Giving every user the same desktop.

bigdogchris

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,739
For Win XP.

Normally, when a user logs into the domain on a new machine they have never used, it creates a user account and everything is set to default, minus any policy settings.

What I'm looking for is a way to confingure a station so that whoever logs into the domain, gets the same identical desktop, that is a copy of the desktop I set up on that machine. This even includes recently opened items on the Start Menu. (that image will then be deployed to multiple identical shared stations). I'm not asking for folder redirection or anything related to bringing down the user profile on each log in because this is not what I'm talking about.

They do this at my school and no one seems to be able to tell me what they are using to do this. The closest answer I've got is "it's their disk imaging system" and I think that person believes I'm totally clueless to what I'm talking about.

For an example.

A workstation has a local user profile called 'Config1'.

Tom logs into workstation 1 with his domain username Tom, it creates and account called 'Tom'
Toms account is identical to Config1
He logs out

Susan logs into workstation 1 with her domain username Susan, it creates an account called 'Susan'
Susans account is identical to Config1

etc. etc. etc.

Is there some sort of AD setting that does this or is there som type of software installed that forces the user accounts to be a copy of one already configured?

I also will use a disk freezing software so when the machines are rebooted they are cleared. (they are shared machines obviously).
 
LittlePud said:
You probably want mandatory user profiles.

http://msdn.microsoft.com/en-us/library/bb776895(VS.85).aspx
http://support.microsoft.com/kb/307800
Click to expand...
That's similar, but again, that's assinging a profile to a specific profile. When there are hundreds of users, I don't want to have to manually assign each and every one to a specific mandatory profile since they may be using machines configured differently.

I want the domain user to be forced to a certain desktop, at the desktop level. Unless, it's possible to on the desktop, force a group to use a certain desktop, on that particular machine.

Then just do that for each different workstation setup.
 
setup a profile the way you want it.
copy that profile to the Default User profile folder.

System Properties -> Advanced -> User Profiles Settings -> Highlight configured profile, clikc "Copy To: -> Enter C:\Documents and Settings\Default User path, answer yes.
 
Yup, what you want is to edit the default user profile, very easy to do in xp as stated above. Be warned, if you ever have to do this for windows vista / 7 its much more of a pain.
 
j-sta said:
setup a profile the way you want it.
copy that profile to the Default User profile folder.

System Properties -> Advanced -> User Profiles Settings -> Highlight configured profile, clikc "Copy To: -> Enter C:\Documents and Settings\Default User path, answer yes.
Click to expand...

xenios said:
Yup, what you want is to edit the default user profile, very easy to do in xp as stated above. Be warned, if you ever have to do this for windows vista / 7 its much more of a pain.
Click to expand...
The default user profile is what I was sorta thinking myself. I was poking around that at school looking at it but couldn't come to a definite conclusion on it because I obviously can't unlock the system.

I was worried about the way Vista/7 does it. XP right now but 7 eventually. What's different about the Vista/7 default profile?
 
group policy folder redirection, Redirect all users desktops, etc to the same location.
 
The way I view this, is making the "default user" profile set up the way you want it, and replicating that in AD, BUT then again it doesnt force them to keep the same icons. I know you disagree, but dobieg2002 is right. Folder redirection for what you need is right. If you need an EXACT copy, one way is using something like Deep Freeze, but what our Hospital IT is doing right now for limited tests is doing distribute Virtualized Desktops with Hyper V, essentially a virtual machine on each PC, and when you reboot BAM, its the same exact thing. They can still save out to their U: drives (personal storage), so you might* want to look into that. Let us know, so we can try and help you.
 
bigdogchris said:
I was worried about the way Vista/7 does it. XP right now but 7 eventually. What's different about the Vista/7 default profile?
Click to expand...

The only supported way to copy the default profile is to sysprep the install with the CopyProfile property present in your configuration file. This is not something you will want to do each time you want to make a change to the profile as it takes time. For minor changes it is a matter of knowing where things are stored in the registry and profiles folders.

http://blogs.technet.com/deployment...for-windows-7-and-windows-server-2008-r2.aspx
 
The reason why I would not use folder redirection in this case is that you cannot redirect the user's registry. Just think of all of small windows settings that might not be covered by group policies, or programs that use user based registry settings. With default profiles everyone starts out the same, and if you dont want people to beable to delete icons off their desktop, you just move those shortcuts to the allusers profile.
 
ProfessorKaos64 said:
The way I view this, is making the "default user" profile set up the way you want it, and replicating that in AD, BUT then again it doesnt force them to keep the same icons. I know you disagree, but dobieg2002 is right. Folder redirection for what you need is right. If you need an EXACT copy, one way is using something like Deep Freeze, but what our Hospital IT is doing right now for limited tests is doing distribute Virtualized Desktops with Hyper V, essentially a virtual machine on each PC, and when you reboot BAM, its the same exact thing. They can still save out to their U: drives (personal storage), so you might* want to look into that. Let us know, so we can try and help you.
Click to expand...

xenios said:
The reason why I would not use folder redirection in this case is that you cannot redirect the user's registry. Just think of all of small windows settings that might not be covered by group policies, or programs that use user based registry settings. With default profiles everyone starts out the same, and if you dont want people to beable to delete icons off their desktop, you just move those shortcuts to the allusers profile.
Click to expand...
The users settings are not saved. Every time you log in, a "default configuration" is being copied to the user account that is created.

I understand what folder redirection does. I'm not looking for folder redirection. It has nothing to do with that. The reason being, different machines may have a different configuration. You can't upload your profile/settings then log back in on another model machine that is configured completely different, then bring that configuration down that has a bunch of application links that are not even on the machine your working on.

Each machine needs it's own pre-configured desktop, stored locally, that every single user gets when their local profile is created at first time log in. Then my disk freeze will wipe the machine when it's rebooted so all of those user folders are deleted.
 
Last edited:
I do this like once a week if not more.

How I have done it. Create a local user on the PC. set that user profile the way I want it. Sign in as administrator and copy that profile (Like what j-sta said here) Since my computers are on a Domain, I have to give the folder (default user in xp or default in vista) the permission of "everyone".

Who ever logs in to the domain on that computer gets the same desktop etc every time.
 
CableDude said:
Who ever logs in to the domain on that computer gets the same desktop etc every time.
Click to expand...
And the account is created with their log in? For example, if you log in, hit start button, the user account at the top says their name, even though they are on the 'pre-configured' desktop?
LittlePud said:
You probably want mandatory user profiles.

http://msdn.microsoft.com/en-us/library/bb776895(VS.85).aspx
http://support.microsoft.com/kb/307800
Click to expand...
Now that I think about it, you may be right. Maybe they do drop a profile path in when they create the accounts. They use Samba though so they user creation is different than a normal AD setup, probably allowing them to easily choose a user creation script which just creates the account and automatically points it to the \\server\students or whatever profile.

To assign a mandatory user profile, type a network path in the form \\server name\profiles folder name\user profile name, for example, \\puma\profiles\clerks.

To assign a mandatory user profile, you must also copy a preconfigured user profile to the location that you specify in this space.
Click to expand...
I think every single machine on campus is the exact same, at least the ones that are connected to the domain.

Mandatory profiles would force the user to use a certain profile.
 
Last edited:
Does each user need a unique login? If not you can easily create a mandatory profile for a global account. Every person will use the same the login name/pass and be forced to use the same profile. You can restore the profile upon next login or with a script every night so any changes the user makes are reverted back to default the next time they log in. This is easiest way without going in depth into the GPO and locking the user out completely from rights and privileges to change profile settings.

If user need unique logins then the easiest way is by virtualizing the desktop instance or to use a network distributed disk imaging system. You then have to point every user to the mandatory profile. Or create a template that is pre-configured. Virtual instances are rebooted nightly to revert any profile changes or disks are cloned nightly to revert changes.

I am assuming users do not need to save documents, emails, etc to local workstation or server as forcing a mandatory profile or restore images/instances work delete anything saved on the computer.

An ideal setup would use an AD domain with unique logins that are forced to a mandatory profile settings that were restored next upon login if any changes were made. All user related worked and emails would be saved to a SharePoint and Exchange server and all three server are backed up nightly. This would allow for the most basic configuration of the Workstation (basically an image with necessary program installed) and allow easy access to all important information through a web browser.
 
bigdogchris said:
And the account is created with their log in? For example, if you log in, hit start button, the user account at the top says their name, even though they are on the 'pre-configured' desktop?
Click to expand...

yes.

if the user currently has no profile folder on the computer, their profile folder is first created by basically copying the Default User profile.

I think you're over-thinking what you need to do.

Simply create a temporary local user. Log in as that temporary local user. Configure the desktop, shortcuts, etc as you see fit.
Reboot.
Log in as admin, and copy that temporary local users folder over to the Default User folder. Then delete the temporary local user and related profile folder.

The Default User is the "template" configuration for any "new" user logging on to a machine.
 
j-sta said:
yes.

if the user currently has no profile folder on the computer, their profile folder is first created by basically copying the Default User profile.

I think you're over-thinking what you need to do.

Simply create a temporary local user. Log in as that temporary local user. Configure the desktop, shortcuts, etc as you see fit.
Reboot.
Log in as admin, and copy that temporary local users folder over to the Default User folder. Then delete the temporary local user and related profile folder.

The Default User is the "template" configuration for any "new" user logging on to a machine.
Click to expand...
Perfect. Thanks.
 
j-sta said:
setup a profile the way you want it.
copy that profile to the Default User profile folder.

System Properties -> Advanced -> User Profiles Settings -> Highlight configured profile, clikc "Copy To: -> Enter C:\Documents and Settings\Default User path, answer yes.
Click to expand...

j-sta do you need to do anything different with Vista?
 
The only thing different with Vista is the default user path, which is C:\Users\Default.

We used this same procedure at work when we made our Vista image to deploy.
 
Controlling the desktop with policies is easy. The thing is, they are setting the task bar with specific pinned programs. How could you possibly do that unless you are copying another profile you set up ahead of time?
 
Well the profile still gets copied over, but it happens only during the generalize phase of sysprep. So if you where to only use method 2 in that article, you would install all your apps, configure them all on the main administrator account and then run sysprep as that user. After the image has been generalized the profile has been copied over. Now if you are not satisfied with that profile, if only using this method, you would have to try again.

What most seem to do is use both methods 2 and 3. The way I have everything setup in my department is I have a general image and a general default profile that goes with that image. From there I build upon both of those when deploying to different sub departments in a granular fashion.

For example, if I am pushing an image out to all of secretary machines I will need to add applications x,y, and z to the build process as well as adding the registry and file settings that go along with those applications to the default/allusers profiles. And then say there are Secretary bosses that do everything that secretaries do, but need one additional program. So separate steps are taken for them so that one application is taken care of, just like the previous ones.

What this leaves you with is a tree like structure. The further you traverse the more specialized the build becomes, but yet you still only have one master image file. While this sort of granularity is a real pain to setup. Once it is done, updating any one part is easy as that is the only thing you have to worry about. All of these installs and customizations are done using MDT/ConfigMgr for the applications and scripting with powershell/vbscript/batch files for the settings.

While I really like the setup I have now, I really do feel for smaller businesses that will not or may never have this sort of extensible setup. If you are stuck setting default profiles on a per machine basis, there are hard times ahead if you do not adopt this sort of automated management infrastructure.
 
CableDude said:
j-sta do you need to do anything different with Vista?
Click to expand...

no clue... we haven't deployed Vista. Hoorah for ancient apps. But we may be moving to Win7 in the next 2 yrs :rolleyes:

xenios said:
Keep in mind that this is not the "offical" way to do this. They even went to the extent of preventing you from doing it in win7. http://blogs.technet.com/deployment...for-windows-7-and-windows-server-2008-r2.aspx
Click to expand...

from that article...

However, there are problems with using this procedure. It is very old procedure from NT4, when the shell was much simpler. The shell is more complicated for Windows 2000 and higher. This process will copy settings that should not be copied to the default user profile. It may seem to work but you will find subtle problems. Windows XP and later have made those subtle problems more visible.
Click to expand...

in my instance, we have NEVER came across any issues that pertained to overwriting the Default User profile with a new customized profile. Although I guess I could see that YMMV. But the list of things they state, never had those issues :confused:

But then again, we don't use sysprep. Since we have a VLK, we simply setup a PC, imaged via Ghost, and imaged new machines with that image then proceed with NewSID, and install a couple other small apps.
So unsure how sysprep may cause things to work differently.
 
j-sta said:
setup a profile the way you want it.
copy that profile to the Default User profile folder.

System Properties -> Advanced -> User Profiles Settings -> Highlight configured profile, clikc "Copy To: -> Enter C:\Documents and Settings\Default User path, answer yes.
Click to expand...

This, and then lock them down so the user can't change anything.

"And yer done!"
 
j-sta said:
no clue... we haven't deployed Vista. Hoorah for ancient apps. But we may be moving to Win7 in the next 2 yrs :rolleyes:



from that article...



in my instance, we have NEVER came across any issues that pertained to overwriting the Default User profile with a new customized profile. Although I guess I could see that YMMV. But the list of things they state, never had those issues :confused:

But then again, we don't use sysprep. Since we have a VLK, we simply setup a PC, imaged via Ghost, and imaged new machines with that image then proceed with NewSID, and install a couple other small apps.
So unsure how sysprep may cause things to work differently.
Click to expand...

Sysprep does not really have much effect on profiles at all, other than the copying and generalization of the active profile if the copy flag is present. What sysprep is really used for is to create a generalized image that will work on any system in your environment in a generally automated fashion.
 
You must log in or register to reply here.
Back
Top