Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Task copies imaged machine's Administrator profile?

Created: 25 Sep 2012 | 5 comments

In 7.1,

I configure the machine using the Administrator account.  In my unattend file, CopyProfile is set to True.  In theory, shouldn't this copy everything to the Default profile and then delete it?

When I capture the above image and deploy it to the other machine, if I go into C:\Users, it lists the Administrator account from the other machine along with the local Administrator account, with the old one being followed by the computer name.

In 6.9, when I used the same unattend file, it would correctly copy the profile to the Default user account, and delete the Administrator account.

Is there something different about the task that Altiris uses to Sysprep?

Thank you

Comments 5 CommentsJump to latest comment

boonet's picture

In case anyone's curious, below is the unattend file that is used in the capture process:

  1. <?xml version="1.0" encoding="utf-8"?>
  2.  
  3. <unattend xmlns="urn:schemas-microsoft-com:unattend">
  4.  
  5.     <settings pass="generalize">
  6.  
  7.         <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  8.  
  9.             <SkipRearm>1</SkipRearm>
  10.  
  11.         </component>
  12.  
  13.     </settings>
  14.  
  15.     <settings pass="specialize">
  16.  
  17.         <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  18.  
  19.             <RunSynchronous>
  20.  
  21.                 <RunSynchronousCommand wcm:action="add">
  22.  
  23.                     <Order>1</Order>
  24.  
  25.                     <Path>net user administrator /active:yes</Path>
  26.  
  27.                 </RunSynchronousCommand>
  28.  
  29.             </RunSynchronous>
  30.  
  31.         </component>
  32.  
  33.         <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  34.  
  35.             <CompanyName>DB</CompanyName>
  36.  
  37.             <DisableAccelerators>true</DisableAccelerators>
  38.  
  39.             <DisableFirstRunWizard>true</DisableFirstRunWizard>
  40.  
  41.             <DisableOOBAccelerators>true</DisableOOBAccelerators>
  42.  
  43.             <Home_Page>www.db.com</Home_Page>
  44.  
  45.             <LocalIntranetSites>inside.db.com</LocalIntranetSites>
  46.  
  47.             <ShowInformationBar>true</ShowInformationBar>
  48.  
  49.             <ShowMenuBar>true</ShowMenuBar>
  50.  
  51.             <TrustedSites>inside.db.com</TrustedSites>
  52.  
  53.         </component>
  54.  
  55.         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  56.  
  57.             <CopyProfile>true</CopyProfile>
  58.  
  59.             <ShowWindowsLive>false</ShowWindowsLive>
  60.  
  61.             <TimeZone>Central Standard Time</TimeZone>
  62.  
  63.         </component>
  64.  
  65.         <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  66.  
  67.             <fDenyTSConnections>false</fDenyTSConnections>
  68.  
  69.         </component>
  70.  
  71.         <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  72.  
  73.             <FirewallGroups>
  74.  
  75.                 <FirewallGroup wcm:action="add" wcm:keyValue="1">
  76.  
  77.                     <Active>true</Active>
  78.  
  79.                     <Profile>all</Profile>
  80.  
  81.                     <Group>Remote Desktop</Group>
  82.  
  83.                 </FirewallGroup>
  84.  
  85.             </FirewallGroups>
  86.  
  87.             <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
  88.  
  89.             <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
  90.  
  91.             <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
  92.  
  93.         </component>
  94.  
  95.     </settings>
  96.  
  97.     <settings pass="auditSystem">
  98.  
  99.         <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  100.  
  101.             <DriverPaths>
  102.  
  103.                 <PathAndCredentials wcm:action="add" wcm:keyValue="628725cd">
  104.  
  105.                     <Credentials>
  106.  
  107.                         <Domain>db</Domain>
  108.  
  109.                         <Password>altirisdeploy</Password>
  110.  
  111.                         <Username>deploy</Username>
  112.  
  113.                     </Credentials>
  114.  
  115.                     <Path>\\dbgbat1\express\Deploy\Distribution_Share\Out-of-Box Drivers</Path>
  116.  
  117.                 </PathAndCredentials>
  118.  
  119.             </DriverPaths>
  120.  
  121.         </component>
  122.  
  123.     </settings>
  124.  
  125.     <settings pass="oobeSystem">
  126.  
  127.         <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  128.  
  129.             <InputLocale>en-us</InputLocale>
  130.  
  131.             <SystemLocale>en-us</SystemLocale>
  132.  
  133.             <UILanguage>en-us</UILanguage>
  134.  
  135.             <UserLocale>en-us</UserLocale>
  136.  
  137.         </component>
  138.  
  139.         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  140.  
  141.             <OOBE>
  142.  
  143.                 <HideEULAPage>true</HideEULAPage>
  144.  
  145.                 <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
  146.  
  147.                 <NetworkLocation>Work</NetworkLocation>
  148.  
  149.                 <ProtectYourPC>3</ProtectYourPC>
  150.  
  151.             </OOBE>
  152.  
  153.             <UserAccounts>
  154.  
  155.                 <AdministratorPassword>
  156.  
  157.                     <Value>VAB1AHIAbgAwAFYARQBSAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value>
  158.  
  159.                     <PlainText>false</PlainText>
  160.  
  161.                 </AdministratorPassword>
  162.  
  163.                 <LocalAccounts>
  164.  
  165.                     <LocalAccount wcm:action="add">
  166.  
  167.                         <Password>
  168.  
  169.                             <Value>VAB1AHIAbgAwAFYARQBSAFAAYQBzAHMAdwBvAHIAZAA=</Value>
  170.  
  171.                             <PlainText>false</PlainText>
  172.  
  173.                         </Password>
  174.  
  175.                         <Description>Local Administrator</Description>
  176.  
  177.                         <DisplayName>Administrator</DisplayName>
  178.  
  179.                         <Group>Administrators</Group>
  180.  
  181.                         <Name>Administrator</Name>
  182.  
  183.                     </LocalAccount>
  184.  
  185.                 </LocalAccounts>
  186.  
  187.                 <DomainAccounts>
  188.  
  189.                     <DomainAccountList wcm:action="add">
  190.  
  191.                         <Domain>b.com</Domain>
  192.  
  193.                         <DomainAccount wcm:action="add">
  194.  
  195.                             <Group>ISWorkstationSupport</Group>
  196.  
  197.                             <Name>ISWorkstationSupport</Name>
  198.  
  199.                         </DomainAccount>
  200.  
  201.                     </DomainAccountList>
  202.  
  203.                 </DomainAccounts>
  204.  
  205.             </UserAccounts>
  206.  
  207.             <RegisteredOrganization>DB</RegisteredOrganization>
  208.  
  209.             <RegisteredOwner>DB</RegisteredOwner>
  210.  
  211.             <TimeZone>Central Standard Time</TimeZone>
  212.  
  213.         </component>
  214.  
  215.     </settings>
  216.  
  217.     <cpi:offlineImage cpi:source="wim://dbgbat1/express/deploy/win7_x64_ent/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
  218.  
  219. </unattend>
boonet's picture

Any thoughts on this?

I tried deleting the extra Administrator account on the laptop and recapturing the image, but when deploying it, it still has both the Administrator and Administrator.PCname listed.

Thomas Baird's picture

You should take a peek at the unattend file that is on the system immediately prior to reboot and see if it has been modified.  We modify the unattend file a couple of times, so don't assume what you used during capture is there on deploy.  Just check on the actual system right before reboot to see if your custom changes are still present or not.

Then let us know.

Thomas Baird
Enthusiast for making things better!

boonet's picture

Hi Thomas,

Thank you for the suggestion.  Earlier in the process, I was having difficulty getting the image to apply the configuration at all.  Finally, I found out that I needed to replace the unattend file located in the following directory:

\Program Files\Altiris\Notification Server\NSCap\bin\Win32\X86\Deployment

Once I was able to do that, the configuration applied as it was supposed to.

When I now deploy that image, it has the same unattend file located in \Windows\Panther of the machine.

I hope that is helpful.

Tom

mwysocki's picture

The way i do this since I don't want all users to have the same profile as the local admin one what i do is as follows.

1) log onto my base system as a different user with Admin rights and right click and drag the admin profile and make a copy of it.

2) I then rename it to admin - copy and change the security so it is not inherited and that only the administrators group and system have full control rights.

3) Run sysprep as usual without having it copy the admin profile to the default profile, and it is set to have the local admin log on once after the mini setup.

4) As part of my image drop job after the reboot to production task I run a log off task then run a script that basically replaces the Administrator profile with the copy I made.

This is the script.

rd C:\Users\Administrator /s /q

ren "C:\Users\Admin - Copy" Administrator

ICACLS C:\Users\Administrator /GRANT Administrator:(CI)(OI)F

A little cumberosme but it works great as long as you remember to have the admin - copy profile in your base image if you ever update it.