Guest Yobbo Posted September 2, 2007 Posted September 2, 2007 Hi All Just want to check if the following procedure is OK to do: 1) On a local XP Pro SP2 machine I create a 'User' user account so that I have 1 x admin user account and 1 x 'user' user account. 2) I log into the 'User' account and config Desktop, Start Menu, etc to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My Docs icon on Desktop, etc. 3) I log out of the 'User' account and log in as the admin. 4) I copy the NTUSER file from my 'User' account to the default user account and also delete unnecessary shortcuts (eg Outlook Express) from the default user account. I now have a user profile 'look' that will 'kick in' for each user that logs onto this machine after I've added it to my Win2003 AD/Domain. I know I could probably get most of the things working this way through GPO, but I could never figure out how to get the Auto-Arrange feature and the 'show my own desktop wallpaper, but don't show active desktop options in the folder views' method. Is the above procedure detrimental in anyway to my WinXP installation or Win2003 AD setup? Thanks
Guest CraigB Posted September 2, 2007 Posted September 2, 2007 RE: Should I be fiddling with ntuser file??? I have done the same thing at several sites, for visitor workstations as an example and it has worked fine. One thing I also like to do is add the network printers that are needed while “user” is logged on. This way like you said, everyone else who logs on will get the settings you. Just also watch out for shortcuts or icons in the “All Users” desktop or programs folder. You also might have to reboot before the ntuser.dat file is unlocked and you can copy it. If you are trying to make a base image, I would uninstall outlook express and anything else you did not want. -- Craig MBA-MIS, MCP, MCSA, MCSE, CCA "Yobbo" wrote: > Hi All > > Just want to check if the following procedure is OK to do: > > 1) On a local XP Pro SP2 machine I create a 'User' user account so that I > have 1 x admin user account and 1 x 'user' user account. > > 2) I log into the 'User' account and config Desktop, Start Menu, etc to the > way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My > Docs icon on Desktop, etc. > > 3) I log out of the 'User' account and log in as the admin. > > 4) I copy the NTUSER file from my 'User' account to the default user account > and also delete unnecessary shortcuts (eg Outlook Express) from the default > user account. > > I now have a user profile 'look' that will 'kick in' for each user that logs > onto this machine after I've added it to my Win2003 AD/Domain. > > I know I could probably get most of the things working this way through GPO, > but I could never figure out how to get the Auto-Arrange feature and the > 'show my own desktop wallpaper, but don't show active desktop options in the > folder views' method. > > Is the above procedure detrimental in anyway to my WinXP installation or > Win2003 AD setup? > > Thanks > > >
Guest Lanwench [MVP - Exchange] Posted September 2, 2007 Posted September 2, 2007 Re: Should I be fiddling with ntuser file??? Yobbo <info@NoSpamIt.com> wrote: > Hi All > > Just want to check if the following procedure is OK to do: > > 1) On a local XP Pro SP2 machine I create a 'User' user account so > that I have 1 x admin user account and 1 x 'user' user account. > > 2) I log into the 'User' account and config Desktop, Start Menu, etc > to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15 > screen saver, My Docs icon on Desktop, etc. > > 3) I log out of the 'User' account and log in as the admin. > > 4) I copy the NTUSER file from my 'User' account to the default user > account and also delete unnecessary shortcuts (eg Outlook Express) > from the default user account. > > I now have a user profile 'look' that will 'kick in' for each user > that logs onto this machine after I've added it to my Win2003 > AD/Domain. > > I know I could probably get most of the things working this way > through GPO, but I could never figure out how to get the Auto-Arrange > feature and the 'show my own desktop wallpaper, but don't show active > desktop options in the folder views' method. > > Is the above procedure detrimental in anyway to my WinXP installation > or Win2003 AD setup? > > Thanks I do pretty much what you do - but I make it the default for any new domain user I create. I do this to tweak everything I cannot (easily) control via group policy. This includes power settings, Windows Explorer display settings, etc. Don't add a mail profile, or anything that will be unique to any domain user - keep it nice and generic. Once you're done with this 'template' profile, log out - then log in as a domain admin (or any account that has permissions to write to \\DCname\netlogon). In control panel | system, copy the 'template' user profile you created to \\DCname\netlogon\Default User (with the proper capitalization & the space). Set "Allowed to use" to "Everyone". Then your new *domain* users will have these settings. That said - a lot of what you are currently configuring in your user profile can be done/controlled by Group Policy - including Windows Classic & Classic Start Menu, screensaver settings, and most importantly, folder redirection of My Documents (and perhaps also Desktop & Application Data). Do whatever you can via group policy - it is easier to administer and customize.
Guest Darren Mar-Elia Posted September 3, 2007 Posted September 3, 2007 Re: Should I be fiddling with ntuser file??? The one thing that surprises me about this working is that when you create a user's ntuser.dat (essentially the HKCU hive file), it contains registry permissions such that only that particular user SID (and local Administrators and localSystem) can write to the keys within that hive. So simply copying ntuser.dat to the Default User profile should not work unless every user that logs into that machine is a member of the local Administrators group. This is why you normally have to use the Control Panel, System user profile applet or a tool like moveuser.exe to copy a profile. Because all of these tools re-permission the reg hive on copy. So, I would not recommend this simple file copy approach unless you don't mind requiring all of your users to be local admin (or something else is going on that I don't know about). Darren -- Darren Mar-Elia MS-MVP-Windows Server--Group Policy Script Group Policy Settings with the GPExpert Scripting Toolkit for PowerShell! Find out more at http://www.sdmsoftware.com/products2.php Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy Information Hub: FAQs, Training Videos, Whitepapers and Utilities for all things Group Policy-related "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl... > Yobbo <info@NoSpamIt.com> wrote: >> Hi All >> >> Just want to check if the following procedure is OK to do: >> >> 1) On a local XP Pro SP2 machine I create a 'User' user account so >> that I have 1 x admin user account and 1 x 'user' user account. >> >> 2) I log into the 'User' account and config Desktop, Start Menu, etc >> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15 >> screen saver, My Docs icon on Desktop, etc. >> >> 3) I log out of the 'User' account and log in as the admin. >> >> 4) I copy the NTUSER file from my 'User' account to the default user >> account and also delete unnecessary shortcuts (eg Outlook Express) >> from the default user account. >> >> I now have a user profile 'look' that will 'kick in' for each user >> that logs onto this machine after I've added it to my Win2003 >> AD/Domain. >> >> I know I could probably get most of the things working this way >> through GPO, but I could never figure out how to get the Auto-Arrange >> feature and the 'show my own desktop wallpaper, but don't show active >> desktop options in the folder views' method. >> >> Is the above procedure detrimental in anyway to my WinXP installation >> or Win2003 AD setup? >> >> Thanks > > I do pretty much what you do - but I make it the default for any new > domain > user I create. > > I do this to tweak everything I cannot (easily) control via group policy. > This includes power settings, Windows Explorer display settings, etc. > Don't > add a mail profile, or anything that will be unique to any domain user - > keep it nice and generic. > > Once you're done with this 'template' profile, log out - then log in as a > domain admin (or any account that has permissions to write to > \\DCname\netlogon). > > In control panel | system, copy the 'template' user profile you created to > \\DCname\netlogon\Default User (with the proper capitalization & the > space). Set "Allowed to use" to "Everyone". > > Then your new *domain* users will have these settings. > > That said - a lot of what you are currently configuring in your user > profile can be done/controlled by Group Policy - including Windows Classic > & Classic Start Menu, screensaver settings, and most importantly, folder > redirection of My Documents (and perhaps also Desktop & Application Data). > Do whatever you can via group policy - it is easier to administer and > customize. > > >
Guest xla76 Posted September 4, 2007 Posted September 4, 2007 Re: Should I be fiddling with ntuser file??? On Sep 2, 7:57 pm, "Yobbo" <i...@NoSpamIt.com> wrote: > Hi All > > Just want to check if the following procedure is OK to do: > > 1) On a local XP Pro SP2 machine I create a 'User' user account so that I > have 1 x admin user account and 1 x 'user' user account. > > 2) I log into the 'User' account and config Desktop, Start Menu, etc to the > way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My > Docs icon on Desktop, etc. > > 3) I log out of the 'User' account and log in as the admin. > > 4) I copy the NTUSER file from my 'User' account to the default user account > and also delete unnecessary shortcuts (eg Outlook Express) from the default > user account. > > I now have a user profile 'look' that will 'kick in' for each user that logs > onto this machine after I've added it to my Win2003 AD/Domain. > > I know I could probably get most of the things working this way through GPO, > but I could never figure out how to get the Auto-Arrange feature and the > 'show my own desktop wallpaper, but don't show active desktop options in the > folder views' method. > > Is the above procedure detrimental in anyway to my WinXP installation or > Win2003 AD setup? > > Thanks Quite the reverse, it has been standard recommended procedure since pre NT4 days.
Guest Lanwench [MVP - Exchange] Posted September 5, 2007 Posted September 5, 2007 Re: Should I be fiddling with ntuser file??? Darren Mar-Elia <dmanonymous@microsoft.com> wrote: > The one thing that surprises me about this working is that when you > create a user's ntuser.dat (essentially the HKCU hive file), it > contains registry permissions such that only that particular user SID > (and local Administrators and localSystem) can write to the keys > within that hive. So simply copying ntuser.dat to the Default User > profile should not work unless every user that logs into that machine > is a member of the local Administrators group. ah! I didn't notice the bit about manually copying over that file - good catch. I don't do this; I use the "copy to...." in control panel | system. This is why you > normally have to use the Control Panel, System user profile applet or > a tool like moveuser.exe to copy a profile. Because all of these > tools re-permission the reg hive on copy. So, I would not recommend > this simple file copy approach unless you don't mind requiring all of > your users to be local admin (or something else is going on that I > don't know about). > Darren > > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl... >> Yobbo <info@NoSpamIt.com> wrote: >>> Hi All >>> >>> Just want to check if the following procedure is OK to do: >>> >>> 1) On a local XP Pro SP2 machine I create a 'User' user account so >>> that I have 1 x admin user account and 1 x 'user' user account. >>> >>> 2) I log into the 'User' account and config Desktop, Start Menu, etc >>> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15 >>> screen saver, My Docs icon on Desktop, etc. >>> >>> 3) I log out of the 'User' account and log in as the admin. >>> >>> 4) I copy the NTUSER file from my 'User' account to the default user >>> account and also delete unnecessary shortcuts (eg Outlook Express) >>> from the default user account. >>> >>> I now have a user profile 'look' that will 'kick in' for each user >>> that logs onto this machine after I've added it to my Win2003 >>> AD/Domain. >>> >>> I know I could probably get most of the things working this way >>> through GPO, but I could never figure out how to get the >>> Auto-Arrange feature and the 'show my own desktop wallpaper, but >>> don't show active desktop options in the folder views' method. >>> >>> Is the above procedure detrimental in anyway to my WinXP >>> installation or Win2003 AD setup? >>> >>> Thanks >> >> I do pretty much what you do - but I make it the default for any new >> domain >> user I create. >> >> I do this to tweak everything I cannot (easily) control via group >> policy. This includes power settings, Windows Explorer display >> settings, etc. Don't >> add a mail profile, or anything that will be unique to any domain >> user - keep it nice and generic. >> >> Once you're done with this 'template' profile, log out - then log >> in as a domain admin (or any account that has permissions to write to >> \\DCname\netlogon). >> >> In control panel | system, copy the 'template' user profile you >> created to \\DCname\netlogon\Default User (with the proper >> capitalization & the space). Set "Allowed to use" to "Everyone". >> >> Then your new *domain* users will have these settings. >> >> That said - a lot of what you are currently configuring in your user >> profile can be done/controlled by Group Policy - including Windows >> Classic & Classic Start Menu, screensaver settings, and most >> importantly, folder redirection of My Documents (and perhaps also >> Desktop & Application Data). Do whatever you can via group policy - >> it is easier to administer and customize.
Recommended Posts