Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Creating a new Default user profile for our domain


24 Aug 2011   #1

Windows 7 and XP and Vista and Ubuntu
 
 
Creating a new Default user profile for our domain

I know, the MS way is to use SysPrep, but that seems enormously OTT when all I want to do is create a Windows 7 Default Profile for our domain.



So, according to my (Google driven) research an easier method is to
  1. Logon with a user account
  2. Make it 'so' (i.e. set the default profile how you want it for all new users)
  3. Log off
  4. Log on as Admin
  5. Rename c:\users\default (as default.bak, or .old, whatever)
  6. Rename the folder for the user account used in step 1 to 'default'
  7. Apply Full control permissions to 'Everyone' on the new Default folder.
Simples!

Except that at step 7 I get 'Access Denied' on many of the profile's sub-folders...be that with our domain's administrator account or the local administartor account.

Am I doing something wrong (polite answers only, please!)?

My System SpecsSystem Spec
.

24 Aug 2011   #2

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

One thing that could cause this issue is the fact that the user folder tree contains some symbolic links for compatability with badly written older programs, that assume the folder name will always be the same, over OS changes.

The default for these symlinks is to have a deny permission set for all users including admins to prevent the accidental creation of endless loop situations, where links are called for folders they link to
My System SpecsSystem Spec
24 Aug 2011   #3

Windows 7 and XP and Vista and Ubuntu
 
 

Ah right, it's not the folders producing the 'Access Denied' message, it's the junctions/symbolic links.

If so, that should mean I can more or less disregard these errors.
My System SpecsSystem Spec
.


24 Aug 2011   #4

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

Assuming that I am correct then yes, you should be OK to proceed, as the permissions on the symbolic links will not have changed from their designed settings.

I would suggest you try a test system and see if any further errors appear
My System SpecsSystem Spec
24 Aug 2011   #5

Windows 7 and XP and Vista and Ubuntu
 
 

This already is a test system.

Getting a different error now though (when logging on as a test user having renamed the intended default profile and re-applied Everyone:FC permissions): "The User Profile Service service failed the logon. User profile cannot be loaded".

Am investigating. I suspect permissions will still be at fault somewhere...
My System SpecsSystem Spec
20 Feb 2012   #6

Windows 7 Ultimate x64
 
 

The methods listed below has been verified in a non AD domain, so if you use Domain level GPOs (with AD) you may need to do further testing to make sure that the local gpo settings listed below are not over written by the domain policies. Also, if there is a Default User.v2 share in your netlogon shares on your servers you may need to set the permissions to that folder to "deny all" so that the windows 7 client won't pull whatever profile is there. Or you can make sure that there is no profile in that folder. Windows 7 domain computers will look in that share for the "domain user default profile" and apply it to any domain user the first time they log on to that machine.
Non sysprep method (sysprep method follows)
Make group policy changes (these are what causes win 7 to not look toward the server for a default profile)
Computer Config > Administrative Templates > System > User Profiles >
o Only Allow User Profiles = Enabled
o Set Roaming Profile Path for all users logging onto this computer = Disabled
o Prevent Roaming Profile changes from propagating to the server = Enabled
Customize the Test or Setup account (if from mini setup, if from image create a setup account)
Enable built-in Administrator account
Log on as Administrator
Install RichCopy from Technet
Use Explorer to unhide system files and folders
Use RichCopy to copy the profile from the account used to implement customizations to "Default User"
Join machine to the domain
Reboot
Log on domain user and all customizations that can be transferred should be applied to the users' profile

Sysprep Method - You may want to use this method because this method should be fully supported by MS
Login as the setup account
Enable Administrator Account - log off
Log on as Administrator
Go to Manage Users
Delete Setup account and any other accounts that have a profile folder and choose "delete files"
Make group policy changes
Computer Config > Administrative Templates > System > User Profiles >
Only Allow User Profiles = Enabled
Set Roaming Profile Path for all users logging onto this computer = Disabled
Prevent Roaming Profile changes from propagating to the server = Enabled
Complete all customizations
Copy validated answer file to C: root
Go to windows\system32\sysprep
Right click while holding shift and choose "open command window here"
run "sysprep.exe /oobe /generalize /unattend:c:\yourunattendfile.xml /reboot
Once the system reboots go through whatever portion of mini-setup your answer file dictates
Join machine to the domain
Log on as a domain user
Basic look and feel customizations should have been applied from the local Defaul User profile

And as long as the local policies that we set above remain intact, any domain user that logs onto the machine will receive the look and feel that you want for your organization.
Because MS has not published a comprehensive list of items/settings that cannot be applied to a default profile, you will have to experiment with that. I did find a doc that made it clear that the quick launch as well as the area of the start menu where you "pin" shortcuts do not persist when copying customizations to the default profile. See this site for step by step for much of the above Newsletter #89:* Changing Win 7 Default Profile and Sysprep Tricks
My System SpecsSystem Spec
Reply

 Creating a new Default user profile for our domain




Thread Tools



Similar help and support threads for2: Creating a new Default user profile for our domain
Thread Forum
Solved windows 7 creating temp user profile General Discussion
The user profile service failed the logon - on Domain General Discussion
Corrupt user profile when removing and adding computer to domain Network & Sharing
Solved Deleting and creating user profile problem General Discussion
Creating a default user profile, themepack doesn't stick Themes and Styles
creating a re-usable default profile Installation & Setup
Creating a very limited user profile for my children General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:56 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33