This article is in response to Brian Jackson's blog posting: Sysprep a Windows 7 Machine – Start to Finish
I've spent some time trying to get a customized default profile set up in Windows and I've failed several times before finally getting it to work.
First, a lot people/blogs suggest to create a new user account, customize it and do either one of the following
a) log in with the admin account and manually copy the customized user profile over the default user profile in C:\users\
b) Download a free 3rd party tool called Windows Enabler, which will allow you to use the greyed out "Copy to" button in User Profiles (in System Properties).
Both of these things do the same exact thing as far as I can tell and both lead to a big problem. For new accounts that you create, you will find that all the words in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" will have user data based on the original user account you customized the default profile with.
So for example, suppose you started with a clean Windows 7 install, created the user 'John' and customized that profile. Then you followed either a) or b) to overwrite the default profile. Now when you create a new user account, say 'Mary', under her account in the registry path pasted above, the DWORD "AppData" will point to C:\Users\John\AppData\Roaming instead of the correct C:\Users\Mary\AppData\Roaming. You could, of course, write a script to replace 'John' with 'whatever' but i've found many other places under HKEY_CURRENT_USER\* where old profile data/paths to 'John' would appear.
This is why I tried to get sysprep with the copyprofile = true setting to work. First, it appears that you can't create a user account, customize it, and then run sysprep from that account with the copyprofile=true setting, as after sysprep reboots your machine, it will fail when it attempts to process your answerfile (when it reaches the copyprofile step). It will actually give you an error message, tell you to reboot the machine, and when you do so the error message reappears, leaving you in an endless cycle of rebooting.
The correct way to get sysprep to work with copyprofile=true is after you first install win7, when you arrive at the welcome screen and it asks you to create a username, hit ctrl+shift+f3. This will reboot your machine and put your windows build in 'audit' mode. On reboot, you'll automatically be logged in under the built-in Administrator account*. A sysprep GUI box will appear, but you can close it and NOW begin to customize your profile. Install any software/drivers, make any profile customizations, etc. If you need to reboot, the computer will boot you back into the Administrator account. You will be stuck in this audit mode until you run sysprep with the /oobe parameter. After doing so, sysprep will delete/clean up the Administrator account, but if you have copyprofile=true in your unattended answerfile, it will copy the customized Admin account to the default profile before deleting it. On reboot, Windows will run out of the box, as the /oobe is intended. Create a new user account in the Welcome screen, and when you log in, you should see all your customizations there. The registry information will also have all the correct paths based on the new user account and not of the original.
I also have a copy of Acronis True Image and made a bootable rescue CD, which allows me to boot into Acronis TI and make a backup of my sysprepped partition (to a network drive) instead of having to use WINPE. A lot of people are also making images of their drive with a Norton Ghost bootable CD. Both of these programs significantly simplify the process of backing up and restoring your images and are far more user friendly compared to WINPE and Imagex.
*If you're like me and like working through remote desktop to set up the machine, you can do the following so you can log into the machine via remote desktop while it's in audit mode.
1) Start-Control Panel-Admin Tools - Computer Mgmt, under Local Users and Groups-Users, double click on Administrator and uncheck "Account is disabled."
2) Start-Control Panel-Admin Tools - Local Security Policies - Local Policies - Security options, disable "Accounts: Limit local account use of blank passwords to console logon."
3) Enable Remote Desktop under Control Panel - System - Remote settings.
Before you sysprep the machine, undo the changes you made in steps 1 and 2, and disable remote desktop if you don't want it enabled on your machines. You can possibly avoid step 2 by setting a password for the built-in Administrator account, but since the system boots you into the Admin account automatically in audit mode, I have no idea what problems, if any, may arise if a password is set. To avoid additional headaches, I just did as outlined in step 2.