locked
Locking before imaging. RRS feed

  • Question

  •  

    I have been working on the preparation of an image for students using the computers in our department for several days. During that time I have regularly locked and unlocked the student account to test that what the user saw in the locked state was what I wanted them to see, and that things worked the way they should.

    Today I attempted to deploy the image but unsuccessfully; many of the settings were not retained.

    Looking at the messages in this forum it seems that this is an expected problem. If an account has ever been locked it will not replicate properly.

    Is there any workaround to rectify this issue?

    Or is my correct and only course to create another user account and make sure I never lock that account before deploying?

    (I must say that I feel that it would have been helpful if this important issue had been mentioned prominently in the literature. To me it is axiomatic that one would want to check the performance of the new configuration in the locked state before deploying the image.)

    Thanks for any clarification here...

    Jim Brook.

     

    Wednesday, October 3, 2007 8:36 AM

Answers

  • Hi Jim,

     

    It seems you have found the following thread:

     

    SysPrep and locked user accounts

    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=1984622&SiteID=69

     

    Your understanding is correct. This issue will not occur if the user profiles have never been locked. This information will be added to the later version of SteadyState Handbook.

     

    For your reference, you may find the following information in SteadyState Handbook:

     

    "Sysprep.exe does not recognize locked or mandatory profiles and will copy a new Ntuser.dat file into the <user> folder. Additionally, Sysprep.exe creates a new user SID. After running Sysprep.exe, existing Windows SteadyState user profiles (Ntuser.man) become invalid as they are no longer linked to the new SIDs."

     

    If you would like to get it work after deploying the system, the easiest way is create a new user account. Another method is load the user’s registry hive from an administrator account and then give Full Control permissions to the user account. As these steps will be a little complex and time consuming, I recommend only make restrictions changes before running the Sysprep tool.

     

    Best Regards,

    Thursday, October 4, 2007 3:55 AM