Default User Swap Revised

[Coolsights2000]

Hi All!

As you all know when you install Windows XP Pro Corp At the end you have to pick a profile name.. Well from then on you might as well throw the real Default User profile out the window,, cause any changes that you make are really going into the profile that was created at the First logon stage.. HKCU yes I know the HKLM keys are common...

It took me a few days to dig up the info on the internet and I have made it so it will put you on the default desk top.. then continue with the installations of your favorite programs... I was surpised it only took a few lines of Code..

Follow the direction on this page for creating a user

http://unattended.msfn.org/xp/autologon.htm

Changes These lines to read Don't use a password

net user "Default User" /add
net localgroup Administrators "Default User" /add
net accounts /maxpwage:unlimited
REGEDIT /S autologon.reg
EXIT

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="Default User"
"DefaultPassword"=""
"AutoAdminLogon"="1"

When the system reboots it will give you a profile call Default User.Domain

We will use the runoneEX keys to Change the ProfileImagePath from the Default User.Domain to the real hidden Default user ....

Here is how...

In your runoneex.cmd put this at the beginning

I would have loved to do this sooner But the keys are not there until you login to a profile,,,

NOTE

If you notice if you never log into the admin profile you never see one in the file folder.. Same here you have to login at least once

cmdow @ /HID
@echo off

SET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

REG ADD %KEY% /V TITLE /D "Preparing Default User Profile Stage 1" /f

REG ADD %KEY%\000 /VE /D "Default User Swap" /f
REG ADD %KEY%\000 /V 1 /D "%XPCD%\~SIDefaultuser\~SIDefaultuser.cmd" /f
REG ADD %KEY%\000 /V 2 /D "%XPCD%\~SIDefaultuser\~SIDShutDownBlocker.cmd" /f

You can include you keys too cause when it reboots it will start with the next runonceex keys

The following are the files that it calls

~SIDefaultuser.cmd

cmdow @ /HID
@echo off
Cls
TITLE SID Finish

ECHO.
ECHO SID Finish

%XPCD%\~SIDefaultuser\Sid.vbs

Start /wait shutdown.exe -r -f -t 60 -c "Windows XP will now restart in 1 minute And you will be on the Default User Profile"

ECHO.
ECHO Restarting the PC in 1 minute...

EXIT

~SIDShutDownBlocker.cmd <<<--- This pause the runonceex from going on to your keys until after it reboots..... It is hidden

cmdow @ /HID
@echo off
Cls
TITLE SID Swap ShutDown Continue Blocker

ECHO.
ECHO SID Swap ShutDown Continue Blocker
ECHO.
ECHO This is a hidden Pause
ECHO For the ~SIDefaultuser.cmd
ECHO To finish the profile swap

Pause

EXIT

Sid.vbs

On Error Resume Next
DIM HKLMLOC
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Account",,48)
For Each objItem in colItems
	If objItem.Name = "Default User" then
  HKLMLOC = "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\" & objItem.SID & "\ProfileImagePath"
  Set WshShell = WScript.CreateObject("WScript.Shell")
  WshShell.RegWrite HKLMLOC,"%SystemDrive%\Documents and Settings\Default User","REG_EXPAND_SZ"
	END IF
Next

Also if you installed NET Frame hide it along with the Admin somewhere in the GUI-mode setup meger this into the register

Windows Registry Editor Version 5.00

;Disable ASPNET and Administrator User
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"ASPNET"=dword:00000000
"Administrator"=dword:00000000

You are on your own as far as getting rid of the folder

C:\Documents and Settings\Default User.Domain

You don't need it anymore trash it...

What ever you do don't get rid of the plain folder

C:\Documents and Settings\Default User

cause that is what you are using after the swap...

Enjoy being on the default Desktop,,,

Enjoy Mac!

P.S. I never Ran Profiles in windows 98SE cause of the way the register works ,,

I always kept it at one level with no profile folder. I don't see a way around that in XP yet..

[evilvoice]

have a question about this...does this mean that HKCU keys entered here will work for any user created after? ie, the reason for running reg tweaks at cmdlines.txt is so that it gets put on default user so that when administrator is created, it will have the same tweaks...so now that we are on default user profile, any hkcu keys entered here will be put in say "John" if john is created 5 days after (default time...5 days...could be any amount of time) just trying to get a feeling for why we would want to do this.

[MHz]

If I understand this correctly. You are taking over the default profile and disabling all others. So, that means that any new users will inherit all your reg entries. No admin account if something goes wrong? No clean default user profile, so users cannot adjust to thier tastes.

If true, cannot see any good in this practice.

Why not just take over the admin account?

[Coolsights2000]

LOL Let Me explain Cause the way the register works is confusing Once you see the light you will jump up and shout! I see the light...... B)

This is for setting up the computer then you can span out and create users then all users will have the default users keys, Once you create a user they will be on there own and can configure there desktop how they like as long as what they are changing is in the HKCU keys,,, It make no matter about the HKLM cause they are shared and if I change something on my desktop that uses the HKLM then you will see it on yor desktop, and visa versa,, Only the HKCU sections goes with a users desktop...

Yes to evilvoice that is why I want to stay on the default desktop and install everthing then branch out to extra users....... just like what you are trying to do in the cmdlines.txt is so that it gets put on default user

ALL ACCOUNTS COME FROM THE Hidden Default user

When you create that admin profile at logon and install software then create a user they get nothing in the HKCU keys...

Cause they get the HKCU keys from the Default user profile which has not been updated cause you where updating the admin HKCU not the default user account,,,

And as far as Mhz question NO i'm not takong over the town and kicking you out... All the stuff that gets loaded go into the default user profile,,, Then branch out

and as far as creating a fresh user if you have a problem just remember the ADMIN and the default user share the HKLM with all users so if the misshap is in the HKLM you get the mishap to .. So in reality there is no fresh clean admin or default user once people start using the register cause the HKLM is shared,,,

If the mishap is in someonces HKCU then you may be able to save them by comparing the HKCU or just make them a new desktop.. It is confusing YES it is..

You can take the restriction out to hide the admin account after you get done then create a admin account the hid it again. if you want,,,

And no I didn't stop you from making more accounts,,,

If you have never made a admin account you will not see one in the file folders anyway...

So when you have a problem it is to late to thing about the admin account which is joke anyway if the mishap is in the HKLM........ I'm confused,,,

This is a good tutorial on the basics

http://www.winguides.com/article.php?id=1&guide=registry

This is the site that I started learning from the old timers on how it all worked

It has gone to the dogs as far as the forum goes cause most of the old tiimers have left... The old timers new there stuff .....

LOL Just think of the register like the CD players with the flat tray where you can lay 5 CD's on... OK now when you want to play a cd you hit the button till the CD you want starts to play..........if one CD get messed up you can just replace that one CD that is the HKCU and the HKLM is the whole player if it gets messed none of the CD's will play,,, No matter what you do.. The CD player BOX is the HKLM....

Admin and the hidden default user clean desktop is a joke....

The admiin and the hidden default user takes up two of those CD spaces except there is a plastic cover over the Default user CD so you canNOT see it or touch it or replace it... I have removed the plastic cover over the default user CD... Darn where did that come from.. You say..

And that Admin Cd is not installed until you put the CD in the tray by default The HKCU keys for the admin are never created unless you log in to the desktop or profile at least once... JUST a blank stop label admin and there is no CD in the slot...

And in reallity 2 of the 5 spots is used up

one is label admin and no other CD will play in that spot and there is no CD in ther,, and one CD that will never play cause of the plastic cover..........

HUM you say

Do you see the light yet!

Mac!

[evilvoice]

GOOD GOD!!!! Coolsights2000 you expect me to read ALL THAT? LOL...im just playing...good show...glad someone figured this out...personally, I think this is great, now im gonna have to figure out how I want to do this since im using xplode...

Here is another question...if doing this the way you specified, is an administrator user created (not the group, the user)? I wonder because although Administrator is a great name, I would like to call it something else, and dont really wanna call it something else if Im gonna have Docs and Settings folder with Administrator folder inside...

[Anderz]

****, this was a great guide. Thanks mate!

[evilvoice]

a couple of changes...maybe, maybe not...these are for Coolsights2000 to see if he thinks this will work

in cmdlines.txt

"usersetup.cmd"

usersetup.cmd (this deletes ASPNET and other users not needed..deletes guest also...taken from raverod and benners)

@echo off

cmdow @ /HID
title Setup Accounts

renuser Guest Disabled
net localgroup guests Disabled /delete
net user aspnet /delete
net user HelpAssistant /delete
net user SUPPORT_388945a0 /delete
cls

net user "Default User" /add
net localgroup Administrators "Default User" /add
net accounts /maxpwage:unlimited
REGEDIT /S autologon.reg
exit

autologon.reg

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="Default User"
"DefaultPassword"=""
"AutoAdminLogon"="1"

;Disable Administrator User
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"Administrator"=dword:00000000

runonceex.cmd

REG ADD %KEY%\000 /VE /D "Default User Swap" /f
REG ADD %KEY%\000 /V 1 /D "%systemdrive%\Install\~SIDefaultuser\~SIDefaultuser.cmd" /f

All four of those go in $OEM$ folder

------------------------------------------

~SIDefaultuser.cmd (changed so runonceex does not continue)

TITLE SIDFinish
cmdow @ /HID
@echo off
Cls

ECHO.
ECHO SID Finish

%systemdrive%\Install\Applications\~SIDefaultuser\Sid.vbs

Start /wait shutdown.exe -r -f -t 60 -c "Windows XP will now restart in 1 minute And you will be on the Default User Profile"

ECHO.
ECHO Restarting the PC in 1 minute...
pause
EXIT

sid.vbs stays the same and I think thats it...all sid files go in $OEM$\$1\Install\Applications\~SIDefaultuser (I use install\applications, but could be anything)

[Coolsights2000]

OH my evilvoice

When you clean house you clean house...

Great Idea! to add.........

I saw those other hidden profiles but I didn't know if you could leagally get rid of them... If you can and we don't need them that is better,,, ????????????

The profile folders are never created cause we never log in on them so they are gone any way... As far as the admin it is really a figment of your imaginations,,

admin rights and the admin profile are to different things... Admin is really another user with all rights enabled.. .......it is created from the default user folders.. when you log into the admin profile.. JUST A FANCY word for BULLS**T the SID is reserved and hidden.......

So that code in your ~SIDefaultuser.cmd stops it from continue, HUM will have to give it a go.. So long as it works like my hidden pause...

[evilvoice]

I updated the command, but yea...im not even sure you need all that...once you start the shutdown...a simple pause before you exit should stop runonceex from continuing...

[Coolsights2000]

If you change these settings

AutoAdminLogon to 0

where you block the admin

Administrator to 1

then reboot you will see the default user and admin pop up

enter the password

then you will see it is just another profile...

for folders

C:\Documents and Settings\Administrator

and look in the ProfileList in the register there is a SID entry for the admin

S-1-5-21-1409082233-842925246-854245398-500 I think the 500 on the end means admin not sure yet,, and the other number may be different for you..

You can change the admin password to zip here "" nothing...

just go into the users and change the password...

just watch cause if some one can see you admin profile and they are logged in as a adminstartor they can change the password withOUT having to know the old one...

LOL My stepson triped when I showed him that..

Mac!

P.S. I still say admin just a fancy word for B.S.

there is a admin profile and admin rights two different things...

[white_tiger]

hi Coolsights2000

just asking about cmdlines.txt

is this the correct way

[COMMANDS]
"RunOnceEx.cmd"
"usersetup.cmd"

or just use one line

[COMMANDS]
"usersetup.cmd"

[Coolsights2000]

all depends on the rest of your code..

I have this

[COMMANDS]
"AllUsersTweaks.cmd" <<--- this one setups up some register stuff
"useraccounts.cmd"    <<--- this one calls autologon.reg also
"RunOnceEx.cmd"       <<-- this one start the whole ball at the first logon..

You have to get the loading of the first logon keys somewhere

My RunonceEX.cmd calls a file on the D:\ drive

%XPCD%\~XPCDRunOnceEx.cmd that loads the real RunoncEX keys

right now the %XPCD%\~XPCDRunOnceEx.cmd file is blank cause I'm playing but it will finally link to the RunOnceEx_999_DU.cmd

once I get done..

I'm daisy chaining right now so I can play.. I burned a CD-RW for the basic load and then I use the files from the d:\ drive to load runonexstuff

I don't need to keep install windows cause that is done I just wipe the drive and put back the same windows basic then run the RunOnceEx_999_DU.cmd

for testing....

So you see it all depends on your code

where and when and how you place and do something is up to you

Just get the timing right...

If you gave two different people that same plate of food would they both eat it the same... NO but it all does end up in the stomach....

Mac!

[white_tiger]

GOOOOOOD

I did it with this

[COMMANDS]
"RunOnceEx.cmd"
"usersetup.cmd"

and it works fine .. and there is couple of programs didn't get the reg keys like Nero and WinXP Manager

any way it's good but there is a lettel problem

you said we have at least logon once to create the profile

in autologon.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="Default User"
"DefaultPassword"=""
"AutoAdminLogon"="1"

;Disable Administrator User
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"Administrator"=dword:00000000

we used "AutoAdminLogon"="1"

to let the Default user logon

after I created a new user name I deleted the Default user then restart the windows

it wont start .. stops at the logon screen

AutoAdminLogon didn't effects the new user name ?!!

[evilvoice]

you probably should not delete the default user profile until you logon as the new user...

[Coolsights2000]

you missed some script somewhere

you don't make a new user.....

I included the script below...

it switch you to the hidden default user.....

look it over..........

did you delet the wrong default user....

turn on the options to see all files included hidden one...

did you delete the

default user

or

default user.domainname <<-- this ithe on that goes...

Did you get your path right ?????????????????????

the sytem has to reboot after you run the script then you can delete default user.domainname..

the link in the register has to be switch to the hidden default user first .. requires a reboot

DON"T MAKE ANY new users

_SIDefaultuser.zip