Useful Script Number 5 - Adjusting the Default User Registry Hive
Michael Murgolo did a great post on the different ways to adjust default settings when building an image (Configuring default settings for Windows image deployment) and one of the options presented was to targeted changes to the Default User Registry hive and profile folders. I had to do this recently and put together a script that can be launched from the MDT task sequence because I was finding my customised Administrator profile wasn't being copied over correctly to the Default User profile as part of SysPrep.
As Michael mentioned in his post - there are three main processes...you first need to load the default user hive (NTUser.dat) - make the changes you require - then unload the user hive. I have reproduced the core part of my script that does this process for discussion.
The first section sets the two variables that will be used - one to store the temp key (sTempHive) that we will load to, and the second to hold the profile file and location that we want to load (sDefaultUserHive)
For Windows Vista the entry """%USERPROFILE%\..\Default\NTUSER.DAT""" refers to C:\Users\Default\ntuser.dat
sTempHive = """HKEY_USERS\Test"""
sDefaultUserHive = """%USERPROFILE%\..\Default\NTUSER.DAT"""
sSName = oUtility.ScriptName
set oshell = WScript.CreateObject ("Wscript.Shell")
iZTIRetValue="1"
We then need to start logging - it's the law :-)
oLogging.CreateEntry sSName & ": Actions Start - Updating Default Profile",LogTypeInfo
oLogging.CreateEntry sSName & ": Loading the Default User hive",LogTypeInfo
The next section runs reg load to load the NTUser.dat file from the default user directory to the temp key (HKEY_USERS\Test) set in the first section - if there is an error the script fails and quits with a specific failure number or we log success.
oShell.run "reg load " & sTempHive & " " & sDefaultUserHive
If Err<>0 Then
oLogging.CreateEntry sSName & ": Failed to load the registry hive " & sDefaultUserHive,LogTypeError
ZTIProcess=70
Exit Function
End If
oLogging.CreateEntry sSName & ": Default User Hive Loaded to " & sTempHive,LogTypeInfo
oLogging.CreateEntry sSName & ": Starting Registry Changes... ",LogTypeInfo
Now that the hive is loaded we can start changing stuff...as an example - I have set the code to change the wallpaper and the screen saver for the default user - again with error checking and specific failure codes
This codes sets the wallpaper (the file needs to be where you set the key to :-)
oLogging.CreateEntry sSName & ": Setting Default User Wallpaper",LogTypeInfo
RegPath = "HKEY_USERS\Test\Control Panel\Desktop\"
oshell.RegWrite Regpath & "WallPaper", "C:\Windows\Web\Wallpaper\CorporateWallpaper.bmp", "REG_SZ"
If Err<>0 Then
oLogging.CreateEntry sSName & ": Failed to update wallpaper file setting",LogTypeError
ZTIProcess=60
Exit Function
End If
...and this codes sets the screen saver (again - the file needs to be where you set the key to :-)
oLogging.CreateEntry sSName & ": Setting Default User Screensaver",LogTypeInfo
RegPath = "HKEY_USERS\Test\Control Panel\Desktop\"
oshell.RegWrite Regpath & "SCRNSAVE.EXE", "C:\Windows\CorporateScreensaver.scr", "REG_SZ"
If Err<>0 Then
oLogging.CreateEntry sSName & ": Failed to update Screensaver settings",LogTypeError
ZTIProcess=50
Exit Function
End If
Once all of the changes have been made - its time to unload the hive from its temp key - again with logging and error checking
oLogging.CreateEntry sSName & ": Unloading the Default User hive",LogTypeInfo
oShell.run "reg unload " & sTempHive
If Err<>0 Then
oLogging.CreateEntry sSName & ": Failed to unload the default user registry hive",LogTypeError
ZTIProcess=40
Exit Function
End If
oLogging.CreateEntry sSName & ": Actions completed",LogTypeInfo
The completed script can be added to your MDT task sequence towards the end - so that it runs before the machine SysPreps and reboots for capture.
The complete script - in MDT format (to include logging and access to classes from ZTIUtility.wsf) with a number of other changes included is available on the Deployment Guys SkyDrive:
This post was contributed by Richard Smith a Senior Consultant with Microsoft Services, UK.
Comments
Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
That's correct - as Michael mentioned in his post - This technique has the advantage that all changes to Default User are known and predictable. However, this technique also requires that all changes be reduced to “scriptable” items i.e. Registry or file system changes - no manual configuration can be applied.Anonymous
January 01, 2003
I left a post in the related technet forum. I have to deal with an old style "workgroup" network, no AD tools for deployment but looking for a way to automate creation of the office VPN (currently only Windows 7). It would be nice if it were scripted to ask the username and password to use for creating the VPN but other things such as the VPN name, IPV4/IPV6 settings and other specific modifications could be written inside it. As a final touch, it needs to create a shortcut on the user's desktop. For the Grand Finale, it needs test the connection and if sucessful, map 3 network drives to the VPN connection. THAT would make "My Life" a lot more "automagic" :) ThanksAnonymous
June 06, 2008
The comment has been removedAnonymous
June 06, 2008
Cool. Well, if you used this in combination with sysprep, it would seem to give you everything you need. Wouldnt it?Anonymous
June 10, 2008
This is an interesting approach, I've never been a fan of copying a modified profile over default as it's often reulted in unpredictable results for me... I also think that any manual modification to the image config is broadly bad practice, so tend to avoid that approach... At the moment I don't use the registry hive modification detailed above, but tend to create a BuildSettings.msi which I install as an ActiveSetup entry. This has the advantage of (obviously) running once for every user that logs on and has the ability to modify registry values and where necessary add files, if you're familiar with MSI (or any other scripting language for that matter, SMSInstaller..!) this may be an approach worth looking into. The BuildSettings.msi I'm using at the customer I'm with today sets the following (it's an XP ZTI job...): Turns ClearType ON, Changes TEMP environment variables, mutes sound, turns on NumLock, create TNS Names ENV Variable and folder. JQAnonymous
June 12, 2008
The comment has been removedAnonymous
September 22, 2009
What about a way to adjust default settings when you're not preparing an image? The use for this in in Home environments etc when multiple users use the same PC. I have a way to do this in XP, but not yet for Vista or Win7. For XP, I create a Limited User account and customize all the desktop, TaskBar, Start Menu, video, screen saver, windows explorer settings etc. I use registry files (or do it manually) to configure all the IE settings (Zones, Tabs, Advanced Settings, Toolbars, Ad-Ons, Search Providers, etc). Then load this template user hive to import power settings (created with an Admin account and modified to match the name used when loading the hive for the template user) etc. that the Limited User can't make. I either disable or clear the recent programs/documents lists. Then copy this modified profile over the Default (as in Q319974 03/02/2005 Rev2). To fix the Desktop.ini/My Docs folder customization/naming issues, I ad a shortcut in Startup to a batch file that runs rundll32 mydocs,dll,PerUserInit, and then deletes the shortcut so it runs only at 1st logon (easier to manage than runonce registry key). This method addresses the mentioned problems (2a, 2c (Start Menu setting), 2d) for manually replacing the defalt profile mentioned in http://blogs.technet.com/deploymentguys/archive/2008/02/18/configuring-default-user-and-computer-settings-for-windows-image-deployment.aspx. For this use, 2b doesn't matter. I'm not sure if 2e and 2f are issues, but if the apps aren't opened with the template user profile they may not occur. I have not seen the 2e and 2f issues yet. It works well in XP with no issues that I've noticed. Any suggestions for Vista or Win7?Anonymous
January 17, 2010
The comment has been removedAnonymous
October 27, 2014
I need to edit a registry key with this that uses the format of REG_BINARY and your script is not working at all with it, can you please post an example of how that would work with that registry type? Thanks.