Microsoft giveth, and Microsoft taketh away. Such is the lifecycle of Windows OS releases. Microsoft wows us with new features and slick animations, but it forgets to mention everything we give up when we transition to a new OS.
One feature that’s become far less reliable with each new Windows OS release is the ability to customize the default profile using Sysprep. Let’s cover these changes and what we can do to achieve similar results with default profiles in Windows 11.
What happened to CopyProfile
In years past, sysadmins could make changes to the local Administrator account in audit mode and run a Sysprep command with the “CopyProfile” option enabled; those changes would be copied into the default user account. These customizations would replicate across new user accounts that logged in to that computer. If this was a reference VM and captured for imaging purposes, the customized default profile would be distributed to all endpoints and applied to all users who log in to those endpoints.
Unfortunately, this procedure hasn’t worked reliably since very early in the lifespan of Windows 10 (mid-2016) and even less so on Windows 11. However, that won’t stop us from finding new ways to customize the default profile.
Customize the Windows 11 Start menu
The drastically different Start menu was probably the most significant change introduced in Windows 11. Not only did Microsoft change the look, feel, and location of the Start menu, but the company also changed the way we manage it. We’ll talk about this a bit more in a later section, but for now, here’s how we can customize the start menu and copy it to the default profile.
Remove apps pinned to the Start menu by default by right-clicking on the app and clicking Unpin from Start. Leave any of the default apps you wish to keep.
To add app pins to the Start menu, click All apps. Then, right-click on the apps you wish to add, and click Pin to Start.
Continue adding and removing app pins until your Start menu is fully customized. You can rearrange app pins by clicking, holding, and dragging the pin into place. Here is my finished Start menu layout.
With our Start menu customized, we’ll use Robocopy to copy the start.bin file, which contains all the changes we made. The start.bin file is located at:
C:\Users\<username>\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState
Depending on your version of Windows 11, the file may be called start.bin,start2.bin, or some other variation of this filename. We need to copy this file into the default user profile. However, the folder structure doesn’t exist yet. You can manually create the folder structure, mirroring the logged-on user structure, or use this Robocopy script to copy the file and folder structure over. Here is the script, which needs to run from an elevated command prompt:
robocopy "C:\Users\<username>\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState" "C:\Users\Default\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState" "start.bin"
You’ll need to modify username and start.bin to match your environment.
Once the file has been copied, we’re ready to move on to the next step: customizing the taskbar.
Customizing the Windows 11 taskbar
To customize the taskbar in Windows 11, we’ll create a LayoutModification.xml file that contains the apps we want pinned to the taskbar. This method remains unchanged from Windows 10. Here’s how it works:
Click on the Start button, then type Notepad in the search bar. Right-click on the Notepad app, and click Run as administrator.
Copy and paste this XML into Notepad:
<?xml version="1.0" encoding="utf-8"?> <LayoutModificationTemplate xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" Version="1"> <CustomTaskbarLayoutCollection> <defaultlayout:TaskbarLayout> <taskbar:TaskbarPinList> <taskbar:DesktopApp DesktopApplicationID="Microsoft.Windows.Explorer" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" /> </taskbar:TaskbarPinList> </defaultlayout:TaskbarLayout> </CustomTaskbarLayoutCollection> </LayoutModificationTemplate>This XML contains examples of two apps that will be linked to the taskbar: Windows Explorer and Command Prompt. Windows Explorer uses the DesktopApplicationID, and Command Prompt uses the DesktopApplicationLinkPath. You can use either format to add apps to your XML file. Copy or replace these examples with the apps that you want to add to the taskbar following the structure provided. You can get AppIDs using this PowerShell command:
Get-StartApps.Alternatively, you can get the ApplicationLinkPath for most applications from this hidden folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs. Here is my finished XML using some LinkPaths and some ApplicationIDs:
Once you’ve modified the XML, click File > Save As.
In the Save as window, navigate to C:\Users\Default\AppData\Local\Microsoft\Windows\Shell.
Name the file LayoutModification.xml.
Click the dropdown menu next to Save as type and select All files (*.*).
Click Save.
With the LayoutModification.xml file in place, newly created user accounts only have the pins specified in the XML file on their taskbar. Users can modify and add their own pins after logging on.
At this point, we can ensure our Start menu and our taskbar settings are applied correctly by creating a new local user account and logging in to it.
With the new account created, let’s log in to it and ensure our customizations carried over.
Both the Start menu and the taskbar contain the app pins we specified.
Configuring default application associations
Default application associations ensure the correct application launches when a user opens a specific file type. While the process of exporting and importing applications associations hasn’t changed much since Windows 10, it’s worth highlighting.
Setting default applications
Here’s how to set default apps in Windows 11:
Right-click on the Start button, then click on Settings.
In the Settings menu, click Apps, then click Default apps.
Click on any application you want to set as a default.
Manually assign each file type association, or click Set default.
Exporting a default application association XML
With our defaults configured, the next thing we need to do is export these settings.
Click the Search button on the taskbar, then enter cmd into the search field.
Right-click on the Command Prompt application, and click Run as administrator.
If prompted to allow the app to make changes to your device, click Yes.
Run the following command:
Dism.exe /Online /Export-DefaultAppAssociations:\\<server_name>\<share_name>\Appassoc.xml
Import a default application association XML
We can use a few different methods to import a default application association XML. The first is to mount an offline Windows image, then import the file using these commands:
Dism.exe /Mount-image /imagefile:<path_to_Image_file> /MountDir:<target_mount_directory>With the image mounted, use this command to import the app association file:
Dism.exe /Image:C:\<target_mount_directory> /Import-DefaultAppAssociations:\\<server_name>\<share_name>\Appassoc.xmlAlternatively, you can use a script to run the import command during a post-deployment task, such as during the Specialize or First Boot phases.
Lastly, you can distribute the application association file with Group Policy.
Open Group Policy Management.
Right-click on the OU you wish to apply the policy to, then click Create a GPO in this domain, and Link it here…
Name the GPO, then click OK.
Right-click on the newly created GPO, then click Edit.
Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer.
Double-click the Set a default associations configuration file policy.
Select Enabled.
Enter the path to the default application association file you exported.
Click Apply.
If you choose to utilize this policy, the default app association file is processed and default associations are applied during logon.
Using Group Policy to set the desktop background image
Last but not least, we’ll configure a desktop background image to round out our default profile. And, if you’re feeling particularly power hungry, we can also make it so users can’t change the image. Don’t worry; I won’t judge you. Here’s how to do it:
Save your desktop background image to a shared drive. Your users need to have read access to the share.
Open Group Policy Management.
Right-click on the user OU you wish to apply this policy to.
Click Create a GPO in this domain, and Link it here…
Name the GPO, and click OK.
Right-click on the newly created GPO, and click Edit.
Navigate to User Configuration > Policies > Administrative Templates > Desktop > Desktop.
Double-click the Desktop Wallpaper policy.
Select Enabled.
Enter the share path to the desktop background image.
Select Fill for the Wallpaper Style. You may need to test this setting to ensure the image is sized correctly on your devices.
Click OK to close the policy.
Expand the Control Panel directory, then click the Personalization folder.
Double-click the Prevent changing desktop background policy
Select Enabled, then click OK.
Now your users will be stuck rocking that sweet company background image. I hope you’re proud of yourself.
Adapting to change
Let’s be honest; just because something isn’t broke doesn’t mean Microsoft won’t try to fix it. Such is the case with the CopyProfile setting.
To be fair, Microsoft has every right to evolve the Windows ecosystem to adapt to societal trends and defend against security threats. As the market changes, Windows must also change. Hopefully, future iterations of Windows operating systems provide administrative controls that are efficient and easy to manage.
Better yet, why wait for Microsoft when you can power up your administrative tasks and endpoint management right now? SmartDeploy has everything you need to manage your local and remote devices. Deploy applications, drivers, OS updates, and even Windows images to all of your local and remote devices with an internet connection — no VPN required. Download a free trial and experience what the next generation of endpoint management has to offer.
