Modifying Windows default user profile settings

We have a huge problem at work. Well, rather a small problem that comes up so often that it’s like death by a thousand paper cuts.

All the common computers in all the meeting rooms and conference rooms throughout the building have the problem that whenever a person logs in (authenticated by the server of course) the default Windows user profile and its umpteen variations annoying prompts, ie. Do you want to take a tour of Windows? Please register this copy of Office. Do you want IE as default? Please accept the terms of use for WMP. Please enter your initials for Word. UUURRGGGHHH! We just need to have our meetings quickly and not have to constantly be slowed down by all of this. So, is there anything that our IT department can do to permanently fix this? Through group policy? Entries in the registries? I know what you might think: well you only have to go through this once, then Windows remembers your choices. Wrong! After years these computers still pop up these things every time.

Sure there is. Group Policy will help, but you could also use Roaming Profiles.

Well there’s the problem right? Something your IT staff did deletes profiles that have been logged-in. Maybe they set that up on purpose to prevent people from storing files on conference room computers? I don’t know; but what you’re seeing it not the default Windows behavior.

If you’re on a standard Active Directory environment, what I’d do is create a “conference room” user account, log into it to take care of all the minor annoyances you just mentioned, turn on roaming for it, and post its username/password all over the conference rooms.

But what about things like mapped drives? Every team has their own configuration of hooks to the server that need accessing during the course of a meeting. How can we keep these thing separate? Is there a way for the conference room computer to load an employee’s profile from their own pc?

As Quartz said, you could use Roaming Profiles. That way each user’s profile is kept synchronized with a copy on the network. But those have their own headaches.

Another, newer approach is to use Group Policy Preferences to configure the settings you’re talking about. They add a lot of features and flexibility which complement the traditional Group Policy from Server 2000/2003, and are simpler to deal with than startup/logon scripts. For items which do not have specific settings defined in Preferences, there is a Registry node which can be used to modify keys and values directly, either persistently or with an “apply once and do not re-apply” option.

I’ve used them with quite a bit of success on the OUs I administer. I could do a lot of the same things with VBScript, but this way it’s a lot easier for another admin to come in and understand what is happening without having to sift through a bunch of code.

With Windows XP you could login with “Joe User”, set things up, then copy that profile to Default. Not so simple with Windows 7. As usual, if something works well, MicroSoft had to change it.

the danger with roaming profiles is the guys who put giant folders on their desktop.

Mapped drives SHOULD be from the login script; that would mean wherever you login, you get the drives.

After reading the wiki on Roaming Profiles it seems like a no-go, since we stay logged in to multiple computers continuously, so the multiple copy desynching of files and docs seems really scary. And a security breach, it probably violates umpteen ITAR laws.

Does the group policy control the annoying bells and whistles? Does anybody have documentation how to turn off specifically the items I described above? Our IT guys aren’t “all there” if you know what I mean, so I have to provide detailed instructions of what to do. Thanks.

It can be done. Roaming profiles with folder redirection and group policy loopback would be the best practice. Default user profiles are set by capturing the image of a configured workstation with sysprep (itself configured with the Windows System Image Manager) and deploying that image to the machines. That wouldn’t be necessary with roaming profiles.

You’re not going to get detailed instructions from a post here, it’s too complex. It is something that an IT administrator should be able to do as a normal job duty.

Here is the Microsoft procedure (uses sysprep):

The 3rd post in on this website claims to be able to do it without using sysprep: