Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Creating a new Default user profile for our domain

24 Aug 2011   #1
jpjeffery

Windows 7 and XP and Vista and Ubuntu
 
 
Creating a new Default user profile for our domain

I know, the MS way is to use SysPrep, but that seems enormously OTT when all I want to do is create a Windows 7 Default Profile for our domain.



So, according to my (Google driven) research an easier method is to
  1. Logon with a user account
  2. Make it 'so' (i.e. set the default profile how you want it for all new users)
  3. Log off
  4. Log on as Admin
  5. Rename c:\users\default (as default.bak, or .old, whatever)
  6. Rename the folder for the user account used in step 1 to 'default'
  7. Apply Full control permissions to 'Everyone' on the new Default folder.
Simples!

Except that at step 7 I get 'Access Denied' on many of the profile's sub-folders...be that with our domain's administrator account or the local administartor account.

Am I doing something wrong (polite answers only, please!)?


My System SpecsSystem Spec
.
24 Aug 2011   #2
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

One thing that could cause this issue is the fact that the user folder tree contains some symbolic links for compatability with badly written older programs, that assume the folder name will always be the same, over OS changes.

The default for these symlinks is to have a deny permission set for all users including admins to prevent the accidental creation of endless loop situations, where links are called for folders they link to
My System SpecsSystem Spec
24 Aug 2011   #3
jpjeffery

Windows 7 and XP and Vista and Ubuntu
 
 

Ah right, it's not the folders producing the 'Access Denied' message, it's the junctions/symbolic links.

If so, that should mean I can more or less disregard these errors.
My System SpecsSystem Spec
.

24 Aug 2011   #4
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Assuming that I am correct then yes, you should be OK to proceed, as the permissions on the symbolic links will not have changed from their designed settings.

I would suggest you try a test system and see if any further errors appear
My System SpecsSystem Spec
24 Aug 2011   #5
jpjeffery

Windows 7 and XP and Vista and Ubuntu
 
 

This already is a test system.

Getting a different error now though (when logging on as a test user having renamed the intended default profile and re-applied Everyone:FC permissions): "The User Profile Service service failed the logon. User profile cannot be loaded".

Am investigating. I suspect permissions will still be at fault somewhere...
My System SpecsSystem Spec
20 Feb 2012   #6
myfree

Windows 7 Ultimate x64
 
 

The methods listed below has been verified in a non AD domain, so if you use Domain level GPOs (with AD) you may need to do further testing to make sure that the local gpo settings listed below are not over written by the domain policies. Also, if there is a Default User.v2 share in your netlogon shares on your servers you may need to set the permissions to that folder to "deny all" so that the windows 7 client won't pull whatever profile is there. Or you can make sure that there is no profile in that folder. Windows 7 domain computers will look in that share for the "domain user default profile" and apply it to any domain user the first time they log on to that machine.
Non sysprep method (sysprep method follows)
Make group policy changes (these are what causes win 7 to not look toward the server for a default profile)
Computer Config > Administrative Templates > System > User Profiles >
o Only Allow User Profiles = Enabled
o Set Roaming Profile Path for all users logging onto this computer = Disabled
o Prevent Roaming Profile changes from propagating to the server = Enabled
Customize the Test or Setup account (if from mini setup, if from image create a setup account)
Enable built-in Administrator account
Log on as Administrator
Install RichCopy from Technet
Use Explorer to unhide system files and folders
Use RichCopy to copy the profile from the account used to implement customizations to "Default User"
Join machine to the domain
Reboot
Log on domain user and all customizations that can be transferred should be applied to the users' profile

Sysprep Method - You may want to use this method because this method should be fully supported by MS
Login as the setup account
Enable Administrator Account - log off
Log on as Administrator
Go to Manage Users
Delete Setup account and any other accounts that have a profile folder and choose "delete files"
Make group policy changes
Computer Config > Administrative Templates > System > User Profiles >
Only Allow User Profiles = Enabled
Set Roaming Profile Path for all users logging onto this computer = Disabled
Prevent Roaming Profile changes from propagating to the server = Enabled
Complete all customizations
Copy validated answer file to C: root
Go to windows\system32\sysprep
Right click while holding shift and choose "open command window here"
run "sysprep.exe /oobe /generalize /unattend:c:\yourunattendfile.xml /reboot
Once the system reboots go through whatever portion of mini-setup your answer file dictates
Join machine to the domain
Log on as a domain user
Basic look and feel customizations should have been applied from the local Defaul User profile

And as long as the local policies that we set above remain intact, any domain user that logs onto the machine will receive the look and feel that you want for your organization.
Because MS has not published a comprehensive list of items/settings that cannot be applied to a default profile, you will have to experiment with that. I did find a doc that made it clear that the quick launch as well as the area of the start menu where you "pin" shortcuts do not persist when copying customizations to the default profile. See this site for step by step for much of the above Newsletter #89:* Changing Win 7 Default Profile and Sysprep Tricks
My System SpecsSystem Spec
Reply

 Creating a new Default user profile for our domain




Thread Tools




Similar help and support threads
Thread Forum
User Profile Service - default profile
Has anyone come across this issue happening frequently lately .... In the past 3 weeks I must have had 20+ PC's / Laptops that have had the same problem (see image below) Although I know how to fix it and I have had it crop up before, I've never had it hit so many units in such a short space...
General Discussion
The user profile service failed the logon - on Domain
I have the same issue the other user mentions. I can log on as a domain admin, but not as a domain user. There are only 4 profiles in the registry, with no .bak extensions: 1 is the default user 2 is the localservice account 3 is the networkservice account 4 is the local "Administrator"...
General Discussion
Corrupt user profile when removing and adding computer to domain
We have removed a computer from the domain because of some network issues. When we logged in to the computer as a local administrator we've noticed that the user folder of the domain user who was previously logged to that computer was almost empty(except for the appdata folder). When we joined...
Network & Sharing
Creating a default user profile, themepack doesn't stick
I can create a default profile with Windows 7 however the problem I'm having is with a themepack. I'll explain my process step by step so you can get a better idea of my process/problem. Create a standard user account and log on with it Set my customizations (remove certain features,...
Themes and Styles
creating a re-usable default profile
In the past... (since windows 98, sorry, showing my age) We have always been able to do the first time logon, setup all the applications, desktop settings, IE settings, everything, with a 'profile' user. We then rebooted the machine, logged on as adminstrator and Deleted the contents of the...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App