I'm looking into setting up mandatory profiles here, and I'm trying to follow the MS way but I'm having trouble with the unattend.xml file and adding the CopyProfile parameter to it.
I have no experience of WAIK before now, could anyone provide detailed instructions on how to generate the Unattend.xml file with the CopyProfile parameter please?
sorry, i havent reviewed this thread further. I used windows enabler to be able to copy the profile.
I used this to help me build the unattend.xml to create the default profile.
Originally Posted by chriscubed
i had the same problem. I have to set up a P.C. classroom for students with mandatory profiles without the use of an active directory domain server.
I needed to setup and customize a LOCAL mandatory profile on a sample machine for replication.
I wrote some notes to describe the working solution, in italian, below an attempt to translate it (i apologize for my poor english)
1) login as an user of group 'Administrators'
2) From the "User Management" create user 'student' with password 'student' and set:
-Password never expires
-User can not change password
3) Start Menu> Change User> log in as user 'student'
5) Create a new folder in C:\Users\ and call it with a name like 'bloccato.v2'.
6) Login as Administrator and copy the profile "DEFAULT" (the default system profile) to the newly created folder using the System Settings menu Advanced> User Profiles Settings> BUTTON "Copy to ...".
IMPORTANT! Before you copy use the "Change" to allow the group 'Authenticated Users' use of the new profile.
This operation overwrites the entire contents of the folder 'bloccato.v2' with the content of the default profile, but allows 'Authenticated Users' to use it.
7) Menu "User Management"> user "student"> "Profile" - enter in the "Profile Path" box the path of the folder 'bloccato.v2' remembering that the folder must be specified omitting the extension. v2 - so the path becomes C:\Users\bloccato
8) "Switch User"
9) login again as "student"
10) customize the desktop settings, the home page of the browsers, the proxy, and anything else you need blocked.
12) go back in as user 'student' and verify that the settings are all stored.
13) Before you continue you should Log off and back several times, opening several applications to make sure they are all properly configured.
14) At this point it is time to change, within the profile folder "bloccato.v2" filename "ntuser.dat" in "Ntuser.man"
15) "Switch User"
16) DONE! login as "student" and try to change some settings - disconnect and go back. The profile "student" is locked!
Further customizations of the mandatory profile can be done ulocking it by renaming back ntuser.man to ntuser.dat.
I hope this is useful to someone. By,
Interesting how a lot of have different methods. This is how I do it:
Create a template account in Active Directory, but with no home directory specified.
Logon as an administrator on a workstation. Navigate to Control Panel > User Accounts > Configure advanced user profile profile properties.
Highlight the Default profile and the 'Copy to' button becomes active.
Copy this to your \\SERVERNAME\Profiles$ share, name the profile (randomname) and give Everyone access. Logoff the workstation as an administrator.
Update the template account profile directory in Active Directory so it reads the same (as above) - \\SERVERNAME\Profiles$\randomname
Logon using the template account on a workstation and make required changes.
Logoff the workstation, then return to the server. On the server navigate to Control Panel > Folder Options > View and untick Hide protected operating system files (Recommended).
Rename the profile ntuser.dat to ntuser.man, then re-tick Hide protected operating system files (Recommended) when finished.
Update other account to use the mandatory profile, job complete.
I remember reading that unless you do it the MS supported way certain symbolic links and other background pieces stop working properly?
When we do our Windows 7 build I'm thinking of doing this...
- build "Gold" image in VMWare so it's truly hardware-agnostic
- capture to SCCM
- deploy via SCCM with driver packages
- take a snapshot of the VM before making changes
- do all the settings required for mandatory profile
- sysprep etc as per MS documentation
- revert snapshot to "clean" state
Rinse and repeat for as many times as we need to make changes to the profile :)