The Deployment Guys

Helping to deploy your world automagically...

Useful Script Number 5 - Adjusting the Default User Registry Hive

Useful Script Number 5 - Adjusting the Default User Registry Hive

  • Comments 9
  • Likes

Michael Murgolo did a great post on the different ways to adjust default settings when building an image (Configuring default settings for Windows image deployment) and one of the options presented was to targeted changes to the Default User Registry hive and profile folders. I had to do this recently and put together a script that can be launched from the MDT task sequence because I was finding my customised Administrator profile wasn't being copied over correctly to the Default User profile as part of SysPrep.

As Michael mentioned in his post - there are three main processes...you first need to load the default user hive (NTUser.dat) - make the changes you require - then unload the user hive. I have reproduced the core part of my script that does this process for discussion.

The first section sets the two variables that will be used - one to store the temp key (sTempHive) that we will load to, and the second to hold the profile file and location that we want to load (sDefaultUserHive)

For Windows Vista the entry """%USERPROFILE%\..\Default\NTUSER.DAT""" refers to C:\Users\Default\ntuser.dat

sTempHive = """HKEY_USERS\Test"""
sDefaultUserHive = """%USERPROFILE%\..\Default\NTUSER.DAT"""
sSName = oUtility.ScriptName
set oshell = WScript.CreateObject ("Wscript.Shell")

iZTIRetValue="1"

We then need to start logging - it's the law :-)

oLogging.CreateEntry sSName & ": Actions Start - Updating Default Profile",LogTypeInfo
oLogging.CreateEntry sSName & ": Loading the Default User hive",LogTypeInfo

The next section runs reg load to load the NTUser.dat file from the default user directory to the temp key (HKEY_USERS\Test) set in the first section - if there is an error the script fails and quits with a specific failure number or we log success.

oShell.run "reg load " & sTempHive & " " & sDefaultUserHive
If Err<>0 Then
  oLogging.CreateEntry sSName & ": Failed to load the registry hive " & sDefaultUserHive,LogTypeError
  ZTIProcess=70
  Exit Function
End If
oLogging.CreateEntry sSName & ": Default User Hive Loaded to " & sTempHive,LogTypeInfo
oLogging.CreateEntry sSName & ": Starting Registry Changes... ",LogTypeInfo

Now that the hive is loaded we can start changing stuff...as an example - I have set the code to change the wallpaper and the screen saver for the default user - again with error checking and specific failure codes

This codes sets the wallpaper (the file needs to be where you set the key to :-)

oLogging.CreateEntry sSName & ": Setting Default User Wallpaper",LogTypeInfo
RegPath = "HKEY_USERS\Test\Control Panel\Desktop\"
oshell.RegWrite Regpath & "WallPaper", "C:\Windows\Web\Wallpaper\CorporateWallpaper.bmp", "REG_SZ"
If Err<>0 Then
  oLogging.CreateEntry sSName & ": Failed to update wallpaper file setting",LogTypeError
  ZTIProcess=60
  Exit Function
End If

...and this codes sets the screen saver (again - the file needs to be where you set the key to :-)

oLogging.CreateEntry sSName & ": Setting Default User Screensaver",LogTypeInfo
RegPath = "HKEY_USERS\Test\Control Panel\Desktop\"
oshell.RegWrite Regpath & "SCRNSAVE.EXE", "C:\Windows\CorporateScreensaver.scr", "REG_SZ"
If Err<>0 Then
  oLogging.CreateEntry sSName & ": Failed to update Screensaver settings",LogTypeError
  ZTIProcess=50
  Exit Function
End If

Once all of the changes have been made - its time to unload the hive from its temp key - again with logging and error checking

oLogging.CreateEntry sSName & ": Unloading the Default User hive",LogTypeInfo

oShell.run "reg unload " & sTempHive
If Err<>0 Then
  oLogging.CreateEntry sSName & ": Failed to unload the default user registry hive",LogTypeError
  ZTIProcess=40
  Exit Function
End If
oLogging.CreateEntry sSName & ": Actions completed",LogTypeInfo

The completed script can be added to your MDT task sequence towards the end - so that it runs before the machine SysPreps and reboots for capture.

The complete script - in MDT format (to include logging and access to classes from ZTIUtility.wsf) with a number of other changes included is available on the Deployment Guys SkyDrive:

This post was contributed by Richard Smith a Senior Consultant with Microsoft Services, UK.

  • Richard,

    So it seems like with this technique, you don't need to use sysprep to copy the settings. You can just do it by loading, changing the settings, and unloading the hive?

    Jason

  • That's correct - as Michael mentioned in his post - This technique has the advantage that all changes to Default User are known and predictable.  However, this technique also requires that all changes be reduced to “scriptable” items i.e. Registry or file system changes - no manual configuration can be applied.  

  • Cool. Well, if you used this in combination with sysprep, it would seem to give you everything you need. Wouldnt it?

  • This is an interesting approach, I've never been a fan of copying a modified profile over default as it's often reulted in unpredictable results for me... I also think that any manual modification to the image config is broadly bad practice, so tend to avoid that approach...

    At the moment I don't use the registry hive modification detailed above, but tend to create a BuildSettings.msi which I install as an ActiveSetup entry. This has the advantage of (obviously) running once for every user that logs on and has the ability to modify registry values and where necessary add files, if you're familiar with MSI (or any other scripting language for that matter, SMSInstaller..!) this may be an approach worth looking into.

    The BuildSettings.msi I'm using at the customer I'm with today sets the following (it's an XP ZTI job...):

    Turns ClearType ON, Changes TEMP environment variables, mutes sound, turns on NumLock, create TNS Names ENV Variable and folder.

    JQ

  • Richard,

    what if the key itself doesn't exist. I'd like to make some changes in the Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced key, but it doesn't exist under the Default user profile.

    Help! :)

  • Hi Richard,

    I have added you script into my MDT 2008 deployment, but unfortunately, it producs some errors.

    I found this on devx.com

    Const HKEY_USERS = &H80000003

    Const HKEY_PERFORMANCE_DATA = &H80000004

    which is different from your settings.

    Also, using your line:

    <script language="VBScript" src="..\..\ZTIUtility.vbs"/>

    did not run the script. The "..\..\" has to be removed.

    Here is the output from zCFG-DefaultUser.log:

    <![LOG[The task sequencer log is located at X:\windows\TEMP\SMSTSLog\SMSTS.LOG.  For task sequence failures, please consult this log.]LOG]!><time="12:22:54.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[zCFG-DefaultUser: Actions Start - Updating Default Profile]LOG]!><time="12:22:54.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[zCFG-DefaultUser: Loading the Default User hive]LOG]!><time="12:22:54.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[zCFG-DefaultUser: Default User Hive Loaded to "HKEY_USERS\Test"]LOG]!><time="12:22:57.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[zCFG-DefaultUser: Starting Registry Changes... ]LOG]!><time="12:22:58.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[zCFG-DefaultUser: Setting Default User Wallpaper]LOG]!><time="12:22:58.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="1" thread="" file="zCFG-DefaultUser">

    <![LOG[ZTI ERROR - Unhandled error returned by zCFG-DefaultUser: Invalid root in registry key "HKEY_USERS\Test\Control Panel\Desktop\Wallpaper". (-2147024809  0x80070057)]LOG]!><time="12:22:58.000+000" date="08-21-2008" component="zCFG-DefaultUser" context="" type="3" thread="" file="zCFG-DefaultUser">

    Do you have an updated version of this script, as I am not a programmer and would not know where to start.

    Thanks,

    Jim

  • What about a way to adjust default settings when you're not preparing an image? The use for this in in Home environments etc when multiple users use the same PC. I have a way to do this in XP, but not yet for Vista or Win7. For XP, I create a Limited User account and customize all the desktop, TaskBar, Start Menu, video, screen saver, windows explorer settings etc. I use registry files (or do it manually) to configure all the IE settings (Zones, Tabs, Advanced Settings, Toolbars, Ad-Ons, Search Providers, etc). Then load this template user hive to import power settings (created with an Admin account and modified to match the name used when loading the hive for the template user) etc. that the Limited User can't make. I either disable or clear the recent programs/documents lists. Then copy this modified profile over the Default (as in Q319974 03/02/2005 Rev2). To fix the Desktop.ini/My Docs folder customization/naming issues, I ad a shortcut in Startup to a batch file that runs rundll32 mydocs,dll,PerUserInit, and then deletes the shortcut so it runs only at 1st logon (easier to manage than runonce registry key). This method addresses the mentioned problems (2a, 2c (Start Menu setting), 2d) for manually replacing the defalt profile mentioned in http://blogs.technet.com/deploymentguys/archive/2008/02/18/configuring-default-user-and-computer-settings-for-windows-image-deployment.aspx. For this use, 2b doesn't matter. I'm not sure if 2e and 2f are issues, but if the apps aren't opened with the template user profile they may not occur. I have not seen the 2e and 2f issues yet. It works well in XP with no issues that I've noticed. Any suggestions for Vista or Win7?

  • Invalid root in registry key "HKEY_USERS\Test\Control Panel\Desktop\Wallpaper". (-2147024809  0x80070057

    Is because the script cannot resolve sDefaultUserHive = """%USERPROFILE%\..\Default\NTUSER.DAT""" in a WinPE environment

    Changing it to sDefaultUserHive = C:\Users\Default\NTUSER.DAT""" Works not is not tidy.

  • I left a post in the related technet forum.  I have to deal with an old style "workgroup" network, no AD tools for deployment but looking for  a way to automate creation of the office VPN (currently only Windows 7).  It would be nice if it were scripted to ask the username and password to use for creating the VPN but other things such as the VPN name, IPV4/IPV6 settings and other specific modifications could be written inside it.  As a final touch, it needs to create a shortcut on the user's desktop.

    For the Grand Finale, it needs test the connection and if sucessful,  map 3 network drives to the VPN connection.  

    THAT would make "My Life" a lot more "automagic" :)  Thanks

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment