Video Screencast Help
Search Video Help Close Back
to help

Task copies imaged machine's Administrator profile?

Created: 25 Sep 2012 | 5 comments
boonet's picture
boonet
0 0 Votes
Login to vote

In 7.1,

I configure the machine using the Administrator account.  In my unattend file, CopyProfile is set to True.  In theory, shouldn't this copy everything to the Default profile and then delete it?

When I capture the above image and deploy it to the other machine, if I go into C:\Users, it lists the Administrator account from the other machine along with the local Administrator account, with the old one being followed by the computer name.

In 6.9, when I used the same unattend file, it would correctly copy the profile to the Default user account, and delete the Administrator account.

Is there something different about the task that Altiris uses to Sysprep?

Thank you

Discussion Filed Under:
, , , ,

Comments 5 CommentsJump to latest comment

boonet's picture
boonet
Task copies imaged machine's Administrator profile? - Comment:25 Sep 2012 : Link

In case anyone's curious, below is the unattend file that is used in the capture process:

 

  1. <?xml version="1.0" encoding="utf-8"?>
  2.  
  3. <unattend xmlns="urn:schemas-microsoft-com:unattend">
  4.  
  5.     <settings pass="generalize">
  6.  
  7.         <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  8.  
  9.             <SkipRearm>1</SkipRearm>
  10.  
  11.         </component>
  12.  
  13.     </settings>
  14.  
  15.     <settings pass="specialize">
  16.  
  17.         <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  18.  
  19.             <RunSynchronous>
  20.  
  21.                 <RunSynchronousCommand wcm:action="add">
  22.  
  23.                     <Order>1</Order>
  24.  
  25.                     <Path>net user administrator /active:yes</Path>
  26.  
  27.                 </RunSynchronousCommand>
  28.  
  29.             </RunSynchronous>
  30.  
  31.         </component>
  32.  
  33.         <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  34.  
  35.             <CompanyName>DB</CompanyName>
  36.  
  37.             <DisableAccelerators>true</DisableAccelerators>
  38.  
  39.             <DisableFirstRunWizard>true</DisableFirstRunWizard>
  40.  
  41.             <DisableOOBAccelerators>true</DisableOOBAccelerators>
  42.  
  43.             <Home_Page>www.db.com</Home_Page>
  44.  
  45.             <LocalIntranetSites>inside.db.com</LocalIntranetSites>
  46.  
  47.             <ShowInformationBar>true</ShowInformationBar>
  48.  
  49.             <ShowMenuBar>true</ShowMenuBar>
  50.  
  51.             <TrustedSites>inside.db.com</TrustedSites>
  52.  
  53.         </component>
  54.  
  55.         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  56.  
  57.             <CopyProfile>true</CopyProfile>
  58.  
  59.             <ShowWindowsLive>false</ShowWindowsLive>
  60.  
  61.             <TimeZone>Central Standard Time</TimeZone>
  62.  
  63.         </component>
  64.  
  65.         <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  66.  
  67.             <fDenyTSConnections>false</fDenyTSConnections>
  68.  
  69.         </component>
  70.  
  71.         <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  72.  
  73.             <FirewallGroups>
  74.  
  75.                 <FirewallGroup wcm:action="add" wcm:keyValue="1">
  76.  
  77.                     <Active>true</Active>
  78.  
  79.                     <Profile>all</Profile>
  80.  
  81.                     <Group>Remote Desktop</Group>
  82.  
  83.                 </FirewallGroup>
  84.  
  85.             </FirewallGroups>
  86.  
  87.             <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
  88.  
  89.             <PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
  90.  
  91.             <PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
  92.  
  93.         </component>
  94.  
  95.     </settings>
  96.  
  97.     <settings pass="auditSystem">
  98.  
  99.         <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  100.  
  101.             <DriverPaths>
  102.  
  103.                 <PathAndCredentials wcm:action="add" wcm:keyValue="628725cd">
  104.  
  105.                     <Credentials>
  106.  
  107.                         <Domain>db</Domain>
  108.  
  109.                         <Password>altirisdeploy</Password>
  110.  
  111.                         <Username>deploy</Username>
  112.  
  113.                     </Credentials>
  114.  
  115.                     <Path>\\dbgbat1\express\Deploy\Distribution_Share\Out-of-Box Drivers</Path>
  116.  
  117.                 </PathAndCredentials>
  118.  
  119.             </DriverPaths>
  120.  
  121.         </component>
  122.  
  123.     </settings>
  124.  
  125.     <settings pass="oobeSystem">
  126.  
  127.         <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  128.  
  129.             <InputLocale>en-us</InputLocale>
  130.  
  131.             <SystemLocale>en-us</SystemLocale>
  132.  
  133.             <UILanguage>en-us</UILanguage>
  134.  
  135.             <UserLocale>en-us</UserLocale>
  136.  
  137.         </component>
  138.  
  139.         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  140.  
  141.             <OOBE>
  142.  
  143.                 <HideEULAPage>true</HideEULAPage>
  144.  
  145.                 <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
  146.  
  147.                 <NetworkLocation>Work</NetworkLocation>
  148.  
  149.                 <ProtectYourPC>3</ProtectYourPC>
  150.  
  151.             </OOBE>
  152.  
  153.             <UserAccounts>
  154.  
  155.                 <AdministratorPassword>
  156.  
  157.                     <Value>VAB1AHIAbgAwAFYARQBSAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value>
  158.  
  159.                     <PlainText>false</PlainText>
  160.  
  161.                 </AdministratorPassword>
  162.  
  163.                 <LocalAccounts>
  164.  
  165.                     <LocalAccount wcm:action="add">
  166.  
  167.                         <Password>
  168.  
  169.                             <Value>VAB1AHIAbgAwAFYARQBSAFAAYQBzAHMAdwBvAHIAZAA=</Value>
  170.  
  171.                             <PlainText>false</PlainText>
  172.  
  173.                         </Password>
  174.  
  175.                         <Description>Local Administrator</Description>
  176.  
  177.                         <DisplayName>Administrator</DisplayName>
  178.  
  179.                         <Group>Administrators</Group>
  180.  
  181.                         <Name>Administrator</Name>
  182.  
  183.                     </LocalAccount>
  184.  
  185.                 </LocalAccounts>
  186.  
  187.                 <DomainAccounts>
  188.  
  189.                     <DomainAccountList wcm:action="add">
  190.  
  191.                         <Domain>b.com</Domain>
  192.  
  193.                         <DomainAccount wcm:action="add">
  194.  
  195.                             <Group>ISWorkstationSupport</Group>
  196.  
  197.                             <Name>ISWorkstationSupport</Name>
  198.  
  199.                         </DomainAccount>
  200.  
  201.                     </DomainAccountList>
  202.  
  203.                 </DomainAccounts>
  204.  
  205.             </UserAccounts>
  206.  
  207.             <RegisteredOrganization>DB</RegisteredOrganization>
  208.  
  209.             <RegisteredOwner>DB</RegisteredOwner>
  210.  
  211.             <TimeZone>Central Standard Time</TimeZone>
  212.  
  213.         </component>
  214.  
  215.     </settings>
  216.  
  217.     <cpi:offlineImage cpi:source="wim://dbgbat1/express/deploy/win7_x64_ent/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
  218.  
  219. </unattend>
0
Login to vote
  • Actions
boonet's picture
boonet
Task copies imaged machine's Administrator profile? - Comment:27 Sep 2012 : Link

Any thoughts on this?

I tried deleting the extra Administrator account on the laptop and recapturing the image, but when deploying it, it still has both the Administrator and Administrator.PCname listed.

0
Login to vote
  • Actions
Thomas Baird's picture
Thomas Baird Symantec Employee Accredited Certified
Task copies imaged machine's Administrator profile? - Comment:02 Oct 2012 : Link

You should take a peek at the unattend file that is on the system immediately prior to reboot and see if it has been modified.  We modify the unattend file a couple of times, so don't assume what you used during capture is there on deploy.  Just check on the actual system right before reboot to see if your custom changes are still present or not.

Then let us know.

Thomas Baird
Principal Technical Support Engineer
Endpoint Management - Deployment Sol

0
Login to vote
  • Actions
boonet's picture
boonet
Task copies imaged machine's Administrator profile? - Comment:02 Oct 2012 : Link

Hi Thomas,

Thank you for the suggestion.  Earlier in the process, I was having difficulty getting the image to apply the configuration at all.  Finally, I found out that I needed to replace the unattend file located in the following directory:

\Program Files\Altiris\Notification Server\NSCap\bin\Win32\X86\Deployment

Once I was able to do that, the configuration applied as it was supposed to.

When I now deploy that image, it has the same unattend file located in \Windows\Panther of the machine.

I hope that is helpful.

Tom

0
Login to vote
  • Actions
mwysocki's picture
mwysocki
Task copies imaged machine's Administrator profile? - Comment:03 Oct 2012 : Link

The way i do this since I don't want all users to have the same profile as the local admin one what i do is as follows.

 

1) log onto my base system as a different user with Admin rights and right click and drag the admin profile and make a copy of it.

2) I then rename it to admin - copy and change the security so it is not inherited and that only the administrators group and system have full control rights.

3) Run sysprep as usual without having it copy the admin profile to the default profile, and it is set to have the local admin log on once after the mini setup.

4) As part of my image drop job after the reboot to production task I run a log off task then run a script that basically replaces the Administrator profile with the copy I made.

This is the script.

rd C:\Users\Administrator /s /q

ren "C:\Users\Admin - Copy" Administrator

ICACLS C:\Users\Administrator /GRANT Administrator:(CI)(OI)F

A little cumberosme but it works great as long as you remember to have the admin - copy profile in your base image if you ever update it.

0
Login to vote
  • Actions