/build/static/layout/Breadcrumb_cap_w.png

All user profiles are including files from the hidden local admin account

I recently captured an EFI image from a VM. The gold image has two files on the desktop of the local admin account. However, once deployed, every new profile that logs into the machine includes these two files on the desktop. I verified on the VM that these files are not located in the Public Desktop folder. I also verified on the VM that these files do not copy to other profiles. Something in the imaging process must be causing this.


  • Captured C and S from VM
  • K2000 set to use the UEFI pre and mid level tasks built into the appliance
  • KBE verified to be in UEFI
  • No error messages in the imaging process
  • Images otherwise perform without issue

Does anyone have any ideas?


2 Comments   [ + ] Show comments
  • Is the same thing happening if you deploy that same image into another VM?

    Are you sure you don't have a file replication configured from a KACE SMA Agent?

    Maybe a GPO policy pushing the file?

    Did you use the Copy Profile Switch?

    Is USMT involved in your Imaging tasks?

    Post the unattend.xml file from your image, located in C:\Windows\Panther\ - Channeler 5 years ago
    • We do have file replication enabled, but only to servers acting as distribution points.

      The files in question are ones that I left on the desktop of the local admin account. I also did not use a copy profile switch during the image. This started happening on our Windows 10 images. The Windows 7 images were fine. We also haven't used USMT yet. Something perhaps on the horizon, but we're not quite there.

      I have the unattend open and see this line that concerns me: <CopyProfile>true</CopyProfile>
      I'm thinking of adjusting this to false, re-capturing to see if this is the issue. - robertsj 5 years ago
      • <CopyProfile>true</CopyProfile>

        You are using Copy Profile.

        I don't really think copy profile will cause that, but I have seen weird stuff with Win10 lately... try that.

        Also browse your already captured image, C:\Users\ and see if those other users are already there or they are being truly created once the Image is deployed.

        I forgot to ask if you guys used Win10 Audit Mode to make changes before capturing the image? (I don't recommend using it...) - Channeler 5 years ago
    • I wasn't aware of the copy profile function. Our unattend files were generated during our KACE QuickStart, and now I'm actually learning what all is in them. This is a good thing.

      I see the files in the Default > Desktop folder and can remove them as needed. I'm also learning how to better leverage the copy profile function from the MS documentation. https://docs.microsoft.com/en-us/windows/client-management/mandatory-user-profile

      Thanks again Channeler! - robertsj 5 years ago
      • yeah I'm not a fan of copy profile:

        https://borncity.com/win/2018/08/21/windows-10-version-1803-sysprep-bug-and-a-workaround/

        https://social.technet.microsoft.com/Forums/en-US/765d272a-2998-4147-ae50-c04a68107640/copyprofile-in-sysprep-breaks-the-start-menu-in-fall-creators-update-v1709?forum=win10itprosetup


        Check those links as an example - Channeler 5 years ago
    • Thanks for the links and assisting me once again. If you submit the answer, I'll endorse it. - robertsj 5 years ago
  • Copy Profile will take everything from the admin account used to run sysprep and make that the default profile, so more than likely you had those files on the desktop of the account from which you ran sysprep. - cserrins 5 years ago

Answers (1)

Answer Summary:
Posted by: Matt Davies 5 years ago
White Belt
1

Top Answer

Are the files in c:\users\default ?

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ