Default user profile customization Windows 2008 R2

Posted on 2011-03-16
Last Modified: 2012-05-11
I have looked over this article -  As far as I can tell it describes the official  way to customize the default user profile that employs Sysprep.  I can understand its use on a brand new system to setup a new template that can be deployed. However, once a system is deployed and operational, and I find out that I want to make additional changes to the default user profile what is the method to do that? I see nothing here other than the assumption of creating a template system with a template customized user profile.  Once a system is operational there can be all kinds of things added to it - software, permissions, etc.  How would I update the default user profile on such a system without having to going back to square one/redoing all my work?  In other words how do I efficiently modify the default user profile on an already existing production environment? Efficient is a very key concept here as  It should be noted that I may have to do this on dozens of diverse systems in various environments.
Question by:lineonecorp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 35153348
Simple, yet complex. I modify the default user setting by:

1. Login to the server and create the settings as you want them to be the default. You can use the administrator account here.
2. Create a separate admin account; you can name it 'tempadmin' if you'd like.
3. REBOOT (don't just logoff, you must reboot)
4. Login as 'tempadmin'
5. Copy NTUSER, Application Data, Local Settings, etc to the DEFAULT user folder. (I usually just copy everything from the admin that matches the contents of DEFAULT)
6. Delete the administrator account (primarily just to test the process, you can omit this if you prefer)
7. Login to server with new account.

Author Comment

ID: 35153886
You write:
" Create a separate admin account; you can name it 'tempadmin' if you'd like."

You mean an administrator equivalent account?

I am familiar with the above/variant on the above but I was curious about folks who use the Sysprep method to begin with if there was a way to do it with some abbreviated form of the Sysprep routine?  The long way I can think of would be to backup the current production system (which was originally sysprepped and let's assume it's a VM/VHD) and then do the Microsoft sysprep method again as per the Microsoft note above. Would that work? Would there be an even simpler version of the method given that I had originally sysprepped the system - in other words do I get some savings doing it the 2nd and 3rd time because something created the first time around can be reused e.g. the answer file so that I simply manipulate the answer file as opposed to going through the whole sysprep routine?  What's been your experience with these kind of options when you used Sysprep?


Accepted Solution

pitchford earned 300 total points
ID: 35155560
Yes, I mean a second admin account. You do this because you can't login as "administrator" and copy yourself to the default profile. You create another account for just that purpose; so 'tempadmin' can copy 'administrator' to 'default'.

I'm not familar with the sysprep routine; I've only been required to do this a handful of times.

Author Comment

ID: 35159168
Thanks.  I will repost this question as I primarily wanted to know whether there was a shortened version of Sysprep as that is the only officially supported Microsoft method of customizing the default user profile.

Author Closing Comment

ID: 35159184
Was an answer but not exactly to the question asked.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question