Cortana/Windows Search breaks in default profile

JJ Fullmer

@Wayne-Workman There ya go, detailed comments galore. Also thank you for your script.
You could probably just change the variables for the default profile locations in my script to the network drive and utilize your same system.
I also back up my default profile folder to a network drive after I run this script.

Lee Rowlett

in my research i found, that cortana/windows search breaks if you make any customization to the start menu - test my theory build another image but leave start menu as default. making all other custom changes + unattend.xml or whatever you used on your image that has broken cortana/windows search

JJ Fullmer

@Lee-Rowlett I think you are somewhat correct there. In all my testing I found that it relates to when a user first logs in it installs all the metro apps for that user including cortana. And when you do a profile copy in the system advanced settings control panel it ends up copying some of those installed apps to the default profile which causes the installation of metro apps on a new profile to fail, but there’s no error because the installs think they succeed since the files are already there.
At least I think that has some to do with it. My new script system seems to work flawlessly and it is much easier than my old way of having to change the registry everytime and such.

I would still test your theory for you, just for funzies, but I don’t actually use an unattend.xml. I don’t like sysprep. It breaks my default profile sometimes, and I’ve seen it break other things and it forces you to go back to oobe which messes with my computer naming system. I’ve kinda found it to not be necessary. Yes it resets some security id’s for activation this and that but if you are using windows enterprise volume licensing, that doesn’t cause any problems. In windows 7 I figured out the registry key to change and then just re-inputting the windows key and reactivating gave it a new sid. Windows 8 and 10 just work without issue without doing that. As for drivers, I make my images on a vm so they’re already hardware independent and I use the terminal tool devcon (included in the windows wdk 8.1, I just copy the devcon.exe over to my image vm after installing the wdk on my workstation) to uninstall all the devices in the device manager before rebooting with devcon -r remove *
It goes through the uninstalling of devices much much faster than sysprep does too.

So thank you sir for your help, but I think I got it figured out.

MRCUR

This is a bit of a related topic on Win 10 profile customization - in the past we used the copy profile option in the sysprep unattend file combined with a VBS script to add/remove apps pinned to the taskbar. This script no longer works in Win 10.

What are you guys doing in terms of the taskbar? I see you mention the IE stuff in appdata, but I don’t believe that covers everything (like the Win Store icon for instance).

JJ Fullmer

@MRCUR The IE stuff in appdata is where the shortcut files that are pinned to taskbar go, but to get it to work fully you need the ntuser.dat files. The script I posted copies that file from your customized profile into the default profile but only that file. Give my batch script a try. If you’re using sysprep, some customizations might disappear so you could run the script before sysprep then put the resulting C:\Users\Default in a network share somewhere then copy it back over after sysprep or after imaging.

Does that help at all?

Lee Rowlett

@Arrowhead-IT certainly a nice clean approach… glad you got it figured out! and thanks for sharing with the community… i’m sure it’ll become useful as people start to move over to win10.

MRCUR

@Arrowhead-IT I’ll give your script a try. I think the issue for me is that with our current solution, we can adjust what’s pinned on the taskbar by updating the login script and copying it to machines. With the default profile, that isn’t the case. It’s once and done for the user.

JJ Fullmer

@MRCUR I see what you’re saying. It would be less work to not have to manually pin some icons to the taskbar and then run the script.
Granted I have my default base image with my default profile on a esxi vm, so for me it is pretty easy to do. I suppose it could be possible to edit the ntuser.dat file manually to add in shortcuts. I’ll look into that, because it would certainly be easier.

JJ Fullmer

@MRCUR Well I think it is possible to edit it directly, but it is not easy.
Let’s say you run my script and have a working default profile and you saved the folder somewhere.
Now let’s copy the whole profile folder to the local computer, in the C:\ root for example(just to be safe not editing the original right away)
Now open up regedit.exe as an administrator and highlight ‘HKEY_USERS’
File → Load Hive
Open up
“C:\Default\NTUSER.DAT”
name the hive test, or something like that.

You can now edit the default profile registry .dat settings to your heart’s content. Problem is, it’s the registry…
So the second half of task bar pins is in that hive under
HKEY_USERS\test\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
But that key is all binary and Dwords.
Granted, you could just customize some pins on any user and export that key from
HKEY_USERS\userSID\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
And then import or copy paste the values into the hive you’re editing and that would work.
Then just highlight the test hive and do file→unload hive and all the settings should be saved in the .dat file.

I saw some vbs scripts in various forums that claimed to automate the pinning but I didn’t try any of them. But I’ll post some links in case they help you do it the way you want to.

Here’s where I came up with most of this
http://smallbusiness.chron.com/modify-ntuserdat-56096.html - editing ntuser.dat
https://social.technet.microsoft.com/Forums/windows/en-US/73eb1c0a-fc78-4ae7-ba6d-356d9a9a5328/solved-how-to-pin-to-start-menutask-bar-for-default-user?forum=w7itproinstall - possible script solution
http://blogs.technet.com/b/deploymentguys/archive/2008/06/06/useful-script-number-5-adjusting-the-default-user-registry-hive.aspx - editing ntuser.dat some more
http://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx - other script possibility

Hope that helps in some way. Sorry that I didn’t find an easy answer for you.

MRCUR

@Arrowhead-IT Thanks, I’ll certainly take a look at all of those. I really wish MS would just include some PS cmdlets to do this. It would be so simple to have a logic script to do exactly what we wanted then.

JJ Fullmer

So one caveat to my method with using devcon from the windows wdk (https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx)
is that when you remove all the devices it removes and doesn’t reinstall on restart a couple system devices that are required to make remote desktop work.
So in other words you can’t rdp/windows remote desktop into an imaged computer. I had found this rather annoying and finally figured out exactly which devices are required and scripted how to fix it. yay!

This is also helpful to anyone that perhaps is having trouble with remote desktop when it is otherwise configured correctly.

So the devices that you could install manually as legacy devices are…

• NDIS Virtual Network Adapter Enumerator
• UMBus Root Bus Enumerator (adds UMBus Enumerators on restart that are also needed)
• Remote Desktop Device Redirector Bus

Luckily the inf files for all of these are still in the driverstore. And the devcon.exe tool can be used to install them quickly from the command line. 0_1453504913836_devcon.exe - 64 bit version from wdk 8.1 - put this in your C:\Windows\System32 for the following script to work. You can also download and install the wdk from the above link and find it in C:\Program Files (x86)\Windows Kits\10 somewhere, a tools folder of some sort as I recall. I tested it with the 8.1 version but just discovered there is a windows 10 version as I was writing this.

Anywho, scripty script

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

run that as a batch script, it will restart your computer and it will fix remote desktop if you break it by manually uninstalling devices

I had been having trouble with this problem for months and just fixed it and figured it related enough to everything else here so I shared it

Wayne Workman

@Arrowhead-IT said in Cortana/Windows Search breaks in default profile:

So I finally figured this out.
In windows 10, Instead of using the copy to method in user profiles you gotta be a little trickier.

Customize the profile you want then login to a different admin account.
Now copy the only the appdata folders you need such as
roaming/mozilla for firefox customizations
local/Google for chrome customizations
local/Microsoft/Windows/Default Layouts
and
local/Microsoft/Tile Data Layer
for start menu pins
roaming/microsoft/internet explorer for task bar pins

And then once that’s all done, leaving the default profile as it was otherwise there’s one other thing to do to get the task bar settings and desktop background type settings to work. Which is all in the NTuser.dat type files. Just run this command in an administrator cmd

XCOPY C:\Users\CustomUser\ntuser* C:\Users\Default /H

It will ask if you want to overwrite, you do.

And then it works, a completely customized default profile without breaking any of the windows 10 metro apps.

I’m about to dig into this myself, and follow these instructions. To be clear, we are copying the necessary items from the configured account’s app data to the default profile, or are you somehow deploying these files to all accounts?

JJ Fullmer

@Wayne-Workman I have since updated this script.
I don’t have a way to dynamically update all users. It essentially copies the neccesarry app data folders that won’t break cortana/start
to the default profile and then copies that default profile to a network share for deploying via a fog snapin with another script that takes arguements of the name of the profile you make.

Here let me just take out my credentials and share name and post a copies of my current create and apply windows 10 profile scripts…

p.s. I recently discovered that profiles made on 64 bit windows won’t work on 32 bit windows. So you have to create separate versions from 32 bit and 64 bit windows installs if you have different archs in your environment.

Wayne Workman

@Arrowhead-IT Much appreciated!

JJ Fullmer

@Wayne-Workman

some quick notes. You do need to put your username and password in plain text for shares, unless you have shares that give everyone access. If anyone knows of a way to encrypt that, I’d love to hear it. I know it can be done with openssl in linux bash scripts but I am yet to find the equivalent for a batch script. But hey bash will come to windows 10 soon.

This script hasn’t been tested for windows 7 or 8 profiles. It does detect the windows version because I was preparing to add that kind of functionality but since I am ending up moving completely to windows 10, I never put the work into it

The create profile script prompts you for the name of the user profile you customized and asks you for what department/profile you are making it for.

The Apply simply takes one arguement of the profile name. So you can upload just the one script to fog and make a bunch of snapins with different args for each profile you have to deploy.

Also note that I have some extra app data folders for custom settings of specific programs we use. I left them in there as examples.

Bath script to create Deployable Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Create-Deployable-Default-Profile
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:23
:: Last Updated Date: 2016-04-12 17:09:35
:: Update Author: jfullmer
:: Version: 3.8
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM This script copies a Customized windows 10 profile to the default profile so that
	REM all new profiles are created with the same settings

SET pwd=%~dp0
call :main
del C:\Create-Deployable-Default-Profile.bat & exit

:main
	REM main Function that just calls the other Functions

	call :copySelf
	call :funcHead "Welcome to the Windows Default Profile Creator Script!"
	call :setVars
	call :funcHead "Copying Customized Profile From %custom% to %default% ..."
	call :AppData
	call :CustomSettings
	call :CopyToNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:copySelf
	rem In some instances running this from a share doesn't work, so copy itself and start the copied version to run local
	IF NOT %pwd%==C:\ (
		echo. Copying self to C drive
		net use \\path\to\share /USER:domain\user password	
		XCOPY \\path\to\share\Create-Deployable-Default-Profile.bat C:\ /H /Y
	 	rem Make sure it's being run as an admin
	 	net session >nul 2>&1
	    if %errorLevel% == 0 (
			echo opening copied version.
			start C:\Create-Deployable-Default-Profile.bat
			exit
	    ) else (
	        echo This needs to be run as admin, try again please.
	    	@pause
	    	exit
		)
    )
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	rem set cUser=adl
	echo. Don't run this script from the user you're copying!
	set /p cUser="What is the username of the profile you customized? -> "
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cPF=C:\Users\%cUser%\AppData\ProgramFiles
	set dPF=C:\Users\Default\AppData\ProgramFiles
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	rem The script will create windows version and department folders
	set profiles=\\path\to\share\with\profiles
	net use %profiles% /USER:domain\user password
	call :OSversion
	call :setDept
		
	call :dots
	EXIT /B

:setDept
	rem Function to set department via prompt. 
	echo. What department/group is this profile for? (no spaces)
	echo. The Current Choices are... (A different entry will create a new folder)
	rem list profiles
	dir /b %profiles%\%winVer%
	set /P dept="Enter The Dept Here -> "
	set share=%profiles%\%winVer%\%dept%
	if NOT EXIST %share% mkdir %share%
	if NOT EXIST %share%\logs mkdir %share%\logs
	set logs=%share%\logs
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:copyDir
	REM Function inputs - 1 = display of what is copying 2 = source folder 3 = destination folder 
	
	REM This Function simply displays what you're copying and copies it. Did a Function to have less
	REM copy paste of command line options and have cleaner code.
	REM Note that when calling the Function all passed parameters should be encased in double quotes
	REM otherwise ROBOCOPY won't read the directories as seperate
	
	REM ROBOCOPY or robust copy, is a tool for copying directories or files in windows command line
	REM The syntax is ROBOCOPY sourceFolder DestFolder options
	REM the options used make it so a mirrored version of the source and its subdirectories are copied
	REM to the destination with 64 threads (64 files at once) overwriting existin files retrying any failed files 
	REM only once after 1 second of waiting and all without any verbose output
	
	REM /S - subdirectories /MIR - mirror /MT:64 - multithreaded copy with 64 threads, i.e. 64 files at a time instead of 1. 
	REM /LOG - output to logfile instead of console, ROBOCOPY /? says this provides better performance in multithreaded mode
	REM /IS - include same files i.e. overwrite existing /R:1 retry on error once (default is 1 million) 
	REM W:1 - wait one second between retry on error (default is 30 seconds) 
	REM the /N* are all to decrease output for automation. Since they go to a log file you can take them out if you want ( I did take them out)
	REM /NP - no progress /NS - don't log file sizes /NC - don't log file classes /NFL - don't log file names /NDL - don't log directory names
	REM /NJH - no job header /NJS - no job summary

	echo. Copying %~1...
	ROBOCOPY "%~2" "%~3" /S /MIR /MT:128 /LOG:"%logs%\%~1.log" /IS /R:1 /W:1 /ZB
	echo. Done Copying %~1
	EXIT /B

:AppData
	REM Function to copy all Customizations settings that are stored in files in the AppData folder
	
	call :funcHead "Copying Customizations From AppData..."
	
	REM directories used in all versions of windows
	call :copyDir "Desktop" "%custom%\Desktop" "%default%\Desktop"	
	call :copyDir "Firefox Customizations" "%cRoam%\Mozilla" "%dRoam%\Mozilla"
	call :copyDir "Google Chrome Customizations" "%cLocal%\Google" "%dLocal%\Google"
	call :copyDir "Task Bar Pin Shortcuts" "%cRoam%\Microsoft\Internet Explorer" "%dRoam%\Microsoft\Internet Explorer"
	call :copyDir "Saleslogix" "%cRoam%\Saleslogix" "%dRoam%\Saleslogix"
	call :copyDir "Sage Software" "%cRoam%\Sage Software" "%dRoam%\Sage Software"
	call :copyDir "Saleslogix" "%cLocal%\Saleslogix" "%dLocal%\Saleslogix"
	call :copyDir "Sage Software" "%cLocal%\Sage Software" "%dLocal%\Sage Software"
	rem IF %dept%==IT (
	rem 	call :copyDir "Terminals" "%cLocal%\Robert_Chartier" "%dLocal%\Robert_Chartier"
	rem 	call :copyDir "VMware Vsphere" "%cLocal%\VMware" "%dLocal%\VMware"
	rem 	call :copyDir "VMware Vsphere" "%cRoam%\VMware" "%dRoam%\VMware"
	rem 	call :copyDir "Camtasia" "%cRoam%\TechSmith" "%dRoam%\TechSmith"
	rem 	call :copyDir "Camtasia" "%cLocal%\TechSmith" "%dLocal%\TechSmith"
	rem 	call :copyDir "slack" "%cLocal%\slack" "%dLocal%\slack"
	rem 	call :copyDir "ProgramFiles" %cPF% %dPF%
	rem )
	call :copyDir "VLC settings" "%cRoam%\vlc" "%dRoam%\vlc"
	call :copyDir "FaxFinder settings" "%cRoam%\FaxFinder Client Software" "%dRoam%\FaxFinder Client Software"
	
	REM The remaining dirs are specific to Windows 10 
	REM Note: A starup script will be required on first login to copy the favorites for Microsoft edge to the Packages directory in the newly created User
	REM That logon script would only need to be one line like so...
	REM ROBOCOPY "%localAppData%\MicrosoftEdge\User" "%localAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" /S /MIR /MT:64 /LOG:C:\logs\edgeBookmarks.txt /IS /R:1 /W:1 
	
	rem call :copyDir "Microsoft Edge Customizations" "%cLocal%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" "%dLocal%\MicrosoftEdge\User"
	call :copyDir "Start Menu Tiles Part 1 of 3" "%cLocal%\TileDataLayer" "%dLocal%\TileDataLayer"
	call :copyDir "Start Menu Tiles Part 2 of 3" "%cRoam%\Microsoft\Windows\Start Menu" "%dRoam%\Microsoft\Windows\Start Menu"
	call :copyDir "Start Menu Tiles Part 3 of 3" "%cLocal%\Microsoft\Windows\Shell" "%dLocal%\Microsoft\Windows\Shell"
	
	echo. Done Copying AppData Folders...
	call :dots
	EXIT /B

:CustomSettings
	REM This Function copies the ntuser.dat and related system files that store things like task bar pin order, 
	REM mapped network drives, taskbar toolbars, explorer settings, desktop background settings, etc.
	REM It uses xcopy to copy all files that start with ntuser via * wildcard and uses the options...
	REM \H - copy hidden system files /Y - overwrite existsing files without prompt 

	call :funcHead "Copying custom settings (i.e. task bar pins and toolbars, desktop background, etc.) from ntuser .dat system files..."
	
	XCOPY %custom%\ntuser* %default%\ /H /Y > %logs%\ntuserFiles.log

	echo. Done Copying Custom Settings
	call :dots
	EXIT /B

:CopyToNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile to network!"

	ROBOCOPY %default% %share%\Default /S /MIR /R:1 /W:1 /MT:128 /ZB /XJ
	XCOPY %default%\ntuser* %share%\Default\ /H /Y > %logs%\ntuserFilesRemote.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Batch script/snapin to Apply Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Apply-Default-Profile-args
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:27
:: Last Updated Date: 2016-05-11 16:29:08
:: Update Author: jfullmer
:: Version: 2.7
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM Requires args passed of department
	rem if department is Touchscreen autologon is enabled and fog will reboot after applying the profile

set dept=%1
call :OSversion

call :main
exit

:main
	REM main Function that just calls the other Functions

	call :funcHead "Welcome to the Windows 10 Default Profile Copy Script!"
	call :setVars
	call :CopyFromNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	set cUser=adl
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	set share=\\path\to\share\%winVer%\%dept%
	net use %share% /USER:domain\user password
		
	call :dots
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:CopyFromNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile From network!"
	echo. Delete and recreate default profile folder so there aren't remnants of other profiles...
	rmdir %default% /S /Q
	mkdir %default% 
	ROBOCOPY %share%\Default %default% /S /MIR /R:1 /W:1 /MT:128 /ZB /LOG:C:\defaultProfileApplied-%dept%.log
	XCOPY %share%\Default\ntuser* %default%\ /H /Y > C:\defaultProfile-ntuser-%dept%.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Wayne Workman

@Arrowhead-IT That is a sick setup, good job man! I’m not as skilled with batch scripting as you are, clearly.

I’ll be using this tomorrow.

x23piracy

Hi,

i don’t use that tricky registry tweaks for making a profile to default.
Ever tried STRG + SHIFT + F3 in Express Settings to enter Audit mode?
Then do your changes and fire a sysprep:

sysprep /oobe /generalize /shutdown /unattend:c:\pathtoanswerfile\unattend.xml
Make sure your unattend.xml has the copyprofile option enabled!!!
Now take your image.

If you ever need to make changes restore to vm again let it boot and goto audit mode again: sysprep /audit /reboot

I have that parts scripted for my self and can give you that stuff if you need.

Never try to uninstall staged appx apps or you break sysprep, also don’t use O&O Shutup or Stuff like that this also breaks sysprep.

Regards X23

JJ Fullmer

@x23piracy Yes I am aware of the copy profile option and that is a great method for a default profile if you only need one default profile for the image.

The end result of solving this problem was a snapin that deploys a profile to any existing windows 10 computer so that all profiles created after the profile is deployed use the customized default profile. So you can have one base image that can have any number of custom profiles added to it.
It doesn’t require the registry tweaks or anything like that. Just plain and simple copies the files that contain the settings that will create your customized profile when a new profile is created.

So you could use this method to have one image with all your programs installed and use profiles to give access to only the programs needed to different departments.

Or you could document what programs have shortcuts in each profile for each department and use fog groups to deploy the programs needed and then the profile provisioning style.

I’m sure there are other methods to do this. For example there are some group policies that can be used. This is just my solution to the problem of customizing local profiles without breaking the profiles and while still allowing users to customize the profiles themselves.

Wayne Workman

@Arrowhead-IT I’ve been trying to use the scripts you posted - lots of things going wrong.

I sorted a permissions issue on the intended share first, but I’m still getting a lot of access denied errors… Suppose I need to dig deeper, run the script as elevated.

My intention is to re-write this thing to be more simple. It’s highly complex I feel, and really overkill.

JJ Fullmer

@Wayne-Workman I do have a tendency to do that, complicating things and adding some overkill. You do need to run it as elevated because I think doing anything to the hidden C:\Users\Default folder requires elevation.

The access denied errors are usually solved by copying the script to the C drive to run locally, which is why it copies itself to the C drive to run locally. Windows command prompt and network unc paths don’t always get along. The copySelf function was my solution.