If you are an admin of a Windows-based network, there are a number of reasons why you might want to customize the default user profile. For example:
- You might want to customize users' desktops prior to deploying Windows 7 onto new computers so that users have a pre-configured desktop experience to start from.
- You might want to use roaming profiles to enable users to roam between different computers on your network while accessing their own personalized desktops and you might want to customize the initial desktop experience of your users.
- You might want to use mandatory roaming profiles to provide a locked-down, customized desktop experience to users in a Remote Desktop Services (RDS) or Virtual Desktop Infrastructure (VDI) environment based on Windows Server 2008 R2 SP1 Hyper-V.
Unfortunately, the method used for customizing the default user profile in previous versions of Windows—customizing the Administrator account and then copying the Administrator user profile over the Default User profile—doesn't work anymore in Windows 7. In fact, that method, which has been used since Windows NT and was documented in several Knowledge Base articles on TechNet (articles that have since been pulled) never really worked properly in the first place! It worked pretty well with Windows NT, but as the Windows shell (desktop) became increasingly complex through Windows 2000, Windows XP and Windows Vista, following the old method for customizing the default user profile caused some strange things to happen on users' computers, such as certain user profile folders having incorrect names, files for certain applications being saved in the wrong folders, and various other unpredictable and hard to reproduce problems.
So if you want your desktop computers to be in a supported configuration, you now need to follow the new, improved—and fully supported by Microsoft—method for customizing the default user profile. This series of articles walks you through the steps involved in customizing the default user profile for Windows 7 and Windows Server 2008 R2, explains how to use your customized profile as a default network profile for roaming scenarios, and discusses various issues including the limitations of profile customization on these platforms. The method used for customizing the default user profile involves using Microsoft Deployment Toolkit (MDT 2010) Update 1 and if you aren't familiar with how to use MDT you should first work through my 29-part series of articles titled Deploying Windows 7 here on WindowsNetworking.com.
1. Create a Task Sequence for Deploying your Reference Build
To customize our default user profile, we're going to deploy Windows 7 on a computer called our master or reference computer. The installation will be called our master installation or reference build. Then we're going to customize our reference build as desired, sysprep it, capture an image of the build, and finally deploy the customized, captured image onto our target computers (users' computers).
Start by opening the Deployment Workbench on the computer that has MDT 2010 Update 1 installed. Expand your deployment share, right click on the Task Sequences folder, and select New Task Sequence to create a new task sequence for deploying your reference build. We'll call this task sequence STEP-1 as shown below:
Figure 1: Step 1 of creating a task sequence for deploying the reference build.
Select the Standard Client Task Sequence from the drop down list of task sequence templates:
Figure 2: Step 2 of creating a task sequence for deploying the reference build.
Select the operating system you want to deploy, which in this walkthrough is Windows 7 x64 Enterprise Edition:
Figure 3: Step 3 of creating a task sequence for deploying the reference build.
Step through the remaining pages of the wizard until you're finished. For example, we specified the password for the local Administrator account in the task sequence:
Figure 4: Step 4 of creating a task sequence for deploying the reference build.
2. Create a Task Sequence for 'Sysprepping' and Capturing your Reference Build
Next, we need to create a second task sequence. This second task sequence will be used to do two things:
- Sysprep the reference build (after you've customized it) in order to generalize the installation by removing machine-specific information such as security identifiers (SIDs), the contents of event logs, any system restore points, installed Plug and Play drivers, and so on.
- Capture an image (.wim file) of the 'sysprepped' reference build and upload the captured image to your MDT computer.
Once your customized reference build has been 'sysprepped' and captured, you can then use MDT to deploy the captured image to your target computers. From the Deployment Workbench, launch the New Task Sequence Wizard again and give your new task sequence a name like STEP-2 as shown below:
Figure 5: Step 1 of creating a task sequence for 'sysprepping' and capturing the reference build.
From the list of task sequence templates select Sysprep and Capture as shown below:
Figure 6: Step 2 of creating a task sequence for 'sysprepping' and capturing the reference build.
Complete the remaining steps of the wizard. You should now see two task sequences in your Deployment Workbench:
Figure 7: Two task sequences have been created.
3. Customize the Reference Build using Unattend.xml
You're now ready to begin customizing your reference build. Wait a minute! We haven't deployed our reference build yet, so how can we possibly customize it? Simple — we can pre-define various customizations for our reference build by making modifications to the answer file (unattend.xml) that MDT will use to perform an unattended setup of our reference build. Wherever possible, you should use this approach to customizing your reference build since it automates the customization process which in the long run can save you a lot of time (provided you've documented your answer file modifications).
Begin by right-clicking on the task sequence that will be used to deploy the reference build (we called this STEP-1) and select Properties to open the properties of the task sequence. Then select the OS Info tab as shown below:
Figure 8: The OS Info tab of the properties of the task sequence that will be used to deploy the reference build.
On the above tab, click the Edit Unattend.xml button. This opens Windows System Image Manager (Windows SIM) which can be used to modify settings in our answer file:
Figure 9: Using Windows SIM to modify the settings in the answer file for the task sequence that will be used to deploy the reference build.
Tip:
If you're not familiar with how to use Windows SIM, see article 6 in my earlier Deploying Vista series here on WindowsNetworking.com.
For this walkthrough, we're going to modify our Unattend.xml file so that five customizations are automatically performed during deployment of our reference build. These five modifications will be as follows:
- Disable the Internet Explorer First Run Wizard.
- Specify a home page for Internet Explorer.
- Configure Windows Error Reporting (WER) so that collected data is automatically uploaded to Microsoft with no user interaction required.
- Enable the Games built-in feature.
- Prevent the XPS Viewer application from being installed.
We'll begin by disabling the Internet Explorer First Run Wizard, which when a user logs on for the first time asks them if they want to enable certain IE 8 features. Using Windows SIM, expand the Specialize section of the Unattend file and select the Microsoft-Windows-IE-InternetExplorer component as shown below:
Figure 10: Step 1 of disabling the Internet Explorer First Run Wizard.
In the Properties pane for this component, click the field besides the DisableFirstRunWizard setting and change the value from False to True:
Figure 11: Step 2 of disabling the Internet Explorer First Run Wizard.
Next we'll specify a home page for Internet Explorer. In the same Properties pane, click the field besides the Home_Page setting and change it from about:blank to some website (I chose www.mtit.com which is my own business website):
Figure 12: Specifying a home page for Internet Explorer.
Next, we want to configure WER so that collected data is automatically uploaded to Microsoft without any user interaction needed. To make this customization we'll need to first add a component to our answer file. The component we need to add is called Microsoft-Windows-ErrorReportingCore, and to add it to our answer file we need to expand the Components node under the catalog in the Windows Image pane of Windows SIM, find the component we want to add, right-click on it and add it to the Specialize pass as shown here:
Figure 13: Step 1 of configuring Windows Error Reporting behavior.
How do we know which component we need to add to our answer file to do this? By searching the Unattended Windows Setup Reference Help (.chm) file that is included with the Windows Automated Installation Kit for Windows 7. You can get the updated .chm file here.
How do we know which configuration pass (i.e. Specialize) we need to add this component to? In this case, the other configuration passes are grayed out so you don't have any option of selecting them. But for some components you try to add to your answer file you may have several passes you can choose from. In general, you want to use only the Specialize or OobeSystem configuration passes to automate customization of a reference build. For more information on configuration passes, see article 3 of my earlier Deploying Vista series.
Once we've added the Microsoft-Windows-ErrorReportingCore component to the Specialize pass of our answer file, it is displayed in the Answer File pane of Windows SIM. We then change the DefaultConsent4 which specifies that all data is sent automatically: setting for this component to the value
Figure 14: Step 2 of configuring Windows Error Reporting behavior.
How do we know that the value 4 specifies that all data is sent automatically? By searching the Unattended Windows Setup Reference Help (.chm) file for "DefaultConsent".
Next, we want to enable the Games feature, which is a built-in feature of Windows 7 that is not installed by default on Enterprise Edition (for obvious reasons). To do this, we must first include a package in our answer file. This package is Microsoft-Windows-Foundation-Package, which is found in the Windows Image pane under Catalog\Packages\Foundation as shown below. Right-click on the package and select Add to Answer File:
Figure 15: Step 1 of enabling the Games feature.
How do we know which package we need to add to our answer file to do this? By searching the Unattended Windows Setup Reference Help (.chm) file for "Games".
Once the package has been added, it is displayed in the Answer File pane of Windows SIM. We can then change the value of the InboxGames setting from Disabled to Enabled:
Figure 16: Step 2 of enabling the Games feature.
Finally, we want to prevent the XPS Viewer application from being installed (it's installed by default). Since this is installed as part of the same package as Games, we simply scroll down in the Properties pane to find the Xps-Foundation-Xps-Viewer setting and change its value from Enabled to Disabled:
Figure 17: Preventing the XPS Viewer application from being installed.
No comments:
Post a Comment