Jump to content

Should I be fiddling with ntuser file???

Guest Yobbo

By Guest Yobbo
in Windows 2003 Server

 Share

Recommended Posts

Guest Yobbo

Guest Yobbo

Posted
Posted

Hi All

 

Just want to check if the following procedure is OK to do:

 

1) On a local XP Pro SP2 machine I create a 'User' user account so that I

have 1 x admin user account and 1 x 'user' user account.

 

2) I log into the 'User' account and config Desktop, Start Menu, etc to the

way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My

Docs icon on Desktop, etc.

 

3) I log out of the 'User' account and log in as the admin.

 

4) I copy the NTUSER file from my 'User' account to the default user account

and also delete unnecessary shortcuts (eg Outlook Express) from the default

user account.

 

I now have a user profile 'look' that will 'kick in' for each user that logs

onto this machine after I've added it to my Win2003 AD/Domain.

 

I know I could probably get most of the things working this way through GPO,

but I could never figure out how to get the Auto-Arrange feature and the

'show my own desktop wallpaper, but don't show active desktop options in the

folder views' method.

 

Is the above procedure detrimental in anyway to my WinXP installation or

Win2003 AD setup?

 

Thanks

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest CraigB

Guest CraigB

Posted
Posted

RE: Should I be fiddling with ntuser file???

 

I have done the same thing at several sites, for visitor workstations as an

example and it has worked fine. One thing I also like to do is add the

network printers that are needed while “user” is logged on. This way like

you said, everyone else who logs on will get the settings you. Just also

watch out for shortcuts or icons in the “All Users” desktop or programs

folder. You also might have to reboot before the ntuser.dat file is unlocked

and you can copy it.

 

If you are trying to make a base image, I would uninstall outlook express

and anything else you did not want.

 

--

Craig

MBA-MIS, MCP, MCSA, MCSE, CCA

 

 

"Yobbo" wrote:

> Hi All

>

> Just want to check if the following procedure is OK to do:

>

> 1) On a local XP Pro SP2 machine I create a 'User' user account so that I

> have 1 x admin user account and 1 x 'user' user account.

>

> 2) I log into the 'User' account and config Desktop, Start Menu, etc to the

> way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My

> Docs icon on Desktop, etc.

>

> 3) I log out of the 'User' account and log in as the admin.

>

> 4) I copy the NTUSER file from my 'User' account to the default user account

> and also delete unnecessary shortcuts (eg Outlook Express) from the default

> user account.

>

> I now have a user profile 'look' that will 'kick in' for each user that logs

> onto this machine after I've added it to my Win2003 AD/Domain.

>

> I know I could probably get most of the things working this way through GPO,

> but I could never figure out how to get the Auto-Arrange feature and the

> 'show my own desktop wallpaper, but don't show active desktop options in the

> folder views' method.

>

> Is the above procedure detrimental in anyway to my WinXP installation or

> Win2003 AD setup?

>

> Thanks

>

>

>

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: Should I be fiddling with ntuser file???

 

Yobbo <info@NoSpamIt.com> wrote:

> Hi All

>

> Just want to check if the following procedure is OK to do:

>

> 1) On a local XP Pro SP2 machine I create a 'User' user account so

> that I have 1 x admin user account and 1 x 'user' user account.

>

> 2) I log into the 'User' account and config Desktop, Start Menu, etc

> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15

> screen saver, My Docs icon on Desktop, etc.

>

> 3) I log out of the 'User' account and log in as the admin.

>

> 4) I copy the NTUSER file from my 'User' account to the default user

> account and also delete unnecessary shortcuts (eg Outlook Express)

> from the default user account.

>

> I now have a user profile 'look' that will 'kick in' for each user

> that logs onto this machine after I've added it to my Win2003

> AD/Domain.

>

> I know I could probably get most of the things working this way

> through GPO, but I could never figure out how to get the Auto-Arrange

> feature and the 'show my own desktop wallpaper, but don't show active

> desktop options in the folder views' method.

>

> Is the above procedure detrimental in anyway to my WinXP installation

> or Win2003 AD setup?

>

> Thanks

 

I do pretty much what you do - but I make it the default for any new domain

user I create.

 

I do this to tweak everything I cannot (easily) control via group policy.

This includes power settings, Windows Explorer display settings, etc. Don't

add a mail profile, or anything that will be unique to any domain user -

keep it nice and generic.

 

Once you're done with this 'template' profile, log out - then log in as a

domain admin (or any account that has permissions to write to

\\DCname\netlogon).

 

In control panel | system, copy the 'template' user profile you created to

\\DCname\netlogon\Default User (with the proper capitalization & the

space). Set "Allowed to use" to "Everyone".

 

Then your new *domain* users will have these settings.

 

That said - a lot of what you are currently configuring in your user profile

can be done/controlled by Group Policy - including Windows Classic & Classic

Start Menu, screensaver settings, and most importantly, folder redirection

of My Documents (and perhaps also Desktop & Application Data). Do whatever

you can via group policy - it is easier to administer and customize.

Guest Darren Mar-Elia

Guest Darren Mar-Elia

Posted
Posted

Re: Should I be fiddling with ntuser file???

 

The one thing that surprises me about this working is that when you create a

user's ntuser.dat (essentially the HKCU hive file), it contains registry

permissions such that only that particular user SID (and local

Administrators and localSystem) can write to the keys within that hive. So

simply copying ntuser.dat to the Default User profile should not work unless

every user that logs into that machine is a member of the local

Administrators group. This is why you normally have to use the Control

Panel, System user profile applet or a tool like moveuser.exe to copy a

profile. Because all of these tools re-permission the reg hive on copy. So,

I would not recommend this simple file copy approach unless you don't mind

requiring all of your users to be local admin (or something else is going on

that I don't know about).

 

Darren

 

--

Darren Mar-Elia

MS-MVP-Windows Server--Group Policy

 

Script Group Policy Settings with the GPExpert Scripting Toolkit for

PowerShell!

Find out more at http://www.sdmsoftware.com/products2.php

 

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy

Information Hub:

FAQs, Training Videos, Whitepapers and Utilities for all things Group

Policy-related

 

 

 

"Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message

news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl...

> Yobbo <info@NoSpamIt.com> wrote:

>> Hi All

>>

>> Just want to check if the following procedure is OK to do:

>>

>> 1) On a local XP Pro SP2 machine I create a 'User' user account so

>> that I have 1 x admin user account and 1 x 'user' user account.

>>

>> 2) I log into the 'User' account and config Desktop, Start Menu, etc

>> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15

>> screen saver, My Docs icon on Desktop, etc.

>>

>> 3) I log out of the 'User' account and log in as the admin.

>>

>> 4) I copy the NTUSER file from my 'User' account to the default user

>> account and also delete unnecessary shortcuts (eg Outlook Express)

>> from the default user account.

>>

>> I now have a user profile 'look' that will 'kick in' for each user

>> that logs onto this machine after I've added it to my Win2003

>> AD/Domain.

>>

>> I know I could probably get most of the things working this way

>> through GPO, but I could never figure out how to get the Auto-Arrange

>> feature and the 'show my own desktop wallpaper, but don't show active

>> desktop options in the folder views' method.

>>

>> Is the above procedure detrimental in anyway to my WinXP installation

>> or Win2003 AD setup?

>>

>> Thanks

>

> I do pretty much what you do - but I make it the default for any new

> domain

> user I create.

>

> I do this to tweak everything I cannot (easily) control via group policy.

> This includes power settings, Windows Explorer display settings, etc.

> Don't

> add a mail profile, or anything that will be unique to any domain user -

> keep it nice and generic.

>

> Once you're done with this 'template' profile, log out - then log in as a

> domain admin (or any account that has permissions to write to

> \\DCname\netlogon).

>

> In control panel | system, copy the 'template' user profile you created to

> \\DCname\netlogon\Default User (with the proper capitalization & the

> space). Set "Allowed to use" to "Everyone".

>

> Then your new *domain* users will have these settings.

>

> That said - a lot of what you are currently configuring in your user

> profile can be done/controlled by Group Policy - including Windows Classic

> & Classic Start Menu, screensaver settings, and most importantly, folder

> redirection of My Documents (and perhaps also Desktop & Application Data).

> Do whatever you can via group policy - it is easier to administer and

> customize.

>

>

>

Guest xla76

Guest xla76

Posted
Posted

Re: Should I be fiddling with ntuser file???

 

On Sep 2, 7:57 pm, "Yobbo" <i...@NoSpamIt.com> wrote:

> Hi All

>

> Just want to check if the following procedure is OK to do:

>

> 1) On a local XP Pro SP2 machine I create a 'User' user account so that I

> have 1 x admin user account and 1 x 'user' user account.

>

> 2) I log into the 'User' account and config Desktop, Start Menu, etc to the

> way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My

> Docs icon on Desktop, etc.

>

> 3) I log out of the 'User' account and log in as the admin.

>

> 4) I copy the NTUSER file from my 'User' account to the default user account

> and also delete unnecessary shortcuts (eg Outlook Express) from the default

> user account.

>

> I now have a user profile 'look' that will 'kick in' for each user that logs

> onto this machine after I've added it to my Win2003 AD/Domain.

>

> I know I could probably get most of the things working this way through GPO,

> but I could never figure out how to get the Auto-Arrange feature and the

> 'show my own desktop wallpaper, but don't show active desktop options in the

> folder views' method.

>

> Is the above procedure detrimental in anyway to my WinXP installation or

> Win2003 AD setup?

>

> Thanks

 

Quite the reverse, it has been standard recommended procedure since

pre NT4 days.

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: Should I be fiddling with ntuser file???

 

Darren Mar-Elia <dmanonymous@microsoft.com> wrote:

> The one thing that surprises me about this working is that when you

> create a user's ntuser.dat (essentially the HKCU hive file), it

> contains registry permissions such that only that particular user SID

> (and local Administrators and localSystem) can write to the keys

> within that hive. So simply copying ntuser.dat to the Default User

> profile should not work unless every user that logs into that machine

> is a member of the local Administrators group.

 

ah! I didn't notice the bit about manually copying over that file - good

catch. I don't do this; I use the "copy to...." in control panel | system.

 

 

 

This is why you

> normally have to use the Control Panel, System user profile applet or

> a tool like moveuser.exe to copy a profile. Because all of these

> tools re-permission the reg hive on copy. So, I would not recommend

> this simple file copy approach unless you don't mind requiring all of

> your users to be local admin (or something else is going on that I

> don't know about).

> Darren

>

>

> "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in

> message news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl...

>> Yobbo <info@NoSpamIt.com> wrote:

>>> Hi All

>>>

>>> Just want to check if the following procedure is OK to do:

>>>

>>> 1) On a local XP Pro SP2 machine I create a 'User' user account so

>>> that I have 1 x admin user account and 1 x 'user' user account.

>>>

>>> 2) I log into the 'User' account and config Desktop, Start Menu, etc

>>> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15

>>> screen saver, My Docs icon on Desktop, etc.

>>>

>>> 3) I log out of the 'User' account and log in as the admin.

>>>

>>> 4) I copy the NTUSER file from my 'User' account to the default user

>>> account and also delete unnecessary shortcuts (eg Outlook Express)

>>> from the default user account.

>>>

>>> I now have a user profile 'look' that will 'kick in' for each user

>>> that logs onto this machine after I've added it to my Win2003

>>> AD/Domain.

>>>

>>> I know I could probably get most of the things working this way

>>> through GPO, but I could never figure out how to get the

>>> Auto-Arrange feature and the 'show my own desktop wallpaper, but

>>> don't show active desktop options in the folder views' method.

>>>

>>> Is the above procedure detrimental in anyway to my WinXP

>>> installation or Win2003 AD setup?

>>>

>>> Thanks

>>

>> I do pretty much what you do - but I make it the default for any new

>> domain

>> user I create.

>>

>> I do this to tweak everything I cannot (easily) control via group

>> policy. This includes power settings, Windows Explorer display

>> settings, etc. Don't

>> add a mail profile, or anything that will be unique to any domain

>> user - keep it nice and generic.

>>

>> Once you're done with this 'template' profile, log out - then log

>> in as a domain admin (or any account that has permissions to write to

>> \\DCname\netlogon).

>>

>> In control panel | system, copy the 'template' user profile you

>> created to \\DCname\netlogon\Default User (with the proper

>> capitalization & the space). Set "Allowed to use" to "Everyone".

>>

>> Then your new *domain* users will have these settings.

>>

>> That said - a lot of what you are currently configuring in your user

>> profile can be done/controlled by Group Policy - including Windows

>> Classic & Classic Start Menu, screensaver settings, and most

>> importantly, folder redirection of My Documents (and perhaps also

>> Desktop & Application Data). Do whatever you can via group policy -

>> it is easier to administer and customize.

 Share
Go to topic listing
×
×
  • Create New...