**Edit: I apologize; my order of steps was incorrect. I did not sysprep the image before capturing the Kimage.

 

I recently built a new Kace Gold Image with only the very basic windows settings set (Such as using windows Classic), everything else is done through Post Install tasks. I used the ITNinja Sysprep Creator tool to create my unattend file and the ITNinja Sysprep Executor to run sysprep with the unattend file.

The issue is that the profile I ran Sysprep on did not copy over to the default profile. I have checked the unattend file and it does have the line:

<CopyProfile>true</CopyProfile>

Is there any special consideration that needs to be made when using this line?

Here are the steps I did when creating the Gold Image (updated in an edit at 9:27am EST. 5/27/2014):

1. Create image and change settings to make sure everything is set on the "Master" profile.

2. Turn on computer and boot into Kace.

3. Capture a K-image from the computer. (to backup our image as it was told for us to use as best practice.)

4. Restart

5. Run sysprep with the unattend file through the sysprep Executor with the switch to Shutdown. on the profile I want to copy.

6. Turn on and boot into Kace.

7. Capture Wim image.

8. Set basics in the WIM image on the server. (Such as: Turn on using driver feed, get computer name, create single partition, format c:, install win7 mbr)

9. Deploy image to computer - Profile has not been copied.

 I have verifyed the unattend file has been applied as the local admin account has been added.

Here is the unattend section with the copy profile tags:

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

            <ComputerName>*</ComputerName>

            <CopyProfile>true</CopyProfile>

            <TimeZone>Eastern Standard Time</TimeZone>

            <ShowWindowsLive>false</ShowWindowsLive>

        </component>
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

0

(This is another question pertaining to copying the default profile, I can start another question if that would be the proper method)

Ok, so I got everything in my System Image all setup, I got all of the postinstall tasks set, and everything is working all fine except when I test a program on another profile I then have an issue. It looks like a IE setting is not copied over with the default profile Copy through sysprep. This is a setting that is set by GPO as a user setting, but it looks like this policy is not always being set on each user login and I cannot have the chance of it not being set.

I tried to use registry change monitor tools like regfromapp and regshot to see the registry files that were changed, and then copying those reg keys to the default user reg hive, but it doesn't look like this copied over the settings.

The setting I need to change is here (in IE8):
IE > Tools > Security Tab > Local intranet > Custom level... > (under settings) User Authentication > Logon > "Automatic logon with current user name and password"
IE > Tools > Security Tab > Trusted sites > Custom level... > (under settings) User Authentication > Logon > "Automatic logon with current user name and password"

I am looking for a way to have this copied over to the default profile through sysprep on the master image, or as a post install task (preferred method). Any help would be appreciated!

Answered 07/11/2014 by: ISEKOLD
Yellow Belt

  • what were the keys you injected into the default profile?
    • I have gone through many iterations of this, but here is the most recent one I tried:

      Windows Registry Editor Version 5.00
      [HKEY_USERS\temphive\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
      "1A00"=dword:00000000

      [HKEY_USERS\temphive\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
      "1A00"=dword:00000000

      This reg file was called from the following Bat script:
      reg load HKU\temphive c:\users\default\ntuser.dat
      regedit.exe /S iefix.reg
      reg unload HKU\temphive

      SMal.tmcc - Thank you for all of the information and help you have given me so far. Thanks!!
    • After running the .bat file, I then went and logged in with a new profile, it had the setting for Zone 2 under the current user profile as the following:

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
      "1A00"=dword:00020000

      I then loaded the Default nsdefaults hive and It was correct for zone 2 1a00. Is this information maybe pulled from another location? Like a template?

      I was gonna try going through and changing anything zone 1 or 2 to have "1A00"=dword:00000000 such as Locked-Down zones, but I have very little experience with IE settings in the registry.
      • active setup could be changing that.
      • you may need to use the IEAK for those settings or a gpo.
        see this for IEAK for the version of IE you are using.
        https://www.google.com/search?q=ie+configuration+tool&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=fflb#channel=fflb&q=internet+explorer+administration+kit&rls=org.mozilla:en-US:official
Please log in to comment
0

Use the windows image under control panel-backup to make an image prior to syspreping to roll back to after.

before you sysprep the machine rename the default profile directory to something else.

IE c:\users\default to c:\users\defaultold

Answered 05/27/2014 by: SMal.tmcc
Red Belt

  • What do you mean when you say to use the imaging in Control Panel? Like creating a restore point to roll back to if there is an issue during the capture? Can you roll back to before a sysprep?

    If I rename the default folder and then run it do you think that would make it work? I will give this a try today.
    • I use the same master and update it to keep it current. To always have only one sysprep count I restore from the last images backup, update and create a new backup and sysprep for the new image. Under control panel - backup and restore in the left column near the top is an option to create a system image. You then can use the windows boot dvd and choose repair and restore from backup and use that one. The only gotcha is windows always uses the same directory name to store this image in, so rename the dir to keep multiple copies and just rename it back to the default name when you want the windows disk to see the backup.
      http://www.itninja.com/blog/view/windows-7-image-process-for-the-college-s-classrooms
      • Ok, this sounds like a good method to do this. I'll do it over the kimage method.
      • just need a large second hdd. It takes minutes to restore also.
  • I tried naming the default folder "Defaultold" and then running the sysprep. It seems to have copied over some things on the profile but not everything such as the "Windows Media Player" is still pinned to the taskbar and Internet Explorer (64-bit).lnk still on the start menu (I got this one removed with a .bat file).

    I found that I can remove the file with the following line in a bat file:

    DEL /F /S /Q /A "C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk"

    However the icon is still there and if you click on it, a message comes up saying that it doesn't exist, you can then click yes, but I would like it to be gone.

    I tried stopping explorer before and restarting it after and it is still there. Do you know how I could remove this or like refresh the taskbar?
    • Oops, I am using a domain account to do this and Microsoft says I shouldn't do this: http://technet.microsoft.com/en-us/library/hh825135.aspx

      I will have to go try again.... ugggggg.
      • I use both types of users, as long as it is not a roaming profile it should be fine. My admin masters copy the user administrator to default, but my academic masters all use our domain install user so we can run the installs from the server and kace to build it. Both work the same
    • add this line to your sysprep answer file in the same section as your copy profile command
      <ShowWindowsMediaPlayer>false</ShowWindowsMediaPlayer>
      • this is the entire section for a 32bit answer file. The key is for kms activation. The link command pins those links to the task bar for all users. Setting the windows features to false will hide them

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <CopyProfile>true</CopyProfile>
        <ShowWindowsLive>false</ShowWindowsLive>
        <TimeZone>Pacific Standard Time</TimeZone>
        <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
        <TaskbarLinks>
        <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
        <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
        </TaskbarLinks>
        <WindowsFeatures>
        <ShowInternetExplorer>true</ShowInternetExplorer>
        <ShowMediaCenter>true</ShowMediaCenter>
        <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
        </WindowsFeatures>
        </component>
      • Here is what I added. I am assuming I needed to add the <windowsfeatures> tag:

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ComputerName>*</ComputerName>
        <CopyProfile>true</CopyProfile>
        <TimeZone>Eastern Standard Time</TimeZone>
        <ShowWindowsLive>false</ShowWindowsLive>
        <WindowsFeatures>
        <ShowInternetExplorer>true</ShowInternetExplorer>
        <ShowWindowsMediaPlayer>false</ShowWindowsMediaPlayer>
        </WindowsFeatures>
        </component>

        I left the <ShowInternetExplorer> because I do want that to be there. I took out the media center because it is not used here.
    • Also another question: If the default profile did not copy these two things, is there anything else that I may have missed that also did not copy over?
      • There are some files that copy over that bloat the default profile. I created a post to do some cleanup since those are locked in the profile you are copying to default.

        if you have FF installed delete the cache under C:\Users\masteruser\AppData\Local\Mozilla\Firefox\Profiles\xxxxxxxx.default and places.sqlite under C:\Users\masteruser\AppData\Raoming\Mozilla\Firefox\Profiles\xxxxxxxx.default

        del C:\Users\Default\AppData\Local\Microsoft\Windows\webcache\*.* /f /q
        del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log1 /f /q /a:hs
        del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log2 /f /q /a:hs
        del C:\Users\Default\AppData\Local\Microsoft\Windows\*.blf /f /q /a:hs
        del C:\Users\Default\AppData\Local\Microsoft\Windows\*.regtrans-ms /f /q /a:hs
        del C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\*.* /f /q
        del c:\users\default\downloads\*.* /f /q /s


        to stop the IE welcome crap

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <DisableFirstRunWizard>true</DisableFirstRunWizard>
        <DisableWelcomePage>true</DisableWelcomePage>
        </component>
      • Ok, I will make these changes in the post install task and ill add the IE stuff into the unattend.
      • For the IE stuff, being as I am using x64 do I just need to change the x86 to amd64? Do I need to change any other parts in the initial <component> tag (such as the publicKeyToken="31bf3856ad364e35")?
      • sorry
        here is from a 64bit answer file:

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <AllowedSites>*.tmcc.edu;*.unr.edu</AllowedSites>
        <BlockPopups>yes</BlockPopups>
        <DisableFirstRunWizard>true</DisableFirstRunWizard>
        <DisableWelcomePage>true</DisableWelcomePage>
        <LocalIntranetSites>*.tmcc.edu;*.unr.edu</LocalIntranetSites>
        <PrintBackground>true</PrintBackground>
        </component>

        here is the entire 64bit admin file.

        <?xml version="1.0" encoding="utf-8"?>
        <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <RunSynchronous>
        <RunSynchronousCommand wcm:action="add">
        <Path>net user administrator /active:yes</Path>
        <Order>1</Order>
        </RunSynchronousCommand>
        </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <AllowedSites>*.tmcc.edu;*.unr.edu</AllowedSites>
        <BlockPopups>yes</BlockPopups>
        <DisableFirstRunWizard>true</DisableFirstRunWizard>
        <DisableWelcomePage>true</DisableWelcomePage>
        <LocalIntranetSites>*.tmcc.edu;*.unr.edu</LocalIntranetSites>
        <PrintBackground>true</PrintBackground>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
        <ShowWindowsLive>false</ShowWindowsLive>
        <TimeZone>Pacific Standard Time</TimeZone>
        <CopyProfile>true</CopyProfile>
        </component>
        </settings>
        <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <NetworkLocation>Work</NetworkLocation>
        <ProtectYourPC>3</ProtectYourPC>
        </OOBE>
        <UserAccounts>
        <AdministratorPassword>
        <Value>VwBpAG4AZABvAHxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcAbwByAGQA</Value>
        <PlainText>false</PlainText>
        </AdministratorPassword>
        <LocalAccounts>
        <LocalAccount wcm:action="add">
        <Password>
        <Value>VwBpAG4AZAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxG8AcgBkAA==</Value>
        <PlainText>false</PlainText>
        </Password>
        <DisplayName>DFault</DisplayName>
        <Name>DFault</Name>
        </LocalAccount>
        </LocalAccounts>
        </UserAccounts>
        <RegisteredOrganization>TMCC</RegisteredOrganization>
        <RegisteredOwner>Staff</RegisteredOwner>
        <AutoLogon>
        <Password>
        <Value>VwBpAG4AZxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxG8AcgBkAA==</Value>
        <PlainText>false</PlainText>
        </Password>
        <Enabled>true</Enabled>
        <LogonCount>3</LogonCount>
        <Username>administrator</Username>
        </AutoLogon>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-us</InputLocale>
        <SystemLocale>en-us</SystemLocale>
        <UILanguage>en-us</UILanguage>
        <UserLocale>en-us</UserLocale>
        </component>
        </settings>
        <settings pass="generalize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OEMInformation>
        <Manufacturer>TMCC ITO</Manufacturer>
        <Model>Admin Image</Model>
        <SupportHours>8 - 5</SupportHours>
        <SupportPhone>673-7800</SupportPhone>
        <SupportURL>http://www.tmcc.edu/ito/contact/</SupportURL>
        </OEMInformation>
        </component>
        </settings>
        <cpi:offlineImage cpi:source="catalog:c:/w7image64/install_windows 7 enterprise.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
        </unattend>

        here is a 32bit acad file

        <?xml version="1.0" encoding="utf-8"?>
        <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <RunSynchronous>
        <RunSynchronousCommand wcm:action="add">
        <Path>net user administrator /active:yes</Path>
        <Order>1</Order>
        </RunSynchronousCommand>
        </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <CopyProfile>true</CopyProfile>
        <ShowWindowsLive>false</ShowWindowsLive>
        <TimeZone>Pacific Standard Time</TimeZone>
        <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
        <TaskbarLinks>
        <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
        <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
        </TaskbarLinks>
        <WindowsFeatures>
        <ShowInternetExplorer>true</ShowInternetExplorer>
        <ShowMediaCenter>true</ShowMediaCenter>
        <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
        </WindowsFeatures>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <DisableFirstRunWizard>true</DisableFirstRunWizard>
        <DisableWelcomePage>true</DisableWelcomePage>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
        <JoinWorkgroup>tmccacad.tmcc.e</JoinWorkgroup>
        </Identification>
        </component>
        </settings>
        <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-us</InputLocale>
        <SystemLocale>en-us</SystemLocale>
        <UILanguage>en-us</UILanguage>
        <UserLocale>en-us</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <NetworkLocation>Work</NetworkLocation>
        <ProtectYourPC>3</ProtectYourPC>
        </OOBE>
        <UserAccounts>
        <LocalAccounts>
        <LocalAccount wcm:action="add">
        <Password>
        <PlainText>false</PlainText>
        <Value>VwBpAG4AZABxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBkAA==</Value>
        </Password>
        <DisplayName>F14Master</DisplayName>
        <Name>F14Master</Name>
        <Group>Administrators</Group>
        </LocalAccount>
        </LocalAccounts>
        <AdministratorPassword>
        <PlainText>false</PlainText>
        <Value>VwBpAG4AZABxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcAbwByAGQA</Value>
        </AdministratorPassword>
        </UserAccounts>
        <RegisteredOrganization>tmcc</RegisteredOrganization>
        <RegisteredOwner>staff</RegisteredOwner>
        <AutoLogon>
        <Password>
        <Value>VwBpAG4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8AcgBkAA==</Value>
        <PlainText>false</PlainText>
        </Password>
        <Enabled>true</Enabled>
        <LogonCount>3</LogonCount>
        <Username>installer</Username>
        </AutoLogon>
        </component>
        </settings>
        <settings pass="generalize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OEMInformation>
        <HelpCustomized>true</HelpCustomized>
        <Manufacturer>TMCC Helpdesk</Manufacturer>
        <SupportHours>8 - 5</SupportHours>
        <SupportPhone>673-7800</SupportPhone>
        <SupportURL>http://www.tmcc.edu/ito/contact/</SupportURL>
        <Model>Compuiter Support</Model>
        </OEMInformation>
        </component>
        </settings>
        <cpi:offlineImage cpi:source="catalog:c:/w7image/install_windows 7 enterprise.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
        </unattend>
      • Here is my unattend if you wouldn't mind taking a look at it. We are still using OEM licensing so I am not sure how to handle that part of it - I think what I have will work fine for now. - I added the things you suggested I add.

        <?xml version="1.0" encoding="utf-8"?>
        <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <SkipRearm>0</SkipRearm>
        </component>
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
        <DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
        </component>
        </settings>
        <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <RunSynchronous>
        <RunSynchronousCommand wcm:action="add">
        <Path>net user administrator /active:No</Path>
        <Order>1</Order>
        </RunSynchronousCommand>
        </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ComputerName>*</ComputerName>
        <CopyProfile>true</CopyProfile>
        <TimeZone>Eastern Standard Time</TimeZone>
        <ShowWindowsLive>false</ShowWindowsLive>
        <WindowsFeatures>
        <ShowInternetExplorer>true</ShowInternetExplorer>
        <ShowWindowsMediaPlayer>false</ShowWindowsMediaPlayer>
        </WindowsFeatures>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <TrustedSites>website1;website2</TrustedSites>
        <BlockPopups>yes</BlockPopups>
        <DisableFirstRunWizard>true</DisableFirstRunWizard>
        <DisableWelcomePage>true</DisableWelcomePage>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
        <Credentials>
        <Domain>localhost</Domain>
        </Credentials>
        <JoinDomain>localhost</JoinDomain>
        <JoinWorkgroup>WORKGROUP</JoinWorkgroup>
        </Identification>
        </component>
        </settings>
        <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-US</InputLocale>
        <SystemLocale>en-US</SystemLocale>
        <UILanguage>en-US</UILanguage>
        <UILanguageFallback>en-US</UILanguageFallback>
        <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <AutoLogon>
        <Password>
        <Value>AdminAccountPass</Value>
        <PlainText>true</PlainText>
        </Password>
        <LogonCount>2</LogonCount>
        <Enabled>true</Enabled>
        <Username>AdminAccount</Username>
        </AutoLogon>
        <FirstLogonCommands>
        <SynchronousCommand wcm:action="add">
        <Order>1</Order>
        <Description>Windows License Key</Description>
        <RequiresUserInput>false</RequiresUserInput>
        <CommandLine></CommandLine>
        </SynchronousCommand>
        <SynchronousCommand wcm:action="add">
        <RequiresUserInput>false</RequiresUserInput>
        <Order>2</Order>
        <Description>Activate Windows</Description>
        <CommandLine></CommandLine>
        </SynchronousCommand>
        <SynchronousCommand wcm:action="add">
        <CommandLine>reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f</CommandLine>
        <Description>Disable UAC</Description>
        <Order>3</Order>
        <RequiresUserInput>false</RequiresUserInput>
        </SynchronousCommand>
        </FirstLogonCommands>
        <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
        <NetworkLocation>Work</NetworkLocation>
        <ProtectYourPC>3</ProtectYourPC>
        </OOBE>
        <UserAccounts>
        <AdministratorPassword>
        <Value>AdminAccountPass</Value>
        <PlainText>true</PlainText>
        </AdministratorPassword>
        <LocalAccounts>
        <LocalAccount wcm:action="add">
        <Password>
        <Value>AdminAccountPass</Value>
        <PlainText>true</PlainText>
        </Password>
        <Description>Local Administrator</Description>
        <DisplayName>AdminAccount</DisplayName>
        <Group>Administrators</Group>
        <Name>AdminAccount</Name>
        </LocalAccount>
        </LocalAccounts>
        </UserAccounts>
        <RegisteredOrganization>MNH</RegisteredOrganization>
        <RegisteredOwner>MNH</RegisteredOwner>
        </component>
        </settings>
        <cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
        </unattend>
      • Looks good
        also

        Make the account you are copying from an admin.

        Since you are copying the profile you can go into user account control settings and set uac to never and that will sysprep over, do not need the command to set it off in the ans file
      • Everything looks good! The only issue I have after all of that is that a couple sites didn't get added to the trusted sites. I am going to look and see if I can fine a script to add a couple sites to the trusted sites. Do you by chance have any scripts to do this?
Please log in to comment
0

to add zones to the trusted sites, first try adding them to the user being copied to default.  If that does not stick during the sysprep I have a blog on how to edit the default users offline registry.

http://www.itninja.com/blog/view/how-to-make-changes-to-the-default-users-hive-as-a-post-taks

to add sites you just need to create these types of registry keys

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nevada.edu]
"*"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmcc.edu]
"*"=dword:00000002
"http"=dword:00000001
"https"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmcc.edu\kbox]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmcc.edu\mytmcc]
"http"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmcc.edu\sevis]
"*"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmcc.edu\www]
"http"=dword:00000001
"https"=dword:00000001

 

Answered 05/29/2014 by: SMal.tmcc
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity