it the first time that user logs in or gets a new profile, but not again.
I can't find it. Under 'Shortcuts', the Taskbar isnt an option for the path to delete an icon. Go figure... -
Options
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
In my opinion the deployment documentation is full of errors and contradictions that manage to leak into books and then never go away. -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
-
OptionsHyper-Me
Banned Posts: 2,059
Do the following as a script that runs once and never again
The Deployment Guys : Pin Items to the Start Menu or Windows 7 Taskbar via Script -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
RobertKaucher wrote: »Have you seen this?
Sysprep a Windows 7 Machine ? Start to Finish V2 - Blog.BrianLeeJackson.com
Yes but it doesn't help me. Unfortunately, Microsoft has said "Not all customizations will propagate to new profiles. Some settings are reset by the new user logon process. To configure those settings, use Group Policy settings or scripting."
I'm pretty sure I'm not the only sysadmin that wants to remove those three taskbar items from the image. I find it hard to believe that a script is required to do this simple task.
Anyway, I found the script below but it's giving me object errors on line 16. Looking into it now.Option Explicit Dim objShell, objAllUsersProgramsFolder, strAllUsersProgramsPath, objFolder, objFolderItem, colVerbs, objVerb Const CSIDL_COMMON_PROGRAMS = &H17 Const CSIDL_PROGRAMS = &H2 Set objShell = CreateObject("Shell.Application") Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS) strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path Set objFolder = objShell.Namespace(strAllUsersProgramsPath) Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next Set objFolder = objShell.Namespace(strAllUsersProgramsPath) Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next Set objFolder = objShell.Namespace(strAllUsersProgramsPath) Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next
-
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
'Credit goes to Eric G. for writing this script. 'More info at http://frontslash.wordpress.com/2010/03/01/removing-internet-explorer-and-windows-media-player-from-taskbar/#comment-178 Option Explicit Const CSIDL_COMMON_PROGRAMS = &H17 Const CSIDL_PROGRAMS = &H2 Const CSIDL_STARTMENU = &HB Dim objShell, objFSO Dim objCurrentUserStartFolder Dim strCurrentUserStartFolderPath Dim objAllUsersProgramsFolder Dim strAllUsersProgramsPath Dim objFolder Dim objFolderItem Dim colVerbs Dim objVerb Set objShell = CreateObject("Shell.Application") Set objFSO = CreateObject("Scripting.FileSystemObject") Set objCurrentUserStartFolder = objShell.NameSpace (CSIDL_STARTMENU) strCurrentUserStartFolderPath = objCurrentUserStartFolder.Self.Path Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS) strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path 'Internet Explorer If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Internet Explorer.lnk") Then Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs") Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next End If 'Windows Explorer If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Accessories\Windows Explorer.lnk") Then Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs\Accessories") Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next End If 'Windows Media Player If objFSO.FileExists(strAllUsersProgramsPath & "\Windows Media Player.lnk") Then Set objFolder = objShell.Namespace(strAllUsersProgramsPath) Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk") Set colVerbs = objFolderItem.Verbs For Each objVerb in colVerbs If Replace(objVerb.name, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt Next End If -
Optionsrwwest7
Member Posts: 300
This is how I do it:
-Disable UAC. It is more trouble than good.
-Login with any account you want (Joe)and configure the settings how you want.
-Reboot
-Login as an admin
-Change settings to show hidden files
-Go to C:\Users
-Right-click the folder Joe, then right-click again and paste.
-You should now have a folder called Joe and one called Joe Copy.
-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default.
-Next time someone logs in they will get all the settings you set up for Joe.
There are a few quirks, and this isn't "microsoft approved", but I've done over 300 laptops with this method and so far so good. You really do need to disable UAC if you do it this way, for reasons I won't go into but trust me you need to. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
There are a few quirks, and this isn't "microsoft approved", but I've done over 300 laptops with this method and so far so good.
Been there, tried that. You're going to have problems down the road, trust me.
EDIT:
Meant to quote this:-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default.
Sorry. -
Optionsrwwest7
Member Posts: 300
For example? It's been about 4 months since the initial roll out and all the problems we had at first have been corrected by disabling UAC.Been there, tried that. You're going to have problems down the road, trust me.
UAC limits what a local administrator can do on a computer, which is just dumb. If I didn't want them to have admin rights I wouldn't give it to them! I like being able to elevate privilidges if logged on as a standard user, but if I'm logged on as an admin I should be able to do whatever I want. -
OptionsHyper-Me
Banned Posts: 2,059
but if I'm logged on as an admin I should be able to do whatever I want.
You can, if you just edit the UAC GPO settings. -
Optionsrwwest7
Member Posts: 300
That's what I did. Just sayin it's kinda silly to have to go that far.You can, if you just edit the UAC GPO settings. -
OptionsHyper-Me
Banned Posts: 2,059
That's what I did. Just sayin it's kinda silly to have to go that far.
If users would learn to not do every single thing on their computer as a full blown administrator, there would be no need for UAC.
At least the feature is robust enough to let you customize it how you want it to work. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
See my edit, I quoted the wrong text.
These will cause you problems, not UAC.-Rename the folder Default to Default_Original
-Rename the folder Joe Copy to Default. -
Optionsrwwest7
Member Posts: 300
I know what you meant. I'm just saying the few problems we did have were resolved by turning off UAC. I know this way of doing it isn't for everyone, but as long the users have local admin rights and UAC is off then so far (4 months and 300 laptops later) we've had zero issues directly related to the profile renaming.See my edit, I quoted the wrong text.
These will cause you problems, not UAC.
Before turning off UAC we'd often have users logged on with a temp profile and I'd have to go into the registry and delete the temp link and remove the .bak from the original link and everything was fine again. Some users also weren't able to install certain software without doing so in "XP mode", but since turning off UAC life has been good.
Are there any specific problems you know of that you can tell us about? -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
Are there any specific problems you know of that you can tell us about?
Yes, it causes keys in the registry to reference the wrong account. It has nothing to do with uac. -
OptionsGaber
Member Posts: 19 ■□□□□□□□□□
Actually you can't, only some settings are carried over if you use unattend.
I will have to use gpo to do the following but I only want it applied once per user at their first logon on any machine.
1. Remove pinned taskbar items but allow user to pin.
2. Apply company wallpaper but allow user to change it.
The gpo's that I have found will not allow a user to pin taskbar items or change wallpaper.
Apologies, I misread what you asked. Thought you wanted to know how to set the first user to login in the unattend after a system has been imaged
-
Optionsrwwest7
Member Posts: 300
This is exactly where UAC comes into play. With UAC turned on admins can't access and write to the entire C: drive.Yes, it causes keys in the registry to reference the wrong account. It has nothing to do with uac.
I create a generic account like WIN7 to update the Default profile. Later on if a program wants to create a folder and looks in the registry and sees it needs to be created in C:\Users\WIN7, then if UAC is on it can't create the folder. But with UAC turned off the program is free to create and use whatever it wants in C:\Users\WIN7. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
This is exactly where UAC comes into play. With UAC turned on admins can't access and write to the entire C: drive.
I create a generic account like WIN7 to update the Default profile. Later on if a program wants to create a folder and looks in the registry and sees it needs to be created in C:\Users\WIN7, then if UAC is on it can't create the folder. But with UAC turned off the program is free to create and use whatever it wants in C:\Users\WIN7.
Its not about controlling what users/admins can or cant do, its about letting the OS do its job correctly. If it needs to create a registry key, it needs to reference the correct account. There is a reason why your method is unsupported. -
Optionsrwwest7
Member Posts: 300
Go to C:\ProgramData\Microsoft\User Account Pictures\Default Pictures on a Windows 7 machine as an admin and try to delete or rename any picture in that folder. You're an admin, and it's not about controlling what admins can or can't do, so you should be able to delete any pictures you want from YOUR hard drive correct?Its not about controlling what users/admins can or cant do, its about letting the OS do its job correctly. If it needs to create a registry key, it needs to reference the correct account. There is a reason why your method is unsupported.
