good question for a good XP guru!

[djc]

xp pro sp2:

Setting up a reference machine for creating a ghost image to deploy to
several machines. Per microsoft guidelines I setup a local user account
(called sysprep) and made it a member of the local administrators group. I
installed all applications while logged in as sysprep. Then I log in as THE
local administrator and copy sysprep's user profile to the Default Users's
Profile. Then I run the sysprep.exe utility to seal the machine and image.

Thats the general order of events. Now, I don't recall the exact wording but
there is an option to 'make private' or something to that effect for local
user accounts in xp. After doing that the directory structure for that user
under the 'documents and settings' directory only includes that user's
account in it's ACL(s). That part I know, because I looked at the permission
changes for the folders... but what I don't know, and did not think about
until afterwards, is this: DOES CHOOSING TO 'MAKE PRIVATE' ALSO CHANGE
PERMISSIONS IN THE REGISTRY? (wish I remembered the actual wording here..
but I'm sure any xp guru will know what I'm talking about)

before copying the sysprep user profile to the Default User Profile I had
chosen this 'make private' option. So when I went to try to copy the sysprep
user profile over the Default User Profile it of course failed because the
Administrator account did not have permissions on sysprep's Documents and
Settings folders. I realized this and added the Administrator's account back
into the ACL for sysprep's Documents and Settings folder.. and then copied
the profile over with no problem. I then went on to finish up by sysprepping
and imaging.

Now, on a newly imaged machine I have a strange error when logged on as a
new user and trying to change Power Scheme to 'Always On': "Not all
privileges referenced are assigned to the caller". The user is a member of
the Power Users' group, which I thought would have sufficient privileges to
do this. The error does not occur when done as THE local administrator.

so, I'm thinking the answer to my question above is YES, and if so I didn't
really copy the whole user profile over did I? All the registry keys that
should be copied as well did not get copied? and things are going to be
screwy? Could someone please let me know if I'm right here and maybe let me
know what other issues I can expect? Will they be serious enough to start
all over and create a new image? Or am I completely wrong? that would be
nice.

any info is appreciated. Thanks!

 

[Darrell Gorter[MSFT]]

Hello djc,
That process is fraught with errors.
When you overwrite the default user profile with another profiles such as
the "sysprep" profile that you generated, the profile contains a number of
links and pointers back the "sysprep" profile locations. So if the new
users do not have permissions to that "sysprep" profile they will get
errors.
It is possible that the ACLs on some of the registry keys may be specific
also the "sysprep" profile.
Power settings for the most part do require administrator rights, not all
of them but most of them require you to be an administrator.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

 

[djc]

Thanks for the reply Darrell. The method was, at least at one time,
recommended by Microsoft. I certianly don't doubt what your saying it true
though. Do you have any links to updated information on this?

thanks again.

Hello djc,
That process is fraught with errors.
When you overwrite the default user profile with another profiles such as
the "sysprep" profile that you generated, the profile contains a number of
links and pointers back the "sysprep" profile locations. So if the new
users do not have permissions to that "sysprep" profile they will get
errors.
It is possible that the ACLs on some of the registry keys may be specific
also the "sysprep" profile.
Power settings for the most part do require administrator rights, not all
of them but most of them require you to be an administrator.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

From: "djc" <[email protected]>
Subject: good question for a good XP guru!
Date: Mon, 4 Oct 2004 15:57:08 -0400
Lines: 46
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.setup_deployment:124883
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

xp pro sp2:

Setting up a reference machine for creating a ghost image to deploy to
several machines. Per microsoft guidelines I setup a local user account
(called sysprep) and made it a member of the local administrators group. I
installed all applications while logged in as sysprep. Then I log in as THE
local administrator and copy sysprep's user profile to the Default Users's
Profile. Then I run the sysprep.exe utility to seal the machine and image.

Thats the general order of events. Now, I don't recall the exact wording but
there is an option to 'make private' or something to that effect for local
user accounts in xp. After doing that the directory structure for that user
under the 'documents and settings' directory only includes that user's
account in it's ACL(s). That part I know, because I looked at the permission
changes for the folders... but what I don't know, and did not think about
until afterwards, is this: DOES CHOOSING TO 'MAKE PRIVATE' ALSO CHANGE
PERMISSIONS IN THE REGISTRY? (wish I remembered the actual wording here..
but I'm sure any xp guru will know what I'm talking about)

before copying the sysprep user profile to the Default User Profile I had
chosen this 'make private' option. So when I went to try to copy the sysprep
user profile over the Default User Profile it of course failed because the
Administrator account did not have permissions on sysprep's Documents and
Settings folders. I realized this and added the Administrator's account back
into the ACL for sysprep's Documents and Settings folder.. and then copied
the profile over with no problem. I then went on to finish up by sysprepping
and imaging.

Now, on a newly imaged machine I have a strange error when logged on as a
new user and trying to change Power Scheme to 'Always On': "Not all
privileges referenced are assigned to the caller". The user is a member of
the Power Users' group, which I thought would have sufficient privileges to
do this. The error does not occur when done as THE local administrator.

so, I'm thinking the answer to my question above is YES, and if so I didn't
really copy the whole user profile over did I? All the registry keys that
should be copied as well did not get copied? and things are going to be
screwy? Could someone please let me know if I'm right here and maybe let me
know what other issues I can expect? Will they be serious enough to start
all over and create a new image? Or am I completely wrong? that would be
nice.

any info is appreciated. Thanks!

 

[Darrell Gorter[MSFT]]

Hello,
I know there is a lot of the existing documention out there explains the
process such as you are doing today. This process has always had issues,
but with each release of the OS the problems have grown in scope. This was
never supposed to have worked,
So with Windows XPSP2 installed, what happens is that the default
administrator profile is copied over the default user profile.
We are still working on documenting that, but we are trying to collect some
information as well as making this an optional choice.
Until then we probably will not have any additional information.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

From: "djc" <[email protected]>
References: <#[email protected]>

Subject: Re: good question for a good XP guru!
Date: Wed, 6 Oct 2004 09:10:21 -0400
Lines: 107
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10
.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.setup_deployment:125067
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

Thanks for the reply Darrell. The method was, at least at one time,
recommended by Microsoft. I certianly don't doubt what your saying it true
though. Do you have any links to updated information on this?

thanks again.

Hello djc,
That process is fraught with errors.
When you overwrite the default user profile with another profiles such as
the "sysprep" profile that you generated, the profile contains a number of
links and pointers back the "sysprep" profile locations. So if the new
users do not have permissions to that "sysprep" profile they will get
errors.
It is possible that the ACLs on some of the registry keys may be specific
also the "sysprep" profile.
Power settings for the most part do require administrator rights, not all
of them but most of them require you to be an administrator.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

From: "djc" <[email protected]>
Subject: good question for a good XP guru!
Date: Mon, 4 Oct 2004 15:57:08 -0400
Lines: 46
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.setup_deployment:124883
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

xp pro sp2:

Setting up a reference machine for creating a ghost image to deploy to
several machines. Per microsoft guidelines I setup a local user account
(called sysprep) and made it a member of the local administrators group. I
installed all applications while logged in as sysprep. Then I log in as THE
local administrator and copy sysprep's user profile to the Default Users's
Profile. Then I run the sysprep.exe utility to seal the machine and image.

Thats the general order of events. Now, I don't recall the exact wording but
there is an option to 'make private' or something to that effect for local
user accounts in xp. After doing that the directory structure for that user
under the 'documents and settings' directory only includes that user's
account in it's ACL(s). That part I know, because I looked at the permission
changes for the folders... but what I don't know, and did not think about
until afterwards, is this: DOES CHOOSING TO 'MAKE PRIVATE' ALSO CHANGE
PERMISSIONS IN THE REGISTRY? (wish I remembered the actual wording here..
but I'm sure any xp guru will know what I'm talking about)

before copying the sysprep user profile to the Default User Profile I had
chosen this 'make private' option. So when I went to try to copy the sysprep
user profile over the Default User Profile it of course failed because the
Administrator account did not have permissions on sysprep's Documents and
Settings folders. I realized this and added the Administrator's account back
into the ACL for sysprep's Documents and Settings folder.. and then copied
the profile over with no problem. I then went on to finish up by sysprepping
and imaging.

Now, on a newly imaged machine I have a strange error when logged on as a
new user and trying to change Power Scheme to 'Always On': "Not all
privileges referenced are assigned to the caller". The user is a member of
the Power Users' group, which I thought would have sufficient privileges to
do this. The error does not occur when done as THE local administrator.

so, I'm thinking the answer to my question above is YES, and if so I didn't
really copy the whole user profile over did I? All the registry keys that
should be copied as well did not get copied? and things are going to be
screwy? Could someone please let me know if I'm right here and maybe let me
know what other issues I can expect? Will they be serious enough to start
all over and create a new image? Or am I completely wrong? that would be
nice.

any info is appreciated. Thanks!

 

[djc]

thanks again Darrell.
"So with Windows XPSP2 installed, what happens is that the default
administrator profile is copied over the default user profile"

could you please elaborate on that point a little. Are you saying that even
know I copied the 'sysprep' (from original post) account over the Default
User Profile that the Administrator account, or part of the administrator
account, was actually copied? If that was true it could save my sanity..
because I did notice that the desktop wallpaper of new users was the same as
the Administrator account, and not the sysprep one.

Thanks Again!
djc

Hello,
I know there is a lot of the existing documention out there explains the
process such as you are doing today. This process has always had issues,
but with each release of the OS the problems have grown in scope. This was
never supposed to have worked,
So with Windows XPSP2 installed, what happens is that the default
administrator profile is copied over the default user profile.
We are still working on documenting that, but we are trying to collect some
information as well as making this an optional choice.
Until then we probably will not have any additional information.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

From: "djc" <[email protected]>
References: <#[email protected]>

Subject: Re: good question for a good XP guru!
Date: Wed, 6 Oct 2004 09:10:21 -0400
Lines: 107
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path:

cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10

phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.setup_deployment:125067
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

Thanks for the reply Darrell. The method was, at least at one time,
recommended by Microsoft. I certianly don't doubt what your saying it true
though. Do you have any links to updated information on this?

thanks again.

Hello djc,
That process is fraught with errors.
When you overwrite the default user profile with another profiles such as
the "sysprep" profile that you generated, the profile contains a number of
links and pointers back the "sysprep" profile locations. So if the new
users do not have permissions to that "sysprep" profile they will get
errors.
It is possible that the ACLs on some of the registry keys may be specific
also the "sysprep" profile.
Power settings for the most part do require administrator rights, not all
of them but most of them require you to be an administrator.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
From: "djc" <[email protected]>
Subject: good question for a good XP guru!
Date: Mon, 4 Oct 2004 15:57:08 -0400
Lines: 46
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.setup_deployment:124883
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

xp pro sp2:

Setting up a reference machine for creating a ghost image to deploy to
several machines. Per microsoft guidelines I setup a local user account
(called sysprep) and made it a member of the local administrators

group.
I

installed all applications while logged in as sysprep. Then I log in

as
THE

local administrator and copy sysprep's user profile to the Default Users's
Profile. Then I run the sysprep.exe utility to seal the machine and image.

Thats the general order of events. Now, I don't recall the exact wording
but
there is an option to 'make private' or something to that effect for local
user accounts in xp. After doing that the directory structure for that user
under the 'documents and settings' directory only includes that user's
account in it's ACL(s). That part I know, because I looked at the
permission
changes for the folders... but what I don't know, and did not think about
until afterwards, is this: DOES CHOOSING TO 'MAKE PRIVATE' ALSO CHANGE
PERMISSIONS IN THE REGISTRY? (wish I remembered the actual wording here..
but I'm sure any xp guru will know what I'm talking about)

before copying the sysprep user profile to the Default User Profile I had
chosen this 'make private' option. So when I went to try to copy the
sysprep
user profile over the Default User Profile it of course failed because the
Administrator account did not have permissions on sysprep's Documents and
Settings folders. I realized this and added the Administrator's account
back
into the ACL for sysprep's Documents and Settings folder.. and then copied
the profile over with no problem. I then went on to finish up by
sysprepping
and imaging.

Now, on a newly imaged machine I have a strange error when logged on

as

a member
of privileges
to let
me

 

[djc]

Nevermind Darrell. You answered me in the other post "General steps to
prepare a machine for imaging"

Thanks!
djc

thanks again Darrell.
"So with Windows XPSP2 installed, what happens is that the default
administrator profile is copied over the default user profile"

could you please elaborate on that point a little. Are you saying that even
know I copied the 'sysprep' (from original post) account over the Default
User Profile that the Administrator account, or part of the administrator
account, was actually copied? If that was true it could save my sanity..
because I did notice that the desktop wallpaper of new users was the same as
the Administrator account, and not the sysprep one.

Thanks Again!
djc

Hello,
I know there is a lot of the existing documention out there explains the
process such as you are doing today. This process has always had issues,
but with each release of the OS the problems have grown in scope. This was
never supposed to have worked,
So with Windows XPSP2 installed, what happens is that the default
administrator profile is copied over the default user profile.
We are still working on documenting that, but we are trying to collect some
information as well as making this an optional choice.
Until then we probably will not have any additional information.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------

From: "djc" <[email protected]>
References: <#[email protected]>

Subject: Re: good question for a good XP guru!
Date: Wed, 6 Oct 2004 09:10:21 -0400
Lines: 107
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path:

cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10 such

as

the "sysprep" profile that you generated, the profile contains a

number
of

links and pointers back the "sysprep" profile locations. So if the new
users do not have permissions to that "sysprep" profile they will get
errors.
It is possible that the ACLs on some of the registry keys may be specific
also the "sysprep" profile.
Power settings for the most part do require administrator rights, not all
of them but most of them require you to be an administrator.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
From: "djc" <[email protected]>
Subject: good question for a good XP guru!
Date: Mon, 4 Oct 2004 15:57:08 -0400
Lines: 46
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.windowsxp.setup_deployment
NNTP-Posting-Host: mail.hesstech.com 209.178.219.91
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.setup_deployment:124883
X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment

xp pro sp2:

Setting up a reference machine for creating a ghost image to deploy to
several machines. Per microsoft guidelines I setup a local user account
(called sysprep) and made it a member of the local administrators group.
I
installed all applications while logged in as sysprep. Then I log in as
THE
local administrator and copy sysprep's user profile to the Default
Users's
Profile. Then I run the sysprep.exe utility to seal the machine and
image.

Thats the general order of events. Now, I don't recall the exact wording
but
there is an option to 'make private' or something to that effect for
local
user accounts in xp. After doing that the directory structure for that
user
under the 'documents and settings' directory only includes that user's
account in it's ACL(s). That part I know, because I looked at the
permission
changes for the folders... but what I don't know, and did not think about
until afterwards, is this: DOES CHOOSING TO 'MAKE PRIVATE' ALSO CHANGE
PERMISSIONS IN THE REGISTRY? (wish I remembered the actual wording here..
but I'm sure any xp guru will know what I'm talking about)

before copying the sysprep user profile to the Default User Profile

I
had

chosen this 'make private' option. So when I went to try to copy the
sysprep
user profile over the Default User Profile it of course failed because
the
Administrator account did not have permissions on sysprep's

Documents
and

Settings folders. I realized this and added the Administrator's account
back
into the ACL for sysprep's Documents and Settings folder.. and then
copied
the profile over with no problem. I then went on to finish up by
sysprepping
and imaging.

Now, on a newly imaged machine I have a strange error when logged on

as

a
new user and trying to change Power Scheme to 'Always On': "Not all
privileges referenced are assigned to the caller". The user is a member
of
the Power Users' group, which I thought would have sufficient privileges
to
do this. The error does not occur when done as THE local administrator.

so, I'm thinking the answer to my question above is YES, and if so I
didn't
really copy the whole user profile over did I? All the registry keys that
should be copied as well did not get copied? and things are going to be
screwy? Could someone please let me know if I'm right here and maybe let
me
know what other issues I can expect? Will they be serious enough to start
all over and create a new image? Or am I completely wrong? that

would

be