Windows 7 – Unable to Copy a User Profile
- Manually copying the profile folder to the file server.
- Renaming it, e.g. Mandatory.V2 (the V2 is required for Vista, Windows 7, Windows Server 2008/2008 R2
- Deleting AppData\Local and AppData\LocalLow from the new profile on the file server.
- Launching REGEDIT on the file server and loading the hive from NTUSER.DAT in the profile.
- Changing the permissions on the loaded hive: delete the old user and add in a group, e.g. authenticated users = full control.
- Unloading the hive.
- Renaming NTUSER.DAT in the mandatory profile to NTUSER.MAN
- Changing the user object(s) to use a roaming profile, e.g. http://www.blogger.com/post-edit.g?blogID=2780452235907374146&postID=9022876805779768998. Note that .V2 is not specified here. It’s silent. Vista, etc know to add it. XP, etc won’t use it.
Customize a user profile as needed
Go to Control Panel and create a new dummy admininstrator
Reboot, log in as the dummy admin
Browse to C: and go into the Folder settings and Show all hidden/system files
Browse to C:\Users and CTRL-drag the Default folder to make a second (backup) copy of it
Browse to C:\Users and CTRL-drag the customized user profile to make a second copy of it
SHIFT-DEL the original Default folder
Rename the customized folder copy to Default
Create a new dummy admin and reboot/log in to test it
I've not tested this extensively yet but this seemed to work with the exception that the desktop background pic was gone leaving a black background. I fixed this easily by re-selecting the correct background pic.
I really hope that MS restores the previous method as this seems very sketchy to me and I'd hate to have to use this in a production environment."
It seems to work, but the registry-entry for shell folders are - as with vista and w2008 - also wrong. All shell folders entries have the paths from the initial user. I can fix it with a script, this is ok.
In summary, I created a new domain user in Active Directory Users and Computers. I did not change the default settings for where this user's profile would be stored.
I logged into the domain as this new user on a workstation. I customized the profile (desktop settings, icons, wallpaper, etc). I then REBOOTED THE WORKSTATION.
On that same workstation, I logged in as an administrator, right clicked on My Computer, selected Advanced, and User Profiles.
I then highlighted the Domain\username profile that I just customized and wanted to copy, and hit the Copy button. This button was not grayed out anymore.
I then copied the profile to the \\domaincontrollername \netlogon\Default User directory. The actual profile files and folders (Application Data, desktop, Favorites, etc) sit inside the Default User folder (\sysvol\sysvol\yourdomainname \scripts\Default User\theprofilefiles ) (the italicized pieces will be changed to match your setup).
FYI, on my system, this Default Users folder has Full Control privs for sharing, and Full Control NTFS privs for Everyone, Domainname \administrator and System.
Again, the two key things that I've learned is that you can't copy a user profile if you're logged in as that user, and you have to reboot the computer between logging in as that user, and logging in as the administrator to do the copying.
Logon as Administrator
Go to C:\Users and RENAME Default to DefaultKeep.
Rename user profile above to DEFAULT.
Logoff and back on again as an Administrator (or restart if necessary).
Go into the System Profiles and select "Default" and choose "Copy Profile". It allows you to copy the default one. Set the permissions to "everyone" and copy to a network share.
Go back in and rename the Default one back to users name and then copy the Network Share created and call it "Default" or use the network one for setting up mandatory roaming profiles like I do.
1. Download a little freeware program called "Windows Enabler 1.1" (Google it, and download it).
(It's a handy little portable utility I keep on my thumb drive and network utilities folder. All you need is the "Windows Enabler.exe" and "EnablerDLL.dll" together in a folder.)
2. Run Windows Enabler on the Windows 7 machine, and a little blue & white icon will show up in your system tray.
3. Bring up the "Users Profile" window, and select the profile you wish to copy where the button is grayed out.
4. Click on the Windows Enabler icon in your system tray, and it should say "On"
5. Click once on the "Copy To" button, and it should un-gray the button. Click the Windows Enabler icon again to turn it off.
6. Now, you have your Copy To button working! Copy the user profiles as you normally would, and try logging in as a new user on the machine.
I tested it, and it appears fully functional. I was able to copy a profile, and log in with a new user, and everything looks good so far! :D Windows Enabler is a great little utility to add to your collection :)
- Create a new user account
- Open up the User Profiles window, choose a user with whom you've not logged into since last reboot
- Click Copy To... and type in \Users\accountname using the name of the account in step 1
- Set permissions to Everyone, then click OK
Also, a couple sidenotes since my last post:
The more I use Sysprep the more I like it over the traditional way we all used in XP, to the point that I'm probably going to start using the sysprep way of setting a default profile even in XP system deployments at work. Things that need to be set differently for different departments can almost always be customized within domain GPOs, and on the default user account I've been creating "gateway" links that link to resources for each department. For example instead of adding printers to the default profile image I have a desktop shortcut labeled "Add Printer" that goes to the print server (\\printers)- People see the full company listing of printers and just double-click the printer they need to install it - no need to have separate profiles per department. For internal websites, I just bookmark all of them, sorted into folders by department - basic security practices should keep people from getting to sites or network shares that they shouldn't be going to even though there's a link to it on their desktop.
And finally, a question about copying profiles: When copying a profile to another one and setting the permissions, what is the point? Does anyone ever set the permissions to something other than Everyone and how does that affect things?
To make a roaming profile you need to go to the Users Profile tab in the properties of Computer.
Find the profile and choose "Copy to"
In Windows 7 the "Copy To" is GREYED OUT for EVERY USER except the Default Profile. I have tried a Local User (regular) and two different domain users (regular). I have logged in as both Domain Admin and Regular Admin.
Machine has been restarted so the profiles are no longer loaded in the registry and I CAN delete them (Delete option is Available). However, I just can't "copy to" using profile tab.
I have logged in as a Local Administrator (yes I enabled it) and also a Domain Administrator. Both have the greyed out "copy to" button. It is not a permissions issue.
It is available this way in Vista as I have done it per these Microsoft Instructions.
Create a Default Network User Profile
- Log on to a computer running Windows Vista with any domain user account. Do not use a domain administrator account.
- Configure user settings such as background colors and screen savers to meet your company standard. Log off the computer.
- Log on to the computer used in step 1 with a domain administrator account.
- Use the Run command to connect to the Netlogon share of a domain controller. For Example, the path used in the contoso.com domain looks like \\HQ-CON-SRV-01\NETLOGON
- Create a new folder in the Netlogon share and name it Default User.v2.
- Click Start, right-click Computer, and then click Properties.
- Click Advanced System Settings. Under User Profiles, click Settings.
- The User Profiles dialog box shows a list of profiles stored on the computer. Click the name of the user you used in step 1. Click Copy To.
- In the Copy To dialog box, type the network path to the Windows Vista default user folder you created in step 5 in the Copy profile to text box. For example, the network path in the contoso.com domain is \\HQ-CON-SRV-01\NETLOGON \Default User.v2.
- In Permitted to use, click Change. Type the name Everyone,and then click OK.
It was definetly handy to be able to copy the profile at times.
I have detailed instructions here
I did get it to work and now have Windows 7 Mandatory profiles in my domain.
Deploy Windows 7 x64 to the target PC.
Configure and install any software for your custom image.
Sysprep your target PC with the userid you want to use as the default profile (after applying settings you wish).
Capture the image back to the server (imagex /compress fast /flags "Ultimate" /capture d: z:\wimname.wim "description")
Create your new custom OS and task sequence.
Edit the unattend.xml in the custom task sequence and apply following:
Pass 4 specialize, amd64_Microsoft-Windows-Shell-Setup_neutral, set "CopyProfile" to "true".
This willl apply the profile settings of the user id used to sysprep the PC to all users that logon to the target PC.
1) Download Windows Enabler
2) Save it to a thumb drive
3) Right-Click and choose "Run As Administrator" on the Windows Enabler EXE on the system you wish to copy the profile
4) Click the Notification Tray icon to turn Windows Enabler on
5) Open the USER PROFILES dialog and click on the greyed out COPY TO... button to see it become enabled.
6) Copy the profile as you used to in XP and Vista.
The Default User in Windows 7 is also quite unique than a users profile too. It contains quite a few links to all the "hidden" stuff that is there to support Windows XP (application data, My Documents etc).
For total clarity, here is what I have done and it was successful using the Windows Enabler tool. As noted, Windows Enabler does not actually install on the computer so it can easily be run off a USB thumb drive or network share to 'enable' locked menus and buttons. Basically you:
- Download Windows Enabler.
- Save it to a thumb drive or share.
- On the system you need to copy a profile, Right-Click and choose "Run As Administrator" on the Windows Enabler EXE.
- Click the Windows Enabler Notification Tray icon to activate Windows Enabler.
- Open the USER PROFILES dialog and click on the greyed out COPY TO... button to see it become enabled.
- Copy the profile as you used to in XP and Vista.
Also, if you like desktop gadgets and want to include them in your default profile you need to do the following:
* Create a folder named MICROSOFT in
* In C:\Users\Default\AppData\Local\Microsoft
You will also need to do somethign similar if users are using both V1 profiles (XP and older) and V2 profies (Vista and newer)
I log in as the a standard non-admin user, make a couple of small tweaks, log back in as admin, copy the profile, done - 3 mins. In the manual copy method (Manual copy of folder -> Delete Local + Local Low -> Load ntuser.dat hive to registry -> Change perms -> Unload ntuser.dat) this extends to more like 6 or 7 mins. Sysprep....by the time it's generalised, booted, respecialised and added it self back to the domain, this has taken 10 to 15 minutes depending on hardware. On a one off job, yeah this makes no bones. Try doing this on 9 different images. It goes from 3 x 9 = 27 minutes to (taking an average) 12.5 x 9 = 107.5 minutes, that's an hour and 47 minutes!
How about going to start--all programs--accessories--system tools--windows easy transferNo luck. The probelm is that we need to be able to set the default profile and after you use the easy transfer wizard you must pick an existing account on the destination computer (or create a new one) to transfer to. You cannot pick the default profile or browse to the destination folder on the hard drive (i.e. C:\Users\Default).
In windows XP it had a similar tools, but instead of copy the profile from one phyical machine to the next. You can utilize the tools to copy the profile from one folder to another.
when logged on as admin:
- make sure the enabler isnt already running
- run the enabler
- find the enabler icon in the systray
- make sure enabler icon the systray icon says 'ON'
- open the profile management screen
- the 'copy to...' button will still be greyed out
- click the button once.
- the 'copy to...' button should then become available (un-greyed out)
go ahead and use the 'copy to...' function as you normally would.
When youre done.... exit the enabler using the systray icon
I've done this on lots of Win7 / 2008 R2 boxes without any issues.
Incidentally, I'm not using this method to modify default profiles. I'm using it mainly to copy out my customised user profiles for mandatory and roaming profile use.
I hate to rain on your parade, but I dont think that MS is particularly interested in community engagement. There's no $$$ in it for them.
From my recent experience, in this economic climate MS are really only addressing what they are seeing as 'showstoppers'
All issues and their response are being evaluated on a cost vs. benefit model.
The questions being asked are:
How serious do MS think the problem is?
How much will it costs MS to resolve this problem?
What is the cost to MS in terms of major customer loss / negative publicity?
Of the 5 issues / bugs I've reported to MS Professional Support since Win7 2008 R2 launch, so far none of them are being addressed.
Also worth noting: I had opened a PSS case for this very issue.
The MS response was exactly the same as it has been all along on this thread:
To paraphrase that:
"The features been disabled because copying user profiles in this way has been known to create problems in certain situations"
"There is no alternate tool that provides the same functionality"
"Ooops, yes we forgot that this function is needed to create mandatory and roaming profile templates. Sorry about that"
"The workaround to create mandatory or romaing user profile templates is to copy the profile manually and change perms on the contents of user.dat manually also"
"the only supported method to modify the 'default' pofile is the 'sysprep /generalize' method"
"There is no alternate method. No fixes or alternate tools are being planned"
sysprep /generalizeunattend:unattend.xmlBut this also resets a lot of other stuff, and that sucks when you are making a Ghost image for a lab environment. Below is the work around you can use to modify the Default profile by copying any profile you have previously modified over the Default profile. It is VERY much not supported by Microsoft, but for my limited tests seems to work.
in your unattend.xml and running the command: