The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
Please vote in the Forum Structure Poll. Polling will close at 2PM EST on January 21, 2025.
Windows 7 profile copy to disabled
texasheat
Registered User regular
Registered User regular
Ok. I'm in an enterprise environment. I have to deploy windows 7 soon. I'm used to modifing the default profile and rolling out an image. Can't do it with windows 7 because you cannot copy a customized profile OVER the default profile. The option is greyed out. NOW, i've done some googling. It seems people have been flaming about this problem for over 2 years. They found a solution...one that i cannot abide by due to corperate policy. This isn't entirely true, let me explain.
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/5a5d44b6-116a-4a21-bc64-53379218ecc6/
The above thread goes round and round, try to ignore the MS flamers, it ends up with this, Win Enabler program and .dll file. Everyone seems to think it works pretty awesomely. I cannot use freeware. It's too common for it to be spyware/adware/etc. So, if this is the only option, how then do i make it work. Well, i have the answer. I just need to do whatever the program is doing manually. Make since? Problem is, i can't tell what it's accomplishing. Here's what i mean:
It enables a button, in theory any button. Which, in my mind, is just disabled in the regesitry or some other local setting. That, once found, will be easily changeable. Now you know why i come to real experts. What is this program doing. What setting is it changing. How do i make the same effects manually. Surely this is possible.
Side note, if anyone has any other thoughts about my plight, other options perhaps. Heads up, sysprep is not good enough. It changes too many settings to be what i consider a good image for roll out. Any other thoughts? Thank you in advance for ready and I hope you have some positive feedback.
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/5a5d44b6-116a-4a21-bc64-53379218ecc6/
The above thread goes round and round, try to ignore the MS flamers, it ends up with this, Win Enabler program and .dll file. Everyone seems to think it works pretty awesomely. I cannot use freeware. It's too common for it to be spyware/adware/etc. So, if this is the only option, how then do i make it work. Well, i have the answer. I just need to do whatever the program is doing manually. Make since? Problem is, i can't tell what it's accomplishing. Here's what i mean:
It enables a button, in theory any button. Which, in my mind, is just disabled in the regesitry or some other local setting. That, once found, will be easily changeable. Now you know why i come to real experts. What is this program doing. What setting is it changing. How do i make the same effects manually. Surely this is possible.
Side note, if anyone has any other thoughts about my plight, other options perhaps. Heads up, sysprep is not good enough. It changes too many settings to be what i consider a good image for roll out. Any other thoughts? Thank you in advance for ready and I hope you have some positive feedback.
texasheat on
0
Posts
Long story short, Copy To is not how Microsoft wants you to make a default profile. Their solution is to enable the <CopyProfile> flag in the answer file for Sysprep.
Quite frankly, fuck this system. It's convoluted and terrible. I can provide you with some docs on it if you need help, just don't have the time right now.
edit: reread the OP. What does sysprep change that isn't good enough? A lot of the stuff you can disable/alter. There are a couple things you can't do with sysprep, but answer files are pretty powerful.
We've tried sysprep. The main failures are printers, programs, and permissions. If you want more detail i can give it. But it basically comes down to this. We have networked printers on a print server, sysprep doesn't like that. We have custom programs built here that need specific setup, instead of doing 1000+ users we'd like the system to do it, we we have done with the copy to before, sysprep doesn't allow specific configurations like what we want. Finally permissions, and i guess by extension, network drives. They don't always build properly, and modifing the default save location to a network path is restricted, unless you set proper permissions.
Long story short, we tried, and failed, to come up with a satisfying way to build a system with sysprep. Coping the default profile seem like our only option, but with the functionality limited by the OS, we seem to be at a stand still.
Can you elaborate more on that?
We have networked printers on a print server, sysprep doesn't like that.
Finally permissions, and i guess by extension, network drives.
We use login scripts for this - printers/network shares/other network resources are assigned at login. Is this a possibility?
You also said in the OP: Heads up, sysprep is not good enough. It changes too many settings to be what i consider a good image for roll out.
How so? Maybe I'm just not well-versed when it comes to imaging so there's something I'm not aware of, but I've never created one without sysprep.
For program settings, where are the settings saved? (best practice for win7 images is to have only one account, a local admin account, to build the image and configure, as the <CopyProfile> parameter takes the first available profile and things get messy with domain accounts. This resets permissions on the copied admin profile, so anything in C:\users\administrator\appdata gets set so that everyone can use it.) ProgramData was basically created for this purpose, to have universal program settings for all users. The only thing I haven't been able to successfully configure for a win7 image is the task bar and some start menu items.
There's plenty out there on why Copy To isn't best practice and why it's been disabled, which mainly I've found from building XP images is stupid shit with permissions and some registry stuff getting messed up.
I'll admit that answer files are a real pain to get working, but that's Microsoft for you. Out of curiosity, what utility do you image with, and what did you use to build the answer file?
Login scripts won't work. We can't modify our login scripts. We have to use the ones we get from the HQ office, and they won't let us modify it. But yes, that would be the best way.
Sysprep, from what i've experienced, and it is limited i'll admit, makes a number of reg and premission changes behind the scenes to the programs and default profile. Several times i had to go back and fix what it was "preping". Like the default hive file. If you make changes to it, sysprep re-writes those with they OS standards. There's others i just can't remember off the top of my head.
We image with norton ghost 11.5. The answer file is a different matter all together. I don't remember using an answer file, but we did step by step microsoft instructions. So if it's in there, then i used whatever they suggested.
It handles all drivers (you're not still installing all drivers onto a gold image are you?) applications and MS patches.
MDT is amazingly powerful and free, and Microsoft supported.
If you can script the modifications, use a cmd/scripting task sequence in MDT.
OR
Use the HKLM\software\microsoft\windows\currentversion\runonce for scripts you want to "run once" on first logon.
You can also look into "active setup" for all your "needs to be run once for every user" needs.
http://www.appdeploy.com/articles/activesetup.asp
The above link talks about using MSIs but you can script the registry changes by hand.
I'm pretty much designing an image for an equally huge group of people and you definitely don't want to use the old way of using ghost.
If you have any other questions let me know.
Basically, we used to use Ghost for imaging our XP machines and 7 machines. The way sysprep works is through an answer file, which contains desired settings for a myriad of things. Ghost does not have a very robust answer file creation tool. You can fill out things like organization and product key, but that's about it. Windows System Image Manager is the real way to put together an answer file. It's scary at first, all kinds of crazy options and settings, but it's pretty quick to understand.
I hate Ghost a lot after using MDT. Shit, I've even got it so that after a laptop is done imaging, it adds the wireless key, automatically names itself, activates itself with our KMS host and joins the right OU. I experimented with gpupdate /force and a reboot afterwards but some of the time the clients would hang. MDT is pretty powerful.
We re-named the default user profile defaultold, and un-hid it. We then named our custom profile Default and copied the custom profile over default old. This was possible because the system will allow you to copy any profile named default to any other profile. After that we functioned permissions down the entire default profile, and re-wrote the default hive file with proper codings (i.e. not customer profile name). This has accomplished all our needs.
Thanks again for all your input. The MDT sounds like a great tool, i'll look more into that once we've passed our deadline and have a bit of time to play around with it.