New Response
Cancel
Copy to Archive
Move to Archive
Document Library
Main Topic
Kurt Tomicich
2017/01/15
Reference
Subject:
Customize base image - Default User
Category:
OS\ Windows 10
Revision Date:
2017/01/15
Modified:
2018/04/05
Originator
Reviewers
Kurt Tomicich
Current Run
SysPrep Notes:
Spiceworks thread:
Customizing Windows 10 Default Profile (w/o CopyProfile)
Basis
Basis
Trying it based on using
SysPrep
:
CopyProfile
setting
AuditMode
Command Line Options
Answer File
Boot to Audit Mode
To set Default User to NOT install the defaults, use PowerShell:
Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage –online
Other suggestions from
Spiceworks
:
Customized version of VBS script to
Pin or UnPin apps on the taskbar
Remove APX junk
Remove Candy Crush and other ads from the MS Store
Based on info from
HERE
, just delete
C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
File Explorer advertising
REMOVAL
Windows 10 Field Guide
- check it out
Windows 10 Hardening guide
--
New Spiceworks notes about App Associations - haven't done anything yet with it
New Spiceworks notes about App Associations - haven't done anything yet with it
...works up to the latest Win 10 Build(1709) and thought I'd share in case it can help someone in the future. What I did was I added a setupcomplete.cmd script to the image which basically is a runonce script that runs right after sysprep. Here are instructions to set it up:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup
Than what you do is export the XML of the default App Associations using powershell to your local drive:
Dism /Online /Export-DefaultAppAssociations:<File Path>
Than you add a command to Setupcomplete.cmd that imports the config:
Dism /Online /Import-DefaultAppAssociations:<File Path>
You can also add the following command to delete the XML file:
Del <filepath>
So your Setupcomplete script should be something like this:
dism /online /import-defaultappassociations:c:\AppAssoc.xml
del C:\AppAssoc.xml
Once Sysprep runs it should apply the default AppAssociations once its complete and voila it works!! Works with non domain and domain accounts. Hope this helps!
--
Fire the system up and log in as User or something
UAC
Remove Candy Crush and other ads from the MS Store - Based on info from
HERE
, just delete
C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
There's a Spiceworks thread
HERE
where I guy modified the XML rather than deleting it...
defaultlayouts.xml
DefProf
has been recommended on Spiceworks...
Boot into Audit Mode - from an Admin CMD, type:
C:\Windows\System32\SysPrep\SysPrep /Audit
Customize
Delete the User account you started with
Clean up Start and Taskbar, set preferences - Do NOT Pin things to the Taskbar
This PC icon on Desktop
Folder View settings
In
Advanced Settings
, uncheck
Show sync provider notifications
Internet Options / IE settings
Desktop icons
Set Default Programs to IE, Nitro <- this doesn't carry over
Copy the Answer file to the computer or provide it on USB
This AnswerFile has been customized: Modified to Preserve Device Drivers, CopyProfile
<Attached to SysPrep Notes>
For other choices, generate a new answer file using Windows System Image Manager - details on SysPrep Notes
Once customizations have been finished, run this command in PowerShell:
C:\Windows\System32\Sysprep\Sysprep /generalize /oobe /shutdown /unattend:F:\CopyProfile.xml
Image the system without booting it
Restore system to another computer
NOTES:
Taskbar shortcuts are not maintained - They come over in the folder but don't show up
C:\Users\%user%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
They're there, but they're not used. Sooo, when you pin it again, it says "Outlook 2016 (2)"
Program defaults are not maintained
Also didn't work
Also didn't work
Trying to combine this profile copy scenario:
https://saihaynes.wordpress.com/2016/02/03/windows-10-default-profile/
but right-click on Start does nothing.
Pinned taskbar items come over, but not pinned start item
But, with this registry scenario:
But, with this registry scenario:
Registry Update
1. Open regedit
2. Click HKEY_USERS
3. File -> Load Hive
4. Navigate to C:\Users\Default\
5. In the file text box type "NTUSER.DAT" w/o the quotes and press enter
6. You'll be asked to name the hive. Make sure you name it something unique such as "MyWin10Profile"
7. Right click the "MyWin10Profile" and click export. Save it somewhere.
8. Open Explorer and navigate to where you saved the file
9. Right click the file and click edit
10. Do a find and replace (CTRL + H ...I believe) to replace the username of the account you used for your profile template with the variable %USERNAME%. Ex: I login to a user I make called "CustomProfileTemplate" and make my profile customizations and then copy it over. I would the do a find and replace to replace CustomProfileTemplate" with "%USERNAME" (again without quotes)
11. Save text file
12. Double click file and click yes to import into registry
13. Go back to regedit and click "MyWin10Profile"
14. Go to File -> Unload Hive *****IF YOU DONT DO THIS YOU WILL NOT BE ABLE TO LOGIN WITH NEW USERS*****
15. Logout and test the profile with a NEW user.
Limitations:
File defaults (IE and Nitro) get automatically reset to Edge
Start Menu Search does not show everything - 'Control..." give the Control Panel, but 'User' does not give User Accounts
Work around is to copy a functional accounts
C:\Users\
Username
\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy to C:\Users\<username>\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy
This MAY be resolved by not deleting the files when the ProfileSetup account is deleted
THIS DID NOT WORK ON THE SECOND BATCH OF COMPUTERS I TRIED IT ON
Desktop shortcut in QuickAccess does not include All Users
Create a ProfileSetup Account if you didn't during initial startup
Open Control Panel > User Accounts > User Accounts > Manage another account > Add a new user in PC settings > Add someone else to this PC > I don't have this person's sign-in information > Add a user without a Microsoft account
Enter the account name: ProfileSetup
Set the password for the ProfileSetup account, otherwise it automatically logs in when you reboot. I usually use
1
with a hint of
>0
Click on the newly created account and [Change account type]
Change type to Administrator, click [OK]
Just for the sake of argument, in case there is a need to backtrack, also create an Admin user with the original default profile
Customize
While logged in as ProfileSetup, perform all of your customizations.
HOLD OFF ON ANTI VIRUS INSTALLATION UNTIL CUSTOMIZED DEFAULT PROFILE IS COPIED!
Also, MS Office I think. Installing Office experimentally using the ClickToRun Deployment Tool
https://prajwaldesai.com/deploy-office-2016-using-click-to-run-deployment-tool/
Most recent test 3/6/17 required an Office repair, kept prompting to accept automatic updates after rebooting
Clean up Start and Taskbar, set preferences
This PC icon on Desktop
Folder View settings
Internet Options / IE settings
Desktop icons
Set Default Programs - FOR SOME REASON THIS DOESN'T TAKE CURRENTLY AND HAS TO BE REDONE ON INDIVIDUAL NEW USERS
IE
Nitro
UAC
Create Test and Test2 Users, same process as above
TEST: Use the regedit file to prevent the default profile from resetting file associations from IE and Nitro to Edge
http://www.winhelponline.com/blog/windows-10-resetting-file-associations/
Copy the Customized Profile to Default
Logout as ProfileSetup and login as Administrator
Rename the ProfileSetup user profile folder to Default:
Open a Windows Explorer window and navigate to C:\Users
Set View Options
Hidden files and folders
is set to
Show
Hide protected operating system files
is unchecked
Rename the original default profile folder: C:\Users\Default -> C:\Users\Default.Original
Copy C:\Users\ProfileSetup -> C:\Users\Default
Delete
C:\Users\Default\AppData\Local\Packages
\
Microsoft.Windows.ShellExperiencehost...\LocalState\
Delete the ProfileSetup account: ??
Open Control Panel > Add or remove user accounts
Click on the ProfileSetup account
Click Delete the account
Click Delete Files
DO NOT DELETE FILES!! MAYBE THIS WILL RESOLVE REMAINING ISSUES
Click Delete Account
Clean up the Registry
Open regedit as Administrator
Click HKEY_USERS
File -> Load Hive
Navigate to C:\Users\Default\
In the file text box type "NTUSER.DAT" w/o the quotes and press enter
Name the Hive
TempKey
Right click the
TempKey
and click export. Save it somewhere.
Open Explorer and navigate to where you saved the file
Right click the file and click edit
Do a find and replace (CTRL + H) to replace ProfileSetup with the variable %USERNAME%
Save text file
EXIT ANTI VIRUS SOFTWARE
Double click file and click yes to import into registry
Had an error about the import... It still brought in all the right entries, but left some of the ProfileSetup entries. Manually searched the TempKey hive and removed the remaining ProfileSetup entries
Mostly were related to OneDrive
Go back to regedit and click
TempKey
Go to File -> Unload Hive *****IF YOU DONT DO THIS YOU WILL NOT BE ABLE TO LOGIN WITH NEW USERS*****
Logout and test the profile with a NEW user.
Install AV
Is Administrator showing in the Login Screen? If you don't want it to, Admin CMD:
net user administrator /active:no
START MENU SEARCH ISSUES
2017-03-6 CalCSC Laptops: I had an issue where the ADMIN account I set up worked fine, but an account set up using the customized default profile would not find everything from a Start Menu search - Control Panel would show, but not User Accounts. The solution was to copy
C:\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy
to
C:\Users\<username>\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy
- also copied to the same location in the customized Default User folder
This worked on one batch of computers, but not on another... the package folder from the computer that did work seems to have fixed the completely different computers from the batch that didn't work.
windows.immersivecontrolpanel_cw5n1h2txyewy.zip
Didn't Work
Didn't Work
Create a ProfileSetup Account if you didn't during initial startup
Open Control Panel > User Accounts > User Accounts > Manage another account > Add a new user in PC settings > Add someone else to this PC > I don't have this person's sign-in information > Add a user without a Microsoft account
Enter the account name: ProfileSetup
Set the password for the ProfileSetup account, otherwise it automatically logs in when you reboot. I usually use
1
with a hint of
>0
Click on the newly created account and [Change account type]
Change type to Administrator, click [OK]
Customize
While logged in as ProfileSetup, perform all of your customizations.
Clean up Start and Taskbar, set preferences
This PC icon on Desktop
Folder View settings
Internet Options / IE settings
Desktop icons
Set Default Programs
IE
Nitro
UAC
Create Test and Test2 Users, same process as above
Copy the Customized Profile to Default
Logout as ProfileSetup and login as Administrator
Rename the ProfileSetup user profile folder to Default:
Open a Windows Explorer window and navigate to C:\Users
Set View Options
Hidden files and folders
is set to
Show
Hide protected operating system files
is unchecked
Rename the original default profile folder: C:\Users\Default -> C:\Users\Default.Original
Rename the customized profile folder: C:\Users\ProfileSetup -> C:\Users\Default
Copy the customized profile folder using the Windows profile copying utility:
Open Control Panel > System and Security > System
Click Advanced system settings on the left
Click the Settings… button under User Profiles
Highlight Default Profile
Click Copy To…
Copy profile to: C:\Users\DefaultCopy
Click Change under Permitted to use
Enter Everyone and click OK
Click OK
Note: C:\Users\Default contains the original customized profile. The same profile also resides in C:\Users\DefaultCopy. The DefaultCopy folder is the one which has had the Windows profile copying utility transformations applied to it.
Rename the Default profile folder to ProfileSetup
Rename the DefaultCopy folder to Default
Delete
C:\Users\Default\AppData\Local\Packages
\
Microsoft.Windows.ShellExperiencehost...\LocalState\
Delete the ProfileSetup account: ??
Open Control Panel > Add or remove user accounts
Click on the ProfileSetup account
Click Delete the account
Click Delete Files
Click Delete Account
Clean up the Registry
Open regedit as Administrator
Click HKEY_USERS
File -> Load Hive
Navigate to C:\Users\Default\
In the file text box type "NTUSER.DAT" w/o the quotes and press enter
Name the Hive
TempKey
Right click the
TempKey
and click export. Save it somewhere.
Open Explorer and navigate to where you saved the file
Right click the file and click edit
Do a find and replace (CTRL + H) to replace DefaultSetup with the variable %USERNAME%
Save text file
EXIT ANTI VIRUS SOFTWARE
Double click file and click yes to import into registry
Had an error about the import... It still brought in all the right entries, but left some of the ProfileSetup entries. Manually searched the TempKey hive and removed the remaining ProfileSetup entries
Were related to OneDrive
Go back to regedit and click
TempKey
Go to File -> Unload Hive *****IF YOU DONT DO THIS YOU WILL NOT BE ABLE TO LOGIN WITH NEW USERS*****
Logout and test the profile with a NEW user.
Started Working on getting things polished, still an issue
Started Working on getting things polished, still an issue
Set it up using a user named UserProfileDefault - set some password, will auto-login using previous login otherwise. I usually use
1
This PC icon on desktop
Clean up Start and set options
File Explorer - View Options
Internet Options
Install Utilities
Create a User2 and a Test account, both admins
Reboot
Log in as User2 and change view settings to show Hidden and Protected items
Rename
C:\Users\Default
to ...
Default.original
Copy
C:\Users\UserProfileDefault
to
C:\Users\Default
Delete
C:\Users\Default\AppData\Local\Packages
\
Microsoft.Windows.ShellExperiencehost...\LocalState\
Set security on the new
C:\Users\Default
- AND ALL SUBFOLDERS
Reboot
Log in as Test and see if it worked
Log back in as User and clean up other accounts
OLD STUFF
OLD STUFF
OLD STUFF
Set it up using a user named User - set some password, will auto-login using previous login otherwise
Create a User2 and a Test account
Reboot
Log out and log back in as User2
Rename
C:\Users\Default
to ...Default.old
Copy
C:\Users\User
to
C:\Users\Default
Delete
C:\Users\Default\AppData\Local\Packages
\
Microsoft.Windows.ShellExperiencehost\LocalState\
Set security on the new
C:\Users\Default
- AND ALL SUBFOLDERS
Reboot
Log in as Test and see if it worked
Log back in as User and clean up other accounts
All Documents
By Author
By Category
By Alternate Name
Review Status
Help
Document Library
Main Topic
