Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Creating a new Default user profile for our domain

24 Aug 2011   #1

Windows 7 and XP and Vista and Ubuntu
Creating a new Default user profile for our domain

I know, the MS way is to use SysPrep, but that seems enormously OTT when all I want to do is create a Windows 7 Default Profile for our domain.

So, according to my (Google driven) research an easier method is to
  1. Logon with a user account
  2. Make it 'so' (i.e. set the default profile how you want it for all new users)
  3. Log off
  4. Log on as Admin
  5. Rename c:\users\default (as default.bak, or .old, whatever)
  6. Rename the folder for the user account used in step 1 to 'default'
  7. Apply Full control permissions to 'Everyone' on the new Default folder.

Except that at step 7 I get 'Access Denied' on many of the profile's that with our domain's administrator account or the local administartor account.

Am I doing something wrong (polite answers only, please!)?

My System SpecsSystem Spec
24 Aug 2011   #2

Windows 10 Pro x64 x3, Ubuntu

One thing that could cause this issue is the fact that the user folder tree contains some symbolic links for compatability with badly written older programs, that assume the folder name will always be the same, over OS changes.

The default for these symlinks is to have a deny permission set for all users including admins to prevent the accidental creation of endless loop situations, where links are called for folders they link to
My System SpecsSystem Spec
24 Aug 2011   #3

Windows 7 and XP and Vista and Ubuntu

Ah right, it's not the folders producing the 'Access Denied' message, it's the junctions/symbolic links.

If so, that should mean I can more or less disregard these errors.
My System SpecsSystem Spec

24 Aug 2011   #4

Windows 10 Pro x64 x3, Ubuntu

Assuming that I am correct then yes, you should be OK to proceed, as the permissions on the symbolic links will not have changed from their designed settings.

I would suggest you try a test system and see if any further errors appear
My System SpecsSystem Spec
24 Aug 2011   #5

Windows 7 and XP and Vista and Ubuntu

This already is a test system. :)

Getting a different error now though (when logging on as a test user having renamed the intended default profile and re-applied Everyone:FC permissions): "The User Profile Service service failed the logon. User profile cannot be loaded".

Am investigating. I suspect permissions will still be at fault somewhere...
My System SpecsSystem Spec
20 Feb 2012   #6

Windows 7 Ultimate x64

The methods listed below has been verified in a non AD domain, so if you use Domain level GPOs (with AD) you may need to do further testing to make sure that the local gpo settings listed below are not over written by the domain policies. Also, if there is a Default User.v2 share in your netlogon shares on your servers you may need to set the permissions to that folder to "deny all" so that the windows 7 client won't pull whatever profile is there. Or you can make sure that there is no profile in that folder. Windows 7 domain computers will look in that share for the "domain user default profile" and apply it to any domain user the first time they log on to that machine.
Non sysprep method (sysprep method follows)
Make group policy changes (these are what causes win 7 to not look toward the server for a default profile)
Computer Config > Administrative Templates > System > User Profiles >
o Only Allow User Profiles = Enabled
o Set Roaming Profile Path for all users logging onto this computer = Disabled
o Prevent Roaming Profile changes from propagating to the server = Enabled
Customize the Test or Setup account (if from mini setup, if from image create a setup account)
Enable built-in Administrator account
Log on as Administrator
Install RichCopy from Technet
Use Explorer to unhide system files and folders
Use RichCopy to copy the profile from the account used to implement customizations to "Default User"
Join machine to the domain
Log on domain user and all customizations that can be transferred should be applied to the users' profile

Sysprep Method - You may want to use this method because this method should be fully supported by MS
Login as the setup account
Enable Administrator Account - log off
Log on as Administrator
Go to Manage Users
Delete Setup account and any other accounts that have a profile folder and choose "delete files"
Make group policy changes
Computer Config > Administrative Templates > System > User Profiles >
Only Allow User Profiles = Enabled
Set Roaming Profile Path for all users logging onto this computer = Disabled
Prevent Roaming Profile changes from propagating to the server = Enabled
Complete all customizations
Copy validated answer file to C: root
Go to windows\system32\sysprep
Right click while holding shift and choose "open command window here"
run "sysprep.exe /oobe /generalize /unattend:c:\yourunattendfile.xml /reboot
Once the system reboots go through whatever portion of mini-setup your answer file dictates
Join machine to the domain
Log on as a domain user
Basic look and feel customizations should have been applied from the local Defaul User profile

And as long as the local policies that we set above remain intact, any domain user that logs onto the machine will receive the look and feel that you want for your organization.
Because MS has not published a comprehensive list of items/settings that cannot be applied to a default profile, you will have to experiment with that. I did find a doc that made it clear that the quick launch as well as the area of the start menu where you "pin" shortcuts do not persist when copying customizations to the default profile. See this site for step by step for much of the above Newsletter #89:* Changing Win 7 Default Profile and Sysprep Tricks
My System SpecsSystem Spec

 Creating a new Default user profile for our domain

Thread Tools

Similar help and support threads
Thread Forum
Domain-wide default user specific for user group
Hi! I`m looking into creating a custom domain-wide default user for my company, but we have two major types employees depending on their tasks (this means - Software A is used by employee A and not by employee B and the other way around). In the Active Directory they are (of course) separated...
General Discussion
User Profile Service - default profile
Has anyone come across this issue happening frequently lately .... In the past 3 weeks I must have had 20+ PC's / Laptops that have had the same problem (see image below) Although I know how to fix it and I have had it crop up before, I've never had it hit so many units in such a short space...
General Discussion
The user profile service failed the logon - on Domain
I have the same issue the other user mentions. I can log on as a domain admin, but not as a domain user. There are only 4 profiles in the registry, with no .bak extensions: 1 is the default user 2 is the localservice account 3 is the networkservice account 4 is the local "Administrator"...
General Discussion
Creating a default user profile, themepack doesn't stick
I can create a default profile with Windows 7 however the problem I'm having is with a themepack. I'll explain my process step by step so you can get a better idea of my process/problem. Create a standard user account and log on with it Set my customizations (remove certain features,...
Themes and Styles
creating a re-usable default profile
In the past... (since windows 98, sorry, showing my age) We have always been able to do the first time logon, setup all the applications, desktop settings, IE settings, everything, with a 'profile' user. We then rebooted the machine, logged on as adminstrator and Deleted the contents of the...
Installation & Setup

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:36.
Twitter Facebook Google+