As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Windows 7 profile copy to disabled

texasheattexasheat Registered User regular
Ok. I'm in an enterprise environment. I have to deploy windows 7 soon. I'm used to modifing the default profile and rolling out an image. Can't do it with windows 7 because you cannot copy a customized profile OVER the default profile. The option is greyed out. NOW, i've done some googling. It seems people have been flaming about this problem for over 2 years. They found a solution...one that i cannot abide by due to corperate policy. This isn't entirely true, let me explain.

http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/5a5d44b6-116a-4a21-bc64-53379218ecc6/

The above thread goes round and round, try to ignore the MS flamers, it ends up with this, Win Enabler program and .dll file. Everyone seems to think it works pretty awesomely. I cannot use freeware. It's too common for it to be spyware/adware/etc. So, if this is the only option, how then do i make it work. Well, i have the answer. I just need to do whatever the program is doing manually. Make since? Problem is, i can't tell what it's accomplishing. Here's what i mean:

It enables a button, in theory any button. Which, in my mind, is just disabled in the regesitry or some other local setting. That, once found, will be easily changeable. Now you know why i come to real experts. What is this program doing. What setting is it changing. How do i make the same effects manually. Surely this is possible.

Side note, if anyone has any other thoughts about my plight, other options perhaps. Heads up, sysprep is not good enough. It changes too many settings to be what i consider a good image for roll out. Any other thoughts? Thank you in advance for ready and I hope you have some positive feedback.

texasheat on

Posts

  • harvestharvest By birthright, a stupendous badass.Registered User regular
    Ask the author about it?

    B6yM5w2.gif
  • Mustachio JonesMustachio Jones jerseyRegistered User regular
    edited October 2011
    This is something I spent most of my summer doing for an organization.

    Long story short, Copy To is not how Microsoft wants you to make a default profile. Their solution is to enable the <CopyProfile> flag in the answer file for Sysprep.

    Quite frankly, fuck this system. It's convoluted and terrible. I can provide you with some docs on it if you need help, just don't have the time right now.

    edit: reread the OP. What does sysprep change that isn't good enough? A lot of the stuff you can disable/alter. There are a couple things you can't do with sysprep, but answer files are pretty powerful.

    Mustachio Jones on
  • texasheattexasheat Registered User regular
    This is something I spent most of my summer doing for an organization.

    Long story short, Copy To is not how Microsoft wants you to make a default profile. Their solution is to enable the <CopyProfile> flag in the answer file for Sysprep.

    Quite frankly, fuck this system. It's convoluted and terrible. I can provide you with some docs on it if you need help, just don't have the time right now.

    edit: reread the OP. What does sysprep change that isn't good enough? A lot of the stuff you can disable/alter. There are a couple things you can't do with sysprep, but answer files are pretty powerful.

    We've tried sysprep. The main failures are printers, programs, and permissions. If you want more detail i can give it. But it basically comes down to this. We have networked printers on a print server, sysprep doesn't like that. We have custom programs built here that need specific setup, instead of doing 1000+ users we'd like the system to do it, we we have done with the copy to before, sysprep doesn't allow specific configurations like what we want. Finally permissions, and i guess by extension, network drives. They don't always build properly, and modifing the default save location to a network path is restricted, unless you set proper permissions.

    Long story short, we tried, and failed, to come up with a satisfying way to build a system with sysprep. Coping the default profile seem like our only option, but with the functionality limited by the OS, we seem to be at a stand still.

  • citizen059citizen059 hello my name is citizen I'm from the InternetRegistered User regular
    edited October 2011
    We have custom programs built here that need specific setup, instead of doing 1000+ users we'd like the system to do it, we we have done with the copy to before, sysprep doesn't allow specific configurations like what we want.

    Can you elaborate more on that?

    We have networked printers on a print server, sysprep doesn't like that.

    Finally permissions, and i guess by extension, network drives.


    We use login scripts for this - printers/network shares/other network resources are assigned at login. Is this a possibility?


    You also said in the OP: Heads up, sysprep is not good enough. It changes too many settings to be what i consider a good image for roll out.

    How so? Maybe I'm just not well-versed when it comes to imaging so there's something I'm not aware of, but I've never created one without sysprep.

    citizen059 on
  • Mustachio JonesMustachio Jones jerseyRegistered User regular
    edited October 2011
    There's been a big push in recent years for some of the stuff mentioned to be pushed out through group policy, which is how my organization does it. We have all machines in a building wing in one OU and push out the relevant network printers to that OU.

    For program settings, where are the settings saved? (best practice for win7 images is to have only one account, a local admin account, to build the image and configure, as the <CopyProfile> parameter takes the first available profile and things get messy with domain accounts. This resets permissions on the copied admin profile, so anything in C:\users\administrator\appdata gets set so that everyone can use it.) ProgramData was basically created for this purpose, to have universal program settings for all users. The only thing I haven't been able to successfully configure for a win7 image is the task bar and some start menu items.

    There's plenty out there on why Copy To isn't best practice and why it's been disabled, which mainly I've found from building XP images is stupid shit with permissions and some registry stuff getting messed up.

    I'll admit that answer files are a real pain to get working, but that's Microsoft for you. Out of curiosity, what utility do you image with, and what did you use to build the answer file?

    Mustachio Jones on
  • texasheattexasheat Registered User regular
    Ex, a custom database program. It's built with specific permissions to folders on the network. Without the permissions, or connections, that we can't get with sysprep, we have to conifgure manually 1000+ systems. We can get the settings made with the default profile, and get every user who logs in to the system the right configurations.

    Login scripts won't work. We can't modify our login scripts. We have to use the ones we get from the HQ office, and they won't let us modify it. But yes, that would be the best way.

    Sysprep, from what i've experienced, and it is limited i'll admit, makes a number of reg and premission changes behind the scenes to the programs and default profile. Several times i had to go back and fix what it was "preping". Like the default hive file. If you make changes to it, sysprep re-writes those with they OS standards. There's others i just can't remember off the top of my head.

  • texasheattexasheat Registered User regular
    There's been a big push in recent years for some of the stuff mentioned to be pushed out through group policy, which is how my organization does it. We have all machines in a building wing in one OU and push out the relevant network printers to that OU.

    For program settings, where are the settings saved? (best practice for win7 images is to have only one account, a local admin account, to build the image and configure, as the <CopyProfile> parameter takes the first available profile and things get messy with domain accounts. This resets permissions on the copied admin profile, so anything in C:\users\administrator\appdata gets set so that everyone can use it.) ProgramData was basically created for this purpose, to have universal program settings for all users. The only thing I haven't been able to successfully configure for a win7 image is the task bar and some start menu items.

    There's plenty out there on why Copy To isn't best practice and why it's been disabled, which mainly I've found from building XP images is stupid shit with permissions and some registry stuff getting messed up.

    I'll admit that answer files are a real pain to get working, but that's Microsoft for you. Out of curiosity, what utility do you image with, and what did you use to build the answer file?

    We image with norton ghost 11.5. The answer file is a different matter all together. I don't remember using an answer file, but we did step by step microsoft instructions. So if it's in there, then i used whatever they suggested.

  • General_WinGeneral_Win Registered User regular
    edited October 2011
    http://technet.microsoft.com/en-us/solutionaccelerators/dd407791 is pretty much best way to manage Windows Images.

    It handles all drivers (you're not still installing all drivers onto a gold image are you?) applications and MS patches.

    MDT is amazingly powerful and free, and Microsoft supported.

    If you can script the modifications, use a cmd/scripting task sequence in MDT.
    OR
    Use the HKLM\software\microsoft\windows\currentversion\runonce for scripts you want to "run once" on first logon.

    You can also look into "active setup" for all your "needs to be run once for every user" needs.
    http://www.appdeploy.com/articles/activesetup.asp

    The above link talks about using MSIs but you can script the registry changes by hand.

    I'm pretty much designing an image for an equally huge group of people and you definitely don't want to use the old way of using ghost.

    If you have any other questions let me know.

    General_Win on
    tf2_sig.png
  • Mustachio JonesMustachio Jones jerseyRegistered User regular
    I spent my summer with WDS and MDT, and while a little convoluted at first, once it's setup, man. Reimaging is a breeze. Building new images, too. (Granted, I had to do it a little differently than they recommend, as I've got thick images for all the different hardware types we've got. Wasn't feasible to make a thin image and install a bunch of applications through MDT.)

    Basically, we used to use Ghost for imaging our XP machines and 7 machines. The way sysprep works is through an answer file, which contains desired settings for a myriad of things. Ghost does not have a very robust answer file creation tool. You can fill out things like organization and product key, but that's about it. Windows System Image Manager is the real way to put together an answer file. It's scary at first, all kinds of crazy options and settings, but it's pretty quick to understand.

    I hate Ghost a lot after using MDT. Shit, I've even got it so that after a laptop is done imaging, it adds the wireless key, automatically names itself, activates itself with our KMS host and joins the right OU. I experimented with gpupdate /force and a reboot afterwards but some of the time the clients would hang. MDT is pretty powerful.

  • texasheattexasheat Registered User regular
    Thanks everyone for looking into this. We've found a work around. For anyone who cares:

    We re-named the default user profile defaultold, and un-hid it. We then named our custom profile Default and copied the custom profile over default old. This was possible because the system will allow you to copy any profile named default to any other profile. After that we functioned permissions down the entire default profile, and re-wrote the default hive file with proper codings (i.e. not customer profile name). This has accomplished all our needs.

    Thanks again for all your input. The MDT sounds like a great tool, i'll look more into that once we've passed our deadline and have a bit of time to play around with it.

  • K0dosK0dos Registered User regular
    I use the copy profile = true flag in the unattend.xml used during sysprep. I use MDT to build my base image and put a task sequence pause script/task that allows me to do any manual additions or changes and still be able to reboot. One thing to note is that the documentation says that it copies the profile when you run sysprep to create the image but that is not when it actually does it. Instead it copies the admin profile to the default profile when you deploy the image so long as you use the unattend.xml with the copy profile = true flag. If you don't use an unattend file it will not copy the profile to apply your changes to the default profile.

    139892.png
Sign In or Register to comment.