/build/static/layout/Breadcrumb_cap_w.png

Can I stop Sysprep from clobbering the administrator profile?

TL;DR: I'm already using the Default Profile for future domain accounts. Is there a way I can stop Sysprep from clobbering the administrator profile and replacing it with the Default profile?

Hello everyone! I'm putting together a kiosk system via K2000 and Sysprep. The only local accounts on the machine are a disabled user, a disabled template account, and Administrator. All the kiosk-y stuff happens via domain accounts. I've already copied the template account to the default profile.

The problem is that every time I run Sysprep, the Administrator account profile gets deleted and replaced with the new Default profile. This is a machine designed to run hands free. So many things are put in autorun that it stops post-installation tasks from completing. Is there a way to stop this from happening? I feel like there's a really simple solution that I'm just not seeing...

Here's what my unattend.xml looks like:

 <?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <EnableLUA>false</EnableLUA>
        </component>
    </settings>
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <WillReboot>Never</WillReboot>
                    <Path>net user administrator /active:Yes</Path>
                    <Order>1</Order>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ComputerName>*</ComputerName>
            <CopyProfile>false</CopyProfile>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Central Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>localhost</Domain>
                </Credentials>
                <JoinDomain>localhost</JoinDomain>
                <JoinWorkgroup>KACE</JoinWorkgroup>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-US</UILanguageFallback>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Password>
                    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>5</LogonCount>
                <Username>Administrator</Username>
            </AutoLogon>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
            <UserAccounts>
                <AdministratorPassword>
                    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local Administrator</Description>
                        <DisplayName>Administrator</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Administrator</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <RegisteredOrganization>Nowhere Special</RegisteredOrganization>
            <RegisteredOwner>TLA</RegisteredOwner>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog://127.99.99.99/peinst/source_cds/11/sources/install_windows 7 ultimate.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

 

Asked 11 years ago 15721 views
0 Comments   [ + ] Show comments

Answers (3)

Posted by: Strangeronfire 11 years ago
Senior Yellow Belt
1

What we do at my work place is create a temp profile (named temp) with admin rights, and use that profile to sysprep the image after we build the admin profile the way we want it.

Posted by: SMal.tmcc 11 years ago
Red Belt
1

I am using Win 7 Ent.  When I resysprep and do not want to erase existing profiles I just delete the copyprofile from the answer file altogether and my profiles remain.  Worst case scenaio is to run a migration on Administrator and reapply that after imaging.

This ans file portion will copy user to default and delete all profiles

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <CopyProfile>true</CopyProfile>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Pacific Standard Time</TimeZone>
            <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
            <TaskbarLinks>
                <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
                <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
            </TaskbarLinks>
            <WindowsFeatures>
                <ShowInternetExplorer>true</ShowInternetExplorer>
                <ShowMediaCenter>true</ShowMediaCenter>
                <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
            </WindowsFeatures>
        </component>

This one does not

<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Pacific Standard Time</TimeZone>
            <ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
            <TaskbarLinks>
                <Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
                <Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</Link1>
            </TaskbarLinks>
            <WindowsFeatures>
                <ShowInternetExplorer>true</ShowInternetExplorer>
                <ShowMediaCenter>true</ShowMediaCenter>
                <ShowWindowsMediaPlayer>true</ShowWindowsMediaPlayer>
            </WindowsFeatures>
        </component>

Comments:
  • I tried altering my Unattend.xml file like you suggested, but couldn't get it to work. I'll just have to set up the profile migration as a post-install task. - rodoke 10 years ago
  • I think I know what is up. I use a user that is an admin. I use that account to do all my work and hold my extra admin goodies.

    During sysprep the local administrator account gets deleted and recreated and will have no profile till you log in once, the system prompts you to create a second user (which cannot already have a account/profile). The ones I can preserve when I re-sysprep are users other then the administrator and the second user.

    If you want to use the user administrator with all the settings I think the MIG file will be the easiest method. As a post task I would have the machine auto login as the second user you created during sysprep, run the mig and restart. - SMal.tmcc 10 years ago
Posted by: SDNBTP 11 years ago
Third Degree Blue Belt
0
 <CopyProfile>false</CopyProfile>

You want to copy the profile.

Posted by:

rodoke Orange Belt
Ninja since: 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Systems Deployment Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ