Should I be fiddling with ntuser file???

  • Thread starter Thread starter Yobbo
  • Start date Start date
Y

Yobbo

Guest
Hi All

Just want to check if the following procedure is OK to do:

1) On a local XP Pro SP2 machine I create a 'User' user account so that I
have 1 x admin user account and 1 x 'user' user account.

2) I log into the 'User' account and config Desktop, Start Menu, etc to the
way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My
Docs icon on Desktop, etc.

3) I log out of the 'User' account and log in as the admin.

4) I copy the NTUSER file from my 'User' account to the default user account
and also delete unnecessary shortcuts (eg Outlook Express) from the default
user account.

I now have a user profile 'look' that will 'kick in' for each user that logs
onto this machine after I've added it to my Win2003 AD/Domain.

I know I could probably get most of the things working this way through GPO,
but I could never figure out how to get the Auto-Arrange feature and the
'show my own desktop wallpaper, but don't show active desktop options in the
folder views' method.

Is the above procedure detrimental in anyway to my WinXP installation or
Win2003 AD setup?

Thanks
 
RE: Should I be fiddling with ntuser file???

I have done the same thing at several sites, for visitor workstations as an
example and it has worked fine. One thing I also like to do is add the
network printers that are needed while “user” is logged on. This way like
you said, everyone else who logs on will get the settings you. Just also
watch out for shortcuts or icons in the “All Users” desktop or programs
folder. You also might have to reboot before the ntuser.dat file is unlocked
and you can copy it.

If you are trying to make a base image, I would uninstall outlook express
and anything else you did not want.

--
Craig
MBA-MIS, MCP, MCSA, MCSE, CCA


"Yobbo" wrote:

> Hi All
>
> Just want to check if the following procedure is OK to do:
>
> 1) On a local XP Pro SP2 machine I create a 'User' user account so that I
> have 1 x admin user account and 1 x 'user' user account.
>
> 2) I log into the 'User' account and config Desktop, Start Menu, etc to the
> way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My
> Docs icon on Desktop, etc.
>
> 3) I log out of the 'User' account and log in as the admin.
>
> 4) I copy the NTUSER file from my 'User' account to the default user account
> and also delete unnecessary shortcuts (eg Outlook Express) from the default
> user account.
>
> I now have a user profile 'look' that will 'kick in' for each user that logs
> onto this machine after I've added it to my Win2003 AD/Domain.
>
> I know I could probably get most of the things working this way through GPO,
> but I could never figure out how to get the Auto-Arrange feature and the
> 'show my own desktop wallpaper, but don't show active desktop options in the
> folder views' method.
>
> Is the above procedure detrimental in anyway to my WinXP installation or
> Win2003 AD setup?
>
> Thanks
>
>
>
 
Re: Should I be fiddling with ntuser file???

Yobbo <info@NoSpamIt.com> wrote:
> Hi All
>
> Just want to check if the following procedure is OK to do:
>
> 1) On a local XP Pro SP2 machine I create a 'User' user account so
> that I have 1 x admin user account and 1 x 'user' user account.
>
> 2) I log into the 'User' account and config Desktop, Start Menu, etc
> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15
> screen saver, My Docs icon on Desktop, etc.
>
> 3) I log out of the 'User' account and log in as the admin.
>
> 4) I copy the NTUSER file from my 'User' account to the default user
> account and also delete unnecessary shortcuts (eg Outlook Express)
> from the default user account.
>
> I now have a user profile 'look' that will 'kick in' for each user
> that logs onto this machine after I've added it to my Win2003
> AD/Domain.
>
> I know I could probably get most of the things working this way
> through GPO, but I could never figure out how to get the Auto-Arrange
> feature and the 'show my own desktop wallpaper, but don't show active
> desktop options in the folder views' method.
>
> Is the above procedure detrimental in anyway to my WinXP installation
> or Win2003 AD setup?
>
> Thanks

I do pretty much what you do - but I make it the default for any new domain
user I create.

I do this to tweak everything I cannot (easily) control via group policy.
This includes power settings, Windows Explorer display settings, etc. Don't
add a mail profile, or anything that will be unique to any domain user -
keep it nice and generic.

Once you're done with this 'template' profile, log out - then log in as a
domain admin (or any account that has permissions to write to
\\DCname\netlogon).

In control panel | system, copy the 'template' user profile you created to
\\DCname\netlogon\Default User (with the proper capitalization & the
space). Set "Allowed to use" to "Everyone".

Then your new *domain* users will have these settings.

That said - a lot of what you are currently configuring in your user profile
can be done/controlled by Group Policy - including Windows Classic & Classic
Start Menu, screensaver settings, and most importantly, folder redirection
of My Documents (and perhaps also Desktop & Application Data). Do whatever
you can via group policy - it is easier to administer and customize.
 
Re: Should I be fiddling with ntuser file???

The one thing that surprises me about this working is that when you create a
user's ntuser.dat (essentially the HKCU hive file), it contains registry
permissions such that only that particular user SID (and local
Administrators and localSystem) can write to the keys within that hive. So
simply copying ntuser.dat to the Default User profile should not work unless
every user that logs into that machine is a member of the local
Administrators group. This is why you normally have to use the Control
Panel, System user profile applet or a tool like moveuser.exe to copy a
profile. Because all of these tools re-permission the reg hive on copy. So,
I would not recommend this simple file copy approach unless you don't mind
requiring all of your users to be local admin (or something else is going on
that I don't know about).

Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related



"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl...
> Yobbo <info@NoSpamIt.com> wrote:
>> Hi All
>>
>> Just want to check if the following procedure is OK to do:
>>
>> 1) On a local XP Pro SP2 machine I create a 'User' user account so
>> that I have 1 x admin user account and 1 x 'user' user account.
>>
>> 2) I log into the 'User' account and config Desktop, Start Menu, etc
>> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15
>> screen saver, My Docs icon on Desktop, etc.
>>
>> 3) I log out of the 'User' account and log in as the admin.
>>
>> 4) I copy the NTUSER file from my 'User' account to the default user
>> account and also delete unnecessary shortcuts (eg Outlook Express)
>> from the default user account.
>>
>> I now have a user profile 'look' that will 'kick in' for each user
>> that logs onto this machine after I've added it to my Win2003
>> AD/Domain.
>>
>> I know I could probably get most of the things working this way
>> through GPO, but I could never figure out how to get the Auto-Arrange
>> feature and the 'show my own desktop wallpaper, but don't show active
>> desktop options in the folder views' method.
>>
>> Is the above procedure detrimental in anyway to my WinXP installation
>> or Win2003 AD setup?
>>
>> Thanks
>
> I do pretty much what you do - but I make it the default for any new
> domain
> user I create.
>
> I do this to tweak everything I cannot (easily) control via group policy.
> This includes power settings, Windows Explorer display settings, etc.
> Don't
> add a mail profile, or anything that will be unique to any domain user -
> keep it nice and generic.
>
> Once you're done with this 'template' profile, log out - then log in as a
> domain admin (or any account that has permissions to write to
> \\DCname\netlogon).
>
> In control panel | system, copy the 'template' user profile you created to
> \\DCname\netlogon\Default User (with the proper capitalization & the
> space). Set "Allowed to use" to "Everyone".
>
> Then your new *domain* users will have these settings.
>
> That said - a lot of what you are currently configuring in your user
> profile can be done/controlled by Group Policy - including Windows Classic
> & Classic Start Menu, screensaver settings, and most importantly, folder
> redirection of My Documents (and perhaps also Desktop & Application Data).
> Do whatever you can via group policy - it is easier to administer and
> customize.
>
>
>
 
Re: Should I be fiddling with ntuser file???

On Sep 2, 7:57 pm, "Yobbo" <i...@NoSpamIt.com> wrote:
> Hi All
>
> Just want to check if the following procedure is OK to do:
>
> 1) On a local XP Pro SP2 machine I create a 'User' user account so that I
> have 1 x admin user account and 1 x 'user' user account.
>
> 2) I log into the 'User' account and config Desktop, Start Menu, etc to the
> way I want it to look, eg Auto-Arrange, Classic Desktop, 15 screen saver, My
> Docs icon on Desktop, etc.
>
> 3) I log out of the 'User' account and log in as the admin.
>
> 4) I copy the NTUSER file from my 'User' account to the default user account
> and also delete unnecessary shortcuts (eg Outlook Express) from the default
> user account.
>
> I now have a user profile 'look' that will 'kick in' for each user that logs
> onto this machine after I've added it to my Win2003 AD/Domain.
>
> I know I could probably get most of the things working this way through GPO,
> but I could never figure out how to get the Auto-Arrange feature and the
> 'show my own desktop wallpaper, but don't show active desktop options in the
> folder views' method.
>
> Is the above procedure detrimental in anyway to my WinXP installation or
> Win2003 AD setup?
>
> Thanks

Quite the reverse, it has been standard recommended procedure since
pre NT4 days.
 
Re: Should I be fiddling with ntuser file???

Darren Mar-Elia <dmanonymous@microsoft.com> wrote:
> The one thing that surprises me about this working is that when you
> create a user's ntuser.dat (essentially the HKCU hive file), it
> contains registry permissions such that only that particular user SID
> (and local Administrators and localSystem) can write to the keys
> within that hive. So simply copying ntuser.dat to the Default User
> profile should not work unless every user that logs into that machine
> is a member of the local Administrators group.

ah! I didn't notice the bit about manually copying over that file - good
catch. I don't do this; I use the "copy to...." in control panel | system.



This is why you
> normally have to use the Control Panel, System user profile applet or
> a tool like moveuser.exe to copy a profile. Because all of these
> tools re-permission the reg hive on copy. So, I would not recommend
> this simple file copy approach unless you don't mind requiring all of
> your users to be local admin (or something else is going on that I
> don't know about).
> Darren
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:eBp0LSb7HHA.4660@TK2MSFTNGP02.phx.gbl...
>> Yobbo <info@NoSpamIt.com> wrote:
>>> Hi All
>>>
>>> Just want to check if the following procedure is OK to do:
>>>
>>> 1) On a local XP Pro SP2 machine I create a 'User' user account so
>>> that I have 1 x admin user account and 1 x 'user' user account.
>>>
>>> 2) I log into the 'User' account and config Desktop, Start Menu, etc
>>> to the way I want it to look, eg Auto-Arrange, Classic Desktop, 15
>>> screen saver, My Docs icon on Desktop, etc.
>>>
>>> 3) I log out of the 'User' account and log in as the admin.
>>>
>>> 4) I copy the NTUSER file from my 'User' account to the default user
>>> account and also delete unnecessary shortcuts (eg Outlook Express)
>>> from the default user account.
>>>
>>> I now have a user profile 'look' that will 'kick in' for each user
>>> that logs onto this machine after I've added it to my Win2003
>>> AD/Domain.
>>>
>>> I know I could probably get most of the things working this way
>>> through GPO, but I could never figure out how to get the
>>> Auto-Arrange feature and the 'show my own desktop wallpaper, but
>>> don't show active desktop options in the folder views' method.
>>>
>>> Is the above procedure detrimental in anyway to my WinXP
>>> installation or Win2003 AD setup?
>>>
>>> Thanks
>>
>> I do pretty much what you do - but I make it the default for any new
>> domain
>> user I create.
>>
>> I do this to tweak everything I cannot (easily) control via group
>> policy. This includes power settings, Windows Explorer display
>> settings, etc. Don't
>> add a mail profile, or anything that will be unique to any domain
>> user - keep it nice and generic.
>>
>> Once you're done with this 'template' profile, log out - then log
>> in as a domain admin (or any account that has permissions to write to
>> \\DCname\netlogon).
>>
>> In control panel | system, copy the 'template' user profile you
>> created to \\DCname\netlogon\Default User (with the proper
>> capitalization & the space). Set "Allowed to use" to "Everyone".
>>
>> Then your new *domain* users will have these settings.
>>
>> That said - a lot of what you are currently configuring in your user
>> profile can be done/controlled by Group Policy - including Windows
>> Classic & Classic Start Menu, screensaver settings, and most
>> importantly, folder redirection of My Documents (and perhaps also
>> Desktop & Application Data). Do whatever you can via group policy -
>> it is easier to administer and customize.
 
Back
Top