TL;DR: I'm already using the Default Profile for future domain accounts. Is there a way I can stop Sysprep from clobbering the administrator profile and replacing it with the Default profile?

Hello everyone! I'm putting together a kiosk system via K2000 and Sysprep. The only local accounts on the machine are a disabled user, a disabled template account, and Administrator. All the kiosk-y stuff happens via domain accounts. I've already copied the template account to the default profile.

The problem is that every time I run Sysprep, the Administrator account profile gets deleted and replaced with the new Default profile. This is a machine designed to run hands free. So many things are put in autorun that it stops post-installation tasks from completing. Is there a way to stop this from happening? I feel like there's a really simple solution that I'm just not seeing...

Here's what my unattend.xml looks like:

 <?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <EnableLUA>false</EnableLUA>
        </component>
    </settings>
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <WillReboot>Never</WillReboot>
                    <Path>net user administrator /active:Yes</Path>
                    <Order>1</Order>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ComputerName>*</ComputerName>
            <CopyProfile>false</CopyProfile>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Central Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>localhost</Domain>
                </Credentials>
                <JoinDomain>localhost</JoinDomain>
                <JoinWorkgroup>KACE</JoinWorkgroup>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-US</UILanguageFallback>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Password>
                    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>5</LogonCount>
                <Username>Administrator</Username>
            </AutoLogon>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
            <UserAccounts>
                <AdministratorPassword>
                    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local Administrator</Description>
                        <DisplayName>Administrator</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Administrator</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <RegisteredOrganization>Nowhere Special</RegisteredOrganization>
            <RegisteredOwner>TLA</RegisteredOwner>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog://127.99.99.99/peinst/source_cds/11/sources/install_windows 7 ultimate.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

 

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

What we do at my work place is create a temp profile (named temp) with admin rights, and use that profile to sysprep the image after we build the admin profile the way we want it.

Answered 04/18/2013 by: Strangeronfire
Senior Yellow Belt

Please log in to comment
1

I am using Win 7 Ent.  When I resysprep and do not want to erase existing profiles I just delete the copyprofile from the answer file altogether and my profiles remain.  Worst case scenaio is to run a migration on Administrator and reapply that after imaging.

This ans file portion will copy user to default and delete all profiles

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <CopyProfile>true</CopyProfile>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Pacific Standard Time</TimeZone>
            <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
            <TaskbarLinks>
                <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
                <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
            </TaskbarLinks>
            <WindowsFeatures>
                <ShowInternetExplorer>true</ShowInternetExplorer>
                <ShowMediaCenter>true</ShowMediaCenter>
                <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
            </WindowsFeatures>
        </component>

This one does not

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Pacific Standard Time</TimeZone>
            <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
            <TaskbarLinks>
                <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
                <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
            </TaskbarLinks>
            <WindowsFeatures>
                <ShowInternetExplorer>true</ShowInternetExplorer>
                <ShowMediaCenter>true</ShowMediaCenter>
                <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
            </WindowsFeatures>
        </component>

Answered 04/16/2013 by: SMal.tmcc
Red Belt

  • I tried altering my Unattend.xml file like you suggested, but couldn't get it to work. I'll just have to set up the profile migration as a post-install task.
  • I think I know what is up. I use a user that is an admin. I use that account to do all my work and hold my extra admin goodies.

    During sysprep the local administrator account gets deleted and recreated and will have no profile till you log in once, the system prompts you to create a second user (which cannot already have a account/profile). The ones I can preserve when I re-sysprep are users other then the administrator and the second user.

    If you want to use the user administrator with all the settings I think the MIG file will be the easiest method. As a post task I would have the machine auto login as the second user you created during sysprep, run the mig and restart.
Please log in to comment
0
 <CopyProfile>false</CopyProfile>

You want to copy the profile.
Answered 04/15/2013 by: SDNBTP
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity