If you are an admin of a Windows-based network, there are a number of reasons why you

might want to customize the default user profile. For example:

 You might want to customize users' desktops prior to deploying Windows 7 onto new
computers so that users have a pre-configured desktop experience to start from.

 You might want to use roaming profiles to enable users to roam between different
computers on your network while accessing their own personalized desktops and you
might want to customize the initial desktop experience of your users.

 You might want to use mandatory roaming profiles to provide a locked-down,

customized desktop experience to users in a Remote Desktop Services (RDS) or
Virtual Desktop Infrastructure (VDI) environment based on Windows Server 2008 R2
SP1 Hyper-V.

Unfortunately, the method used for customizing` the default user profile in previous versions
of Windows—customizing the Administrator account and then copying the Administrator
user profile over the Default User profile—doesn't work anymore in Windows 7. In fact, that
method, which has been used since Windows NT and was documented in several Knowledge
Base articles on TechNet (articles that have since been pulled) never really worked properly
in the first place! It worked pretty well with Windows NT, but as the Windows shell
(desktop) became increasingly complex through Windows 2000, Windows XP and Windows
Vista, following the old method for customizing the default user profile caused some strange
things to happen on users' computers, such as certain user profile folders having incorrect
names, files for certain applications being saved in the wrong folders, and various other
unpredictable and hard to reproduce problems.

So if you want your desktop computers to be in a supported configuration, you now need to
follow the new, improved—and fully supported by Microsoft—method for customizing the
default user profile. This series of articles walks you through the steps involved in
customizing the default user profile for Windows 7 and Windows Server 2008 R2, explains
how to use your customized profile as a default network profile for roaming scenarios, and
discusses various issues including the limitations of profile customization on these platforms.
The method used for customizing the default user profile involves using Microsoft
Deployment Toolkit (MDT 2010) Update 1 and if you aren't familiar with how to use MDT
you should first work through my 29-part series of articles titled Deploying Windows 7 here
on WindowsNetworking.com.

1.  Create a Task Sequence for Deploying your Reference

Build
To customize our default user profile, we're going to deploy Windows 7 on a computer called
our master or reference computer. The installation will be called our master installation or
reference build. Then we're going to customize our reference build as desired, sysprep it,
capture an image of the build, and finally deploy the customized, captured image onto our
target computers (users' computers).
Start by opening the Deployment Workbench on the computer that has MDT 2010 Update 1
installed. Expand your deployment share, right click on the Task Sequences folder, and select
New Task Sequence to create a new task sequence for deploying your reference build. We'll
call this task sequence STEP-1 as shown below:

Figure 1: Step 1 of creating a task sequence for deploying the reference build.

Select the Standard Client Task Sequence from the drop down list of task sequence
templates:

Figure 2: Step 2 of creating a task sequence for deploying the reference build.

Select the operating system you want to deploy, which in this walkthrough is Windows 7 x64
Enterprise Edition:
Figure 3: Step 3 of creating a task sequence for deploying the reference build.

Step through the remaining pages of the wizard until you're finished. For example, we
specified the password for the local Administrator account in the task sequence:

Figure 4: Step 4 of creating a task sequence for deploying the reference build.

2. Create a Task Sequence for ‘Sysprepping’ and

Capturing your Reference Build
Next, we need to create a second task sequence. This second task sequence will be used to do
two things:
  Sysprep the reference build (after you've customized it) in order to generalize the
installation by removing machine-specific information such as security identifiers
(SIDs), the contents of event logs, any system restore points, installed Plug and Play
drivers, and so on.

 Capture an image (.wim file) of the ‘sysprepped’ reference build and upload the
captured image to your MDT computer.

Once your customized reference build has been ‘sysprepped’ and captured, you can then use
MDT to deploy the captured image to your target computers. From the Deployment
Workbench, launch the New Task Sequence Wizard again and give your new task sequence a
name like STEP-2 as shown below:

Figure 5: Step 1 of creating a task sequence for ‘sysprepping’ and capturing the reference
build.

From the list of task sequence templates select Sysprep and Capture as shown below:
Figure 6: Step 2 of creating a task sequence for ‘sysprepping’ and capturing the reference
build.

Complete the remaining steps of the wizard. You should now see two task sequences in your
Deployment Workbench:

Figure 7: Two task sequences have been created.

3. Customize the Reference Build using Unattend.xml

You're now ready to begin customizing your reference build. Wait a minute! We haven't
deployed our reference build yet, so how can we possibly customize it? Simple — we can
pre-define various customizations for our reference build by making modifications to the
answer file (unattend.xml) that MDT will use to perform an unattended setup of our reference
build. Wherever possible, you should use this approach to customizing your reference build
since it automates the customization process which in the long run can save you a lot of time
(provided you've documented your answer file modifications).

Begin by right-clicking on the task sequence that will be used to deploy the reference build
(we called this STEP-1) and select Properties to open the properties of the task sequence.
Then select the OS Info tab as shown below:
Figure 8: The OS Info tab of the properties of the task sequence that will be used to deploy
the reference build.

On the above tab, click the Edit Unattend.xml button. This opens Windows System Image
Manager (Windows SIM) which can be used to modify settings in our answer file:

Figure 9: Using Windows SIM to modify the settings in the answer file for the task sequence
that will be used to deploy the reference build.

Tip:
If you're not familiar with how to use Windows SIM, see article 6 in my earlier Deploying
Vista series here on WindowsNetworking.com.

For this walkthrough, we're going to modify our Unattend.xml file so that five customizations
are automatically performed during deployment of our reference build. These five
modifications will be as follows:
 1. Disable the Internet Explorer First Run Wizard.
2. Specify a home page for Internet Explorer.
3. Configure Windows Error Reporting (WER) so that collected data is automatically
uploaded to Microsoft with no user interaction required.
4. Enable the Games built-in feature.
5. Prevent the XPS Viewer application from being installed.

We'll begin by disabling the Internet Explorer First Run Wizard, which when a user logs on
for the first time asks them if they want to enable certain IE 8 features. Using Windows SIM,
expand the Specialize section of the Unattend file and select the Microsoft-Windows-IE-
InternetExplorer component as shown below:

Figure 10: Step 1 of disabling the Internet Explorer First Run Wizard.

In the Properties pane for this component, click the field besides the
DisableFirstRunWizard setting and change the value from False to True:
Figure 11: Step 2 of disabling the Internet Explorer First Run Wizard.

Next we'll specify a home page for Internet Explorer. In the same Properties pane, click the
field besides the Home_Page setting and change it from about:blank to some website (I
chose www.mtit.com which is my own business website):

Figure 12: Specifying a home page for Internet Explorer.

Next, we want to configure WER so that collected data is automatically uploaded to

Microsoft without any user interaction needed. To make this customization we'll need to first
add a component to our answer file. The component we need to add is called Microsoft-
Windows-ErrorReportingCore, and to add it to our answer file we need to expand the
Components node under the catalog in the Windows Image pane of Windows SIM, find the
component we want to add, right-click on it and add it to the Specialize pass as shown here:
Figure 13: Step 1 of configuring Windows Error Reporting behavior.

How do we know which component we need to add to our answer file to do this? By
searching the Unattended Windows Setup Reference Help (.chm) file that is included with the
Windows Automated Installation Kit for Windows 7. You can get the updated .chm file here.

How do we know which configuration pass (i.e. Specialize) we need to add this component
to? In this case, the other configuration passes are grayed out so you don't have any option of
selecting them. But for some components you try to add to your answer file you may have
several passes you can choose from. In general, you want to use only the Specialize or
OobeSystem configuration passes to automate customization of a reference build. For more
information on configuration passes, see article 3 of my earlier Deploying Vista series.

Once we've added the Microsoft-Windows-ErrorReportingCore component to the

Specialize pass of our answer file, it is displayed in the Answer File pane of Windows SIM.
We then change the DefaultConsent setting for this component to the value 4 which
specifies that all data is sent automatically:

Figure 14: Step 2 of configuring Windows Error Reporting behavior.

How do we know that the value 4 specifies that all data is sent automatically? By searching
the Unattended Windows Setup Reference Help (.chm) file for "DefaultConsent".

Next, we want to enable the Games feature, which is a built-in feature of Windows 7 that is
not installed by default on Enterprise Edition (for obvious reasons). To do this, we must first
include a package in our answer file. This package is Microsoft-Windows-Foundation-
Package, which is found in the Windows Image pane under Catalog\Packages\Foundation as
shown below. Right-click on the package and select Add to Answer File:

Figure 15: Step 1 of enabling the Games feature.

How do we know which package we need to add to our answer file to do this? By searching
the Unattended Windows Setup Reference Help (.chm) file for "Games".

Once the package has been added, it is displayed in the Answer File pane of Windows SIM.
We can then change the value of the InboxGames setting from Disabled to Enabled:

Figure 16: Step 2 of enabling the Games feature.

Finally, we want to prevent the XPS Viewer application from being installed (it's installed by
default). Since this is installed as part of the same package as Games, we simply scroll down
in the Properties pane to find the Xps-Foundation-Xps-Viewer setting and change its value
from Enabled to Disabled:

Figure 17: Preventing the XPS Viewer application from being installed

Introduction
In the previous article of this series we began the process of customizing the default user
profile in Windows 7. So far we've completed the following steps:

1. Create a Task Sequence for Deploying your Reference Build

2. Create a Task Sequence for Sysprepping and Capturing your Reference Build
3. Customize the Reference Build using Unattend.xml

Let's now continue the process of customizing the default user profile by performing the
following additional steps:

4. Deploy and Verify the Partially Customized Reference Build

5. Further Customize the Reference Build Manually
6. Sysprep and Capture the Fully Customized Reference Build
7. Verify All Customizations Made to the Default User Profile

Deploy and Verify the Partially Customized Reference

Build
Begin by booting your bare-metal reference computer using the LiteTouchPE_x64.iso boot
image found in the Boot folder of your deployment share on your MDT computer. When the
Windows Deployment Wizard appears, select the task sequence for deploying your partially
customized reference build:

Figure 1: Select the task sequence for deploying your pre-customized reference build

Tip:
If desired you can configure the CustomSettings.ini file in your deployment share to
completely automate the process of deploying your reference build. For information on how
to do this, see Part 7 and Part 8 of my Deploying Windows 7 series here on
WindowsNetworking.com.

Respond to the various prompts of the wizard as needed. On the Specify Whether To Capture
An Image page shown below, be sure to select Do No Capture An Image Of This Compute
as you haven't finished customizing your reference build yet:
Figure 2: Be sure to select Do No Capture An Image Of This Compute

Once you've finished the wizard, MDT will deploy your partially customized reference build
to your reference computer. Upon completion of deployment, you'll be automatically logged
on to the reference computer as Administrator.

Now let's see whether the five customizations we performed using our answer file
(Unattend.xml) actually worked or not. First, we launch Internet Explorer and notice that the
First Run Wizard doesn't appear and the IE home page is the website we specified in our
answer file:

Figure 3: Step 1 of verifying pre-customizations made using Unattend.xml

Next, if we click the Start button we see that the Games feature has been turned on:

Figure 4: The Games feature has been enabled

Next, we open Programs and Features in Control Panel and click Turn Windows Features On
Or Off. This lets us verify that the XPS Viewer feature has not been installed:

Figure 5: The XPS Viewer feature has not been installed

Finally, opening Problem Reporting Settings in Control Panel let us verify that Windows
Error Reporting information will be automatically uploaded to Microsoft:
Figure 6: Windows Error Reporting information will be automatically uploaded to Microsoft

So it looks like the five customizations we automated using Unattend.xml have all been
applied to our reference build as expected.

Further Customize the Reference Build Manually

Now let's manually perform some additional customizations of our reference build. We'll
make the following five manual customizations:

1. Pin a shortcut for Windows Remote Assistance to the Start menu.

2. Pin a shortcut for Remote Desktop Connection to the Taskbar.
3. Change the default view of the Documents library from Details to Content.
4. Change the Control Panel default view from Category to Small Icons.
5. Change the Desktop Background from the default picture to solid light green.

First, click Start, Programs, Maintenance, and right-click on Windows Remote Assistance to
pin a shortcut for this item to the Start menu:
Figure 7: Pin a shortcut for Windows Remote Assistance to the Start menu

Next, click Start, Programs, Accessories, and right-click on Remote Desktop Connection to
pin a shortcut for this item to the taskbar:

Figure 8: Pin a shortcut for Remote Desktop Connection to the Taskbar

Next, open the Documents library and change the default view from Details to Content:
Figure 9: Change the view of the Documents library from Details to Content

Next, open Control Panel and change the default view from Category to Small Icons:

Figure 10: Change the Control Panel default view from Category to Small Icons

Finally, open Desktop Background from Personalization in Control Panel and change the
Desktop Background from the default picture to solid light green:
Figure 11: Choose the Desktop Background

We're now finished with our additional customizations of our reference build.

Sysprep and Capture the Fully Customized Reference

Build
Now let's sysprep our reference build and capture an image of it. We'll use MDT to perform
these two actions. While logged on to the reference computer as Administrator, click Start,
right-click on Computer, and select Map Network Drive. Then map a network drive to the
deployment share on your MDT computer:

Figure 12: Map a network drive to the deployment share on the MDT computer

Once the mapped drive opens in Windows Explorer, double-click on the Scripts folder to
display its contents. You'll see two files named LiteTouch, the first a VBScript (.vbs) file and
the second a Windows Script (.wsh) file:
Figure 13: Contents of the Scripts folder in the deployment share

Double-click on the second LiteTouch file (the Windows Script or .wsh file) to launch the
Windows Deployment Wizard from your reference computer. When the wizard appears,
select the Sysprep and Capture task sequence:

Figure 14: Select the Sysprep and Capture task sequence

Walk through the steps of the wizard until you reach the Specify Whether To Capture An
Image page, and on that page be sure to select the Capture An Image Of This Reference
Computer option. Verify that the Location field is the Captures folder in the deployment
share on your MDT computer, and specify a file name for the image you'll be capturing of
your reference computer (we choose STEP-2.wim for this filename):
Figure 15: Select the Capture An Image Of This Reference Computer option

Once you've completed the wizard, Sysprep will run on your customized reference build to
remove any machine-specific information:

Figure 16: Sysprep running on the reference build.

When Sysprep is finished, the LiteTouch wizard will capture a .wim image of the sysprepped
reference build and upload it to the Captures folder in the deployment share of your MDT
computer. This may take awhile to complete:

Figure 17: Capturing an image of the sysprepped reference build

Once the process is finished, the reference computer will reboot. If you now go to your MDT
computer and look in the Captures folder in your deployment share using Windows Explorer,
you'll see the captured reference build:
Figure 18: The captured reference build has been uploaded to the Captures folder in the
deployment share on the MDT computer.