Cortana/Windows Search breaks in default profile



  • @Arrowhead-IT Much appreciated!


  • Testers

    @Wayne-Workman I have since updated this script.
    I don’t have a way to dynamically update all users. It essentially copies the neccesarry app data folders that won’t break cortana/start
    to the default profile and then copies that default profile to a network share for deploying via a fog snapin with another script that takes arguements of the name of the profile you make.

    Here let me just take out my credentials and share name and post a copies of my current create and apply windows 10 profile scripts…

    p.s. I recently discovered that profiles made on 64 bit windows won’t work on 32 bit windows. So you have to create separate versions from 32 bit and 64 bit windows installs if you have different archs in your environment.



  • @Arrowhead-IT said in Cortana/Windows Search breaks in default profile:

    So I finally figured this out.
    In windows 10, Instead of using the copy to method in user profiles you gotta be a little trickier.

    Customize the profile you want then login to a different admin account.
    Now copy the only the appdata folders you need such as
    roaming/mozilla for firefox customizations
    local/Google for chrome customizations
    local/Microsoft/Windows/Default Layouts
    and
    local/Microsoft/Tile Data Layer
    for start menu pins
    roaming/microsoft/internet explorer for task bar pins

    And then once that’s all done, leaving the default profile as it was otherwise there’s one other thing to do to get the task bar settings and desktop background type settings to work. Which is all in the NTuser.dat type files. Just run this command in an administrator cmd

    XCOPY C:\Users\CustomUser\ntuser* C:\Users\Default /H
    

    It will ask if you want to overwrite, you do.

    And then it works, a completely customized default profile without breaking any of the windows 10 metro apps.

    I’m about to dig into this myself, and follow these instructions. To be clear, we are copying the necessary items from the configured account’s app data to the default profile, or are you somehow deploying these files to all accounts?


  • Testers

    So one caveat to my method with using devcon from the windows wdk (https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx)
    is that when you remove all the devices it removes and doesn’t reinstall on restart a couple system devices that are required to make remote desktop work.
    So in other words you can’t rdp/windows remote desktop into an imaged computer. I had found this rather annoying and finally figured out exactly which devices are required and scripted how to fix it. yay!

    This is also helpful to anyone that perhaps is having trouble with remote desktop when it is otherwise configured correctly.

    So the devices that you could install manually as legacy devices are…

    • NDIS Virtual Network Adapter Enumerator
    • UMBus Root Bus Enumerator (adds UMBus Enumerators on restart that are also needed)
    • Remote Desktop Device Redirector Bus

    Luckily the inf files for all of these are still in the driverstore. And the devcon.exe tool can be used to install them quickly from the command line. 0_1453504913836_devcon.exe - 64 bit version from wdk 8.1 - put this in your C:\Windows\System32 for the following script to work. You can also download and install the wdk from the above link and find it in C:\Program Files (x86)\Windows Kits\10 somewhere, a tools folder of some sort as I recall. I tested it with the 8.1 version but just discovered there is a windows 10 version as I was writing this.

    Anywho, scripty script

    @ECHO off
    	REM Script for fixing remote desktop after uninstalling all devices
    
    	call :main
    
    :main
    	call :funcHead "Welcome to the remote desktop fix!"
    	call :setVars
    	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
    	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
    	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS
    
    	EXIT /B
    
    :setVars
    	set drivers=C:\Windows\System32\DriverStore\FileRepository
    
    	EXIT /B
    
    :addDriver
    	echo. installing %~1...	
    	Devcon install %~2 %~3
    	echo. done!
    	EXIT /B
    
    :addDriverAndRestart
    	echo. installing %~1 and restarting computer...	
    	Devcon -r install %~2 %~3
    	echo. done!
    	REM just in case -r doesn't reboot...
    	Devcon reboot & exit
    	EXIT /B
    
    :dots
    	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
    	echo ......................................................................
    	EXIT /B
    
    :funcHead
    	REM A simple function for displaying a consistent header at the start of functions
    	call :dots
    	echo. %~1
    	call :dots
    	EXIT /B
    

    run that as a batch script, it will restart your computer and it will fix remote desktop if you break it by manually uninstalling devices

    I had been having trouble with this problem for months and just fixed it and figured it related enough to everything else here so I shared it


  • Testers

    @Arrowhead-IT Thanks, I’ll certainly take a look at all of those. I really wish MS would just include some PS cmdlets to do this. It would be so simple to have a logic script to do exactly what we wanted then.


  • Testers

    @MRCUR Well I think it is possible to edit it directly, but it is not easy.
    Let’s say you run my script and have a working default profile and you saved the folder somewhere.
    Now let’s copy the whole profile folder to the local computer, in the C:\ root for example(just to be safe not editing the original right away)
    Now open up regedit.exe as an administrator and highlight ‘HKEY_USERS’
    File → Load Hive
    Open up
    “C:\Default\NTUSER.DAT”
    name the hive test, or something like that.

    You can now edit the default profile registry .dat settings to your heart’s content. Problem is, it’s the registry…
    So the second half of task bar pins is in that hive under
    HKEY_USERS\test\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
    But that key is all binary and Dwords.
    Granted, you could just customize some pins on any user and export that key from
    HKEY_USERS\userSID\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
    And then import or copy paste the values into the hive you’re editing and that would work.
    Then just highlight the test hive and do file→unload hive and all the settings should be saved in the .dat file.

    I saw some vbs scripts in various forums that claimed to automate the pinning but I didn’t try any of them. But I’ll post some links in case they help you do it the way you want to.

    Here’s where I came up with most of this
    http://smallbusiness.chron.com/modify-ntuserdat-56096.html - editing ntuser.dat
    https://social.technet.microsoft.com/Forums/windows/en-US/73eb1c0a-fc78-4ae7-ba6d-356d9a9a5328/solved-how-to-pin-to-start-menutask-bar-for-default-user?forum=w7itproinstall - possible script solution
    http://blogs.technet.com/b/deploymentguys/archive/2008/06/06/useful-script-number-5-adjusting-the-default-user-registry-hive.aspx - editing ntuser.dat some more
    http://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx - other script possibility

    Hope that helps in some way. Sorry that I didn’t find an easy answer for you.


  • Testers

    @MRCUR I see what you’re saying. It would be less work to not have to manually pin some icons to the taskbar and then run the script.
    Granted I have my default base image with my default profile on a esxi vm, so for me it is pretty easy to do. I suppose it could be possible to edit the ntuser.dat file manually to add in shortcuts. I’ll look into that, because it would certainly be easier.


  • Testers

    @Arrowhead-IT I’ll give your script a try. I think the issue for me is that with our current solution, we can adjust what’s pinned on the taskbar by updating the login script and copying it to machines. With the default profile, that isn’t the case. It’s once and done for the user.


  • Developer

    @Arrowhead-IT certainly a nice clean approach… glad you got it figured out! and thanks for sharing with the community… i’m sure it’ll become useful as people start to move over to win10.


  • Testers

    @MRCUR The IE stuff in appdata is where the shortcut files that are pinned to taskbar go, but to get it to work fully you need the ntuser.dat files. The script I posted copies that file from your customized profile into the default profile but only that file. Give my batch script a try. If you’re using sysprep, some customizations might disappear so you could run the script before sysprep then put the resulting C:\Users\Default in a network share somewhere then copy it back over after sysprep or after imaging.

    Does that help at all?


  • Testers

    This is a bit of a related topic on Win 10 profile customization - in the past we used the copy profile option in the sysprep unattend file combined with a VBS script to add/remove apps pinned to the taskbar. This script no longer works in Win 10.

    What are you guys doing in terms of the taskbar? I see you mention the IE stuff in appdata, but I don’t believe that covers everything (like the Win Store icon for instance).


  • Testers

    @Lee-Rowlett I think you are somewhat correct there. In all my testing I found that it relates to when a user first logs in it installs all the metro apps for that user including cortana. And when you do a profile copy in the system advanced settings control panel it ends up copying some of those installed apps to the default profile which causes the installation of metro apps on a new profile to fail, but there’s no error because the installs think they succeed since the files are already there.
    At least I think that has some to do with it. My new script system seems to work flawlessly and it is much easier than my old way of having to change the registry everytime and such.

    I would still test your theory for you, just for funzies, but I don’t actually use an unattend.xml. I don’t like sysprep. It breaks my default profile sometimes, and I’ve seen it break other things and it forces you to go back to oobe which messes with my computer naming system. I’ve kinda found it to not be necessary. Yes it resets some security id’s for activation this and that but if you are using windows enterprise volume licensing, that doesn’t cause any problems. In windows 7 I figured out the registry key to change and then just re-inputting the windows key and reactivating gave it a new sid. Windows 8 and 10 just work without issue without doing that. As for drivers, I make my images on a vm so they’re already hardware independent and I use the terminal tool devcon (included in the windows wdk 8.1, I just copy the devcon.exe over to my image vm after installing the wdk on my workstation) to uninstall all the devices in the device manager before rebooting with devcon -r remove *
    It goes through the uninstalling of devices much much faster than sysprep does too.

    So thank you sir for your help, but I think I got it figured out.


  • Developer

    in my research i found, that cortana/windows search breaks if you make any customization to the start menu - test my theory build another image but leave start menu as default. making all other custom changes + unattend.xml or whatever you used on your image that has broken cortana/windows search


  • Testers

    @Wayne-Workman There ya go, detailed comments galore. Also thank you for your script.
    You could probably just change the variables for the default profile locations in my script to the network drive and utilize your same system.
    I also back up my default profile folder to a network drive after I run this script.


  • Testers

    @Wayne-Workman Oh my goodness I didn’t put any comments. I have all my scripts in a git repo so most the comments are in commits. I will indeed edit the post and add some comments. And I also realized that it would need to be slightly different for windows 7 and 8 and I have use for at least the windows 8 one, so I’ll make that script and post it here too.



  • @Arrowhead-IT Robocopy ??

    Can we get some comments in that script?


  • Testers

    I made a script for this new windows 10 default profile business.
    Windows 7 and 8 are slightly different and I will post script that work for them with this new method once I make them.

    Copy paste this into your favorite text editor and save as a .bat file
    or just download it here…
    0_1452880295325_Create Default Profile Win 10.bat

    You need to make one change
    change the cUser (customized User) variable on line 29 to the name of the user you customized

    Note - Run this script from a different admin account, like the built in administrator, if you try to run it from the customized profile it will likely throw errors of files being in use

    Note - REM is a comment in a batch script, it doesn’t seem to turn comment colored in the forum, it does in sublime text though.

    @ECHO OFF
    	REM @ECHO off to not output the commands being run to the console
    	REM This script copies a Customized windows 10 profile to the default profile so that
    	REM all new profiles are created with the same settings
    
    call :main
    exit
    
    :main
    	REM main Function that just calls the other Functions
    
    	call :funcHead "Welcome to the Windows 10 Default Profile Creator Script!"
    	call :setVars
    	call :funcHead "Copying Customized Profile From %custom% to %default% ..."
    	call :AppData
    	call :CustomSettings
    	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
    	EXIT /B
    
    :setVars
    	REM Function to set script variables
    
    	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
    	REM These variables just point to the user folders and the local and roaming appdata folders that 
    	REM store all the settings for a user profile
    
    	call :funcHead "Setting directory variables..."
    	
    	set cUser=adl
    	set custom="C:\Users\%cUser%"
    	set default="C:\Users\Default"
    	set cLocal="C:\Users\%cUser%\AppData\Local"
    	set dLocal="C:\Users\Default\AppData\Local"
    	set cRoam="C:\Users\%cUser%\AppData\Roaming"
    	set dRoam="C:\Users\Default\AppData\Roaming"
    	
    	call :dots
    	EXIT /B
    
    :copyDir
    	REM Function inputs - 1 = display of what is copying 2 = source folder 3 = destination folder 
    	
    	REM This Function simply displays what you're copying and copies it. Did a Function to have less
    	REM copy paste of command line options and have cleaner code.
    	REM Note that when calling the Function all passed parameters should be encased in double quotes
    	REM otherwise ROBOCOPY won't read the directories as seperate
    	
    	REM ROBOCOPY or robust copy, is a tool for copying directories or files in windows command line
    	REM The syntax is ROBOCOPY sourceFolder DestFolder options
    	REM the options used make it so a mirrored version of the source and its subdirectories are copied
    	REM to the destination with 64 threads (64 files at once) overwriting existin files retrying any failed files 
    	REM only once after 1 second of waiting and all without any verbose output
    	
    	REM /S - subdirectories /MIR - mirror /MT:64 - multithreaded copy with 64 threads, i.e. 64 files at a time instead of 1. 
    	REM /LOG - output to logfile instead of console, ROBOCOPY /? says this provides better performance in multithreaded mode
    	REM /IS - include same files i.e. overwrite existing /R:1 retry on error once (default is 1 million) 
    	REM W:1 - wait one second between retry on error (default is 30 seconds) 
    	REM the /N* are all to decrease output for automation. Since they go to a log file you can take them out if you want
    	REM /NP - no progress /NS - don't log file sizes /NC - don't log file classes /NFL - don't log file names /NDL - don't log directory names
    	REM /NJH - no job header /NJS - no job summary
    
    	echo. Copying %~1...
    	ROBOCOPY "%~2" "%~3" /S /MIR /MT:64 /LOG:C:\defaultProfile.txt /IS /R:1 /W:1 /NP /NJH /NJS /NS /NC /NFL /NDL
    	echo. Done Copying %~1
    	EXIT /B
    
    :AppData
    	REM Function to copy all Customizations settings that are stored in files in the AppData folder
    	
    	call :funcHead "Copying Customizations From AppData..."
    	
    	REM directories used in all versions of windows
    	call :copyDir "Firefox Customizations" "%cRoam%\Mozilla" "%dRoam%\Mozilla"
    	call :copyDir "Google Chrome Customizations" "%cLocal%\Google" "%dLocal%\Google"
    	call :copyDir "Task Bar Pin Shortcuts" "%cRoam%\Microsoft\Internet Explorer" "%dRoam%\Microsoft\Internet Explorer"
    	
    	REM The remaining dirs are specific to Windows 10 
    	REM Note: A starup script will be required on first login to copy the favorites for Microsoft edge to the Packages directory in the newly created User
    	REM That logon script would only need to be one line like so...
    	REM ROBOCOPY "%localAppData%\MicrosoftEdge\User" "%localAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" /S /MIR /MT:64 /LOG:C:\logs\edgeBookmarks.txt /IS /R:1 /W:1 
    	
    	call :copyDir "Microsoft Edge Customizations" "%cLocal%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" "%dLocal%\MicrosoftEdge\User"
    	call :copyDir "Start Menu Tiles Part 1 of 3" "%cLocal%\TileDataLayer" "%dLocal%\TileDataLayer"
    	call :copyDir "Start Menu Tiles Part 2 of 3" "%cRoam%\Microsoft\Windows\Start Menu" "%dRoam%\Microsoft\Windows\Start Menu"
    	call :copyDir "Start Menu Tiles Part 3 of 3" "%cLocal%\Microsoft\Windows\Shell" "%dLocal%\Microsoft\Windows\Shell"
    	
    	echo. Done Copying AppData Folders...
    	call :dots
    	EXIT /B
    
    :CustomSettings
    	REM This Function copies the ntuser.dat and related system files that store things like task bar pin order, 
    	REM mapped network drives, taskbar toolbars, explorer settings, desktop background settings, etc.
    	REM It uses xcopy to copy all files that start with ntuser via * wildcard and uses the options...
    	REM \H - copy hidden system files /Y - overwrite existsing files without prompt 
    
    	call :funcHead "Copying custom settings (i.e. task bar pins and toolbars, desktop background, etc.) from ntuser .dat system files..."
    	
    	XCOPY %custom%\ntuser* %default%\ /H /Y
    
    	echo. Done Copying Custom Settings
    	call :dots
    	EXIT /B
    
    :dots
    	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
    	echo ......................................................................
    	EXIT /B
    
    :funcHead
    	REM A simple function for displaying a consistent header at the start of functions
    	call :dots
    	echo. %~1
    	call :dots
    	EXIT /B
    

  • Testers

    So I finally figured this out.
    In windows 10, Instead of using the copy to method in user profiles you gotta be a little trickier.

    Customize the profile you want then login to a different admin account.
    Now copy the only the appdata folders you need such as
    roaming/mozilla for firefox customizations
    local/Google for chrome customizations
    local/Microsoft/Windows/Default Layouts
    and
    local/Microsoft/Tile Data Layer
    for start menu pins
    roaming/microsoft/internet explorer for task bar pins

    And then once that’s all done, leaving the default profile as it was otherwise there’s one other thing to do to get the task bar settings and desktop background type settings to work. Which is all in the NTuser.dat type files. Just run this command in an administrator cmd

    XCOPY C:\Users\CustomUser\ntuser* C:\Users\Default /H
    

    It will ask if you want to overwrite, you do.

    And then it works, a completely customized default profile without breaking any of the windows 10 metro apps.



  • @Arrowhead-IT

    Here’s the startup script.

    the directory that you see the output being redirected to is a read/write folder for everyone where I can review results of the default profile deployment and update. It’s a share folder located at \\mb1\logs$\Startup_Script\<filename>

    The script looks for a file locally (in this version) called %SystemDrive%\DefaultProfile\Default\Aug_24_2015.txt which on most systems is just C:\DefaultProfile\Default\Aug_24_2015.txt

    If that file exists, then nothing is done.

    If it doesn’t exist, it goes through the steps of obliterating the last deployed default profile and copying down the new one and setting permissions.

    In group policy, this is set as a startup script and it’s a computer-based policy.

    echo %date%_%time% >> "\\mb1\logs$\Startup_script\%computername%.txt"
    REM
    REM Above line just records the date for the log entries placed below it.
    REM
    REM
    REM
    IF EXIST "%SystemDrive%\DefaultProfile\Default\Aug_24_2015.txt" (
    REM
    REM Above command checks to see if a specific file exists.
    REM The file is %SystemDrive%\DefaultProfile\Default\Aug_24_2015.txt
    REM
    REM If the file exists, Do nothing.
    REM
    ) ELSE (
    REM
    REM
    REM IF the file does not exist, do this stuff. 
    REM
    net use /delete z: >> \\mb1\logs$\Startup_script\%computername%.txt
    net use /delete y: >> \\mb1\logs$\Startup_script\%computername%.txt
    net use /delete h: >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above commands are used to delete any existing map drives. 
    REM The output gets appended to a log so we can see what's happening.
    REM
    REM
    REM
    set username=mb\serviceaccount
    set password=MyAwesomePasswordWentHere
    REM
    REM the above lines set the username and password for accessing the share, using a account with read-only perms.
    REM
    net use z: \\10.2.1.5\Software$ %password% /user:%username% >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above command mounts a maped folder to z:, using MB's service account and password.
    REM 
    REM
    REM
    rmdir %SystemDrive%\DefaultProfile /s /q >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above command recursively removes a directory.
    REM
    mkdir %SystemDrive%\DefaultProfile >> \\mb1\logs$\Startup_script\%computername%.txt
    mkdir %SystemDrive%\DefaultProfile\Default >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above commands makes some folders.
    REM
    REM Below command may contain a 2 for testing only.
    REM
    xcopy "z:\DefaultProfile\*.*" "C:\DefaultProfile\Default" /y /d /e /c /i /f /h /k /v /s >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above command recursively copies everything from "defaultprofile" on the server to the local folders.
    REM
    icacls "%SystemDrive%\DefaultProfile\Default" /T /C /grant "everyone:(OI)(CI)F" >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Above command sets permissions on the newly created folders and files to EVERYONE, so that it can be used as a default profile.
    REM
    net use /delete z: >> \\mb1\logs$\Startup_script\%computername%.txt
    REM
    REM Delete the mapdrive used.
    REM
    )
    

    In the same group policy, I have a registry edit set:

    0_1452114252716_upload-c97a3f85-9aa3-421a-bfff-2f1823c0615b

    This is the cutoff key path: SOFTWARE\MICROSOFT\WINDOWS NT\CurrentVersion\ProfileList

    here is the settings tab of the policy with everything expanded.
    0_1452114320983_upload-86fb55bd-7eee-4a8b-a9df-23283a2f4990

    I use a tool called “Evil Finger Enabler” to enable the greyed out “copy profile” button after I have my default profile setup the way I want using a local and normal account.
    0_1452114376471_upload-48e302eb-8871-4149-aacf-fdd21fa12c12

    It enables this button in Windows 7:
    0_1452114422008_upload-9bd8a3d9-e7de-4eb0-b04d-d0a3ca4b7b0a

    If anything isn’t clear, just point it out and ask about it.


  • Testers

    @Wayne-Workman
    Well it’s not technically a fog issue, but it is an imaging issue and I figured that my fellow image making peers might have some thoughts. I would love to see your documentation on that process



416
Online

6.2k
Users

13.6k
Topics

128.0k
Posts