Modifying \Users\Administrator folder

D

Damai

New Member
On W7 I've been customizing Users\Administrator folder by adding or removing files directly into the dism mounted folder, and it always worked great.
Now with W11, my added files correctly copy on new install but W11 adds a new folder Users\Administrator.ComputerName which is the real profile folder, whereas my Administrator folder only contains my custom files.
I tried the same using $OEM$\$1\ or $OEM$\C\ structure folder, it works perfect with Program Files or ProgramData, but same result with adding folder Administrator.ComputerName.
Can someone help me modify that Users\Administrator folder before installation ?
 
From reading online, this isn't a W11-specific problem. Whenever Administrator user is being provisioned, after any profile conflict is detected -- Windows will rename the current folder Administrator.ComputerName or Administrator.Domain.

I expect a race condition is happening in early installation.
Maybe this workaround:

1. Create $OEM$\$1\Stage folder, and copy Administrator files there.
2. Add Post-Setup command to copy C:\Stage files to \Users\Administrator
3. Add command to force correct ownership: "icacls C:\Users\Administrator /setowner Administrators /t /c"

Post-Setup will complete its commands before the first logon (as Administrator).
 
First of all, how ... where did you find anything on that matter through gogole ?
I spent many hours trying to find anything related.

What do you mean by profile conflict ?

I think I've tried copying it from elsewhere during post-setup, but without the correct ownership it seems.
Thanks for your reply and the tips, I will try it I my next deployment in a few weeks, I'll keep you posted.
 
Administrator isn't any ordinary account. Therefore Windows checks if the profile's in use, while other updates are taking place. The safety mechanism is to rename the in-use profile, and allow whatever [bad] action to finish its work. Then you would return, and clean up the mess.

There can be only one.

 
I called those commands from a bat file in Automate/Post-Setup section of ntlite as advised.

icacls C:\Users\Administrateur /setowner Administrators /t /c
xcopy C:\Administrateur C:Users\Administrateur /h /k /e /s /c /q

And here is what I got from that.

"
explorer.exe Erreur système

Le sytème a détecté la saturation de la mémoire tampon dans cette application.
Cette saturation pourrait permettre à un utilisateur mal intentionné de prendre le contrôle de cette application.
"

Only Ok to click and computer stuck right there, must hard reset.

Administrator account was modifiable in 7, there must be a way to do the same in 11.
Can anyone help me nuke that disgrace ?!
 
Damai said:
explorer.exe Erreur système

Le sytème a détecté la saturation de la mémoire tampon dans cette application.
Cette saturation pourrait permettre à un utilisateur mal intentionné de prendre le contrôle de cette application.
Click to expand...

Translated :

explore.exe System error

The system detected buffer overrun in this application.
This saturation could allow a malicious user to take control of this application.
 
"buffer overrun" errors are a common problem on default and tweaked windows(w10+), its a programming error on ms's part.
 
I finally worked out an answer after running tests. Windows doesn't like it when you've created a file or registry value, before user provisioning has started.

During Post-Setup (Machine) phase, the Administrator's home folder doesn't exist yet. The reason is it's not created until the first logon. If you try creating or copying a folder in anticipation, Windows will hang during Administrator's first logon (leaving defaultuser0 behind).

What needs to happen, is to copy from the staging folder during first logon. But if you do that, many settings won't be read until the next session. Scheduling an immediate logoff solves that problem.

My staging folder:
C:\Administrator\
C:\Administrator\Documents
C:\Administrator\Documents\RANDOM.txt
Click to expand...

Post-Setup (User) commands:
Code: 
attrib -r C:\Administrator\*.* /s /d && xcopy C:\Administrator\ C:\Users\Administrator /h /k /e /s /c /q
shutdown /l

$OEM$\$1 folders are always installed by Windows as read-only, and this attribute should be removed before running XCOPY.
XCOPY needs to have a trailing "\" after the folder name, otherwise it will prompt to copy as (File or Folder).

shutdown /l forces an immediate logoff, so Windows will recognize our file changes.

Windows 10 x64-2023-04-10-18-49-50.png
 
Great thanks for your work, enlightning those dark corners, and congratulations on the workaround.

What is the difference between Post-Setup (Machine) and Post-Setup (User) and where to interact with them in NTlite ?
So, no need for iacls ?
Anyway to make log back in automatic ?
Would it be possible to delete original files from Administrator folder at the same stage ?

Thanks again for the many tips and tricks, I should try all that for next deployment ;)
 
Machine is the built-in Windows method of running SetupComplete.cmd script (if created in $OEM$ folder), right after OOBE setup.
User creates an one-time logon task which executes on your first logon.

You don't need icacls/takeown, because the task runs as your identity (Administrator). Therefore copied files will have the expected owner. If you want to remove other profile files, do it the same way.

When you use a logoff command, it doesn't trigger an automatic logon. I think that's a Windows feature.
 
If I understand correctly, I am using Post-Setup (Machine), since it is the Automate/Poste-Setup section of NTlite.
Forgive my ignorance, but how to make a Post-Setup (User) then ?
 
Copy the same command/file into the bottom half (User). Top half is Machine, bottom half is User.
 
You must log in or register to reply here.
Back
Top