Jump to content

SkipMachineOOBE/Forced Account Creation & Sysprep + Default User P


Recommended Posts

Ok, tricky one. We know SkipUserOOBE isn't used in W7 anymore, and that SkipMachineOOBE is deprecated. There's even a nice how-to in WSIM on which settings to configure to effectively skip the Welcome Screen, and it works well. Only problem is the fact you absolutely HAVE to create an account to skip it, which makes no sense whatsoever why MS would push this, but MS making sense on some of their stuff would = the world is flat right? On top of that is automatically disables the Administrator account.

Now, I can get the security aspect of creating a completely new account & disabling the built-in Administrator one, and I'd go for it is if wasn't for the next problem which is directly tied into this: Sysprep using an unattend.xml file with CopyProfile set to TRUE.

The ONLY account CopyProfile will work on is with the built in ADMINISTRATOR ACCOUNT!!! It doesn't matter if I sysprep from that "forced creation" one, a completely different local account or a domain account (with all admin privileges and UAC turned off for image configuration phase), CopyProfile would never work... so after reading through the line of people who had success and who didn't on forums/posts all over the internet, I decided to re-enable the built-in Administrator account, set my desktop, icons, start menu options, etc... and then use the same sysprep as the other tests under different accounts... and it worked.

So, I'm guessing I'm looking for the middle grounds here; being able to do an unattended without having to create a friggin extra account or being able to use sysprep on ANY account and the darned CopyProfile working.

I usually don't follow MS recommendations to the letter, but in my organization (26000 users, 36000+ desktops/laptops) the whole "don't EVER EVER EVER use SkipMachineOOBE outside of testing" didn't only catch my attention, but others in my group. Used it for XP, worked perfectly fine, but with the warning messages, I'm weary of using this only to find out later down the road (when it's all deployed) that something that we install/set needed the whole darn Welcome Screen settings to be inserted correctly and not just skipped.

Anyone have any insight on this? (and I blame my french if I didn't explain things correctly, heh)

Edited by Dechy
Link to comment
Share on other sites


We know SkipUserOOBE isn't used in W7 anymore, and that SkipMachineOOBE is deprecated.

I beg to differ as I use both with no issues - kinda like MS stated that $OEM$ will no longer work under Vista, where obviously it did and still does in W7. :whistle:

I would probably ask the question as to why one shouldn't "EVER EVER EVER use SkipMachineOOBE outside of testing". I don't understand how something so useful would be added as a WSIM item as a testing tool only? With SkipUser and SkipMachine, I still get the network setup dialog - and that's fine. As for the Administrator account, I enable it while renaming it as I see fit. It is quite the process and you can look that up here (the instructions work the same for W7, I currently use it myself - in W7):

Renaming the Administrator account

Of course, replace all ImageX instruction with DSIM commands.

As for Default User, I remember something about logging on to either safe mode or winpe and copying ntuser.dat files from the user directory you want to copy settings from. Take these, log on to your normal desktop and copy them to the default user directory (must Show Hidden files) of mounted WIM. This is not as easy as it sounds.

Hope this helps a little...

Edited by razormoon
Link to comment
Share on other sites

Note that if these are domain-joined machines, you can put a default user profile in the netlogon folder in the domain sysvol and that works as a "profile copy" as well. Has worked since NT4, I think, so it's at least an option.

Link to comment
Share on other sites

  • 2 weeks later...

Ok, does anybody have a working unattend.xml (or whatever they named it) for a working Sysprep using the damned Copyprofile option? I've tried about 2 dozen scenarios & methods and it's worked TWICE in 24 times, and I have no clue what I did exactly in those 2 times because Sysprep destroyed my OS after re-trying, so I had to re-install the OS and try again. Even when I thought I had the correct XML, I used it again and it didn't work whatsoever anymore.

Copyprofile, from what my searches have returned, is probably the most flaky option in sysprep, TONS of people having huge issues with it not working whatsoever and the threads sort of die out.

It's pretty bad when it's been an option since the Vista beta and STILL DOESN'T WORK CORRECTLY.

Link to comment
Share on other sites

Yeah, caught that one, and I even indirectly made reference to finding it in my first post... but for some ungodly reason, it doesn't work all the time (actually, rarely is more like it).

The CopyProfile information from the WAIK & TechNET site clearly state you can run it from any account, but that's not true by a longshot. So I did try the Administrator account, and well, it worked the first time I used it (re-enabled built-in account, customized wallpaper, desktop icons, start menu pins and syspreped). The Sysprep documentation also clearly state that the built-in admin account gets zapped on every use, which isn't the end of the world, because the CopyProfile also states that it goes through the copy phase well before the account gets zapped. No problem right?

Well, I've tried around a dozen time now and am unable to replicate the working conditions on what happened exactly when the CopyProfile worked.

Hell, I've actually gotten it to work from another account in the administrators group more often, but again, 100% random results even using the EXACT SAME unattend.xml for Sysprep. (worked 3 times out of 10).

Link to comment
Share on other sites

That's pretty odd, although not impossible. Hopefully it'll be better with the Win7 WAIK and sysprep, but I personally have not used CopyProfile so I can't comment if that's normal or not. I used a default ntuser.dat and some vbscripts in my unattend after MDT installs the OS to modify the default user profile, which works 100% of the time ;).

Link to comment
Share on other sites

Could you explain a wee bit what you do with the NTUSER.DAT? I was using that for years in 2K & XP, and it worked so friggin' well, even if M$ didn't "officially support" it. That's actually the very first thing I did before finding out about the CopyProfile in Sysprep, but I was getting some pretty interesting results; permission problems, background not "sticking", some pinned applications wouldn't "stick" either.

I'm guessing you're doing it the long way; i.e. loading up the Default User hive manually and editing everything by hand? I think that's the only one I haven't tried, because I thought there had to be a more automated way of doing this. I've tried using the other old school method using the Copy To in the User Profile settings tab, but that's greyed out now, I've tried modifying any account to the standards and then copying the NTUSER.DAT, that also didn't work out very well.

Link to comment
Share on other sites

I'm guessing you're doing it the long way; i.e. loading up the Default User hive manually and editing everything by hand? I think that's the only one I haven't tried, because I thought there had to be a more automated way of doing this. I've tried using the other old school method using the Copy To in the User Profile settings tab, but that's greyed out now, I've tried modifying any account to the standards and then copying the NTUSER.DAT, that also didn't work out very well.
Yes, I edited it by hand from a standard user profile I used as a template to begin with, but I've been moving more and more to reg add and reg delete calls in script to set some simple things, and use local (or domain) group policies to set most other things. I've not run into permissions problems that you say you're seeing, but I've not been overly hackish either, and didn't change a whole heck of a lot from the defaults (hence why I've been trying to move away from it - I'm currently testing a build that uses nothing but a logon script and group policy to make changes, which is working fairly well so far).
Link to comment
Share on other sites

  • 3 months later...

The copyprofile thing i figured it out... kinda dumb from Microsoft..

I use WDS to deploy windows image's

1) Create your image

2) Make your changes in the Administrator account (the real one)

3) Sysprep your image with the copyprofile option

4) Load your image up to the WDS server

5) Set in your unattended install the copyprofile option also

So, i believe we all asumed that the default profile was completed during the sysprep and BEFORE the creation of the image.

Link to comment
Share on other sites

In regards to the extra user acct, if you have the administrator account enabled, can you set the line in unattend.xml for creating a new acct to Administrator, and it skips the acct creation and just uses the admin acct that was already there.

Link to comment
Share on other sites

  • 2 weeks later...

using AIK for win7

as p1 shown:

set the SkipMachineOOB session function as "true" of a Unattended.xml

create deploy.cmd file with

start /wait %windir%\system32\oobe\windeploy.exe  
net user Administrator /Active:yes

lay it to system32

as p2 shown:

go into reg, set the "cmdline" velue as "deploy.cmd", in hkey-local machine-system-setup,(defoult velue is empty!)

run sysprep.exe with using /unattend:Unattended.xml

eg: sysprep.exe /oobe /generalize /quit /quiet /unattend:d:\xxx.xml

finish and make pakage!

i learn it from one of my friend's<step by step,sysprep ur win7>, and he make a auto-sysprep tool(incl. srs).

oh "Upload failed. The file was larger than the available space" about p2, but i guess u know what i mean without p2

post-210349-1256935172_thumb.jpg

Edited by maliXPboy
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...