Default User Profile for New Domain Users

Title: How to deploy default custom user profile for all users?


Hi all,


I’m looking for some advice on setting up a default custom user profile across multiple PCs in a domain environment.


Setup:

• 2 offices with several PCs joined to a Synology AD Server (managed via RSAT tools).
• PCs are shared between students and teachers.
• Very high turnover of users (new and old accounts coming and going).

Current problem:
At the moment, whenever a new user account is created, I have to:

1. Log in to their profile manually.
2. Customise the profile (start menu, desktop, settings, etc.) before handing over credentials.

This is time-consuming and sometimes has to be repeated across multiple PCs, which is frustrating.


What I want to achieve:

• Create one pre-configured “default” profile in the domain.
• When a new user logs in, they automatically get this customised profile without me logging in first.
• Consistent start menu, desktop, and settings across all machines.

What I’ve tried:

• Looked into Sysprep OOBE and copying profiles, but this hasn’t worked for me (often because customisations are done after apps are installed, which aren’t provisioned for all users).

Constraints:

• MS Intune / Azure AD is not an option right now.
• Planning for scale: more than 50 machines in the near future. I can’t keep customising each machine/user manually.

Question:
What’s the best way to deploy a default custom profile for all domain users in this setup? Is there a Group Policy, folder redirection, or another method I should be looking at?


Thanks in advance!

The hidden ntuser.dat file under the public user profile is the default profile that gets copied into every new users profile, so you can load and edit that then override that file on your new computers

You're better off re-posting this question to Spiceworks. That community has a far deeper set of AD expertise, compared to ElevenForums which is mostly Windows enthusiasts and less IT-focused. Those folks regular answer this type of question, especially in regards to best practices.

neemobeer said:

The hidden ntuser.dat file under the public user profile is the default profile that gets copied into every new users profile, so you can load and edit that then override that file on your new computers

Click to expand...

Hi

Thanks for the suggestion, but windows detects its not for the right user so loads a temp one.

garlin said:

You're better off re-posting this question to Spiceworks. That community has a far deeper set of AD expertise, compared to ElevenForums which is mostly Windows enthusiasts and less IT-focused. Those folks regular answer this type of question, especially in regards to best practices.

Click to expand...

Thanks

I will put a post over there and see how it goes.

You can't just copy another user profile as the default. Here's a more comprehensive guide. Using an answer file and a profile stored on a share you can do it with AD/GPO.

Is this a Peer to Peer network? or do you use Active Directory in a Domain?>
If the later, than you can just create a profile and copy and deploy it

neemobeer said:

10You can't just copy another user profile as the default. Here's a more comprehensive guide. Using an answer file and a profile stored on a share you can do it with AD/GPO.

Create mandatory user profiles

A mandatory user profile is a special type of preconfigured roaming user profile that administrators can use to specify settings for users.

learn.microsoft.com

Click to expand...

Thank you for assisting. I’ve tried this, but the issue with Sysprep is that it requires me to remove a number of applications, including some I’ve intentionally installed for new users.


Regarding roaming or mandatory profiles, I don’t need these because Site 2 is connected via VPN, which already increases log-on times.


Essentially, my goal is this: when I create a new user in Active Directory, I currently have to log on as that user, customise their start menu and taskbar, uninstall certain apps, configure others (e.g. Synology Drive), and then log out before handing the account over. I already use GPOs for things like desktop background, offline file sync, and Windows Update settings.


What I’m trying to achieve is a process where I configure everything once in a single user profile. Then, whenever I create a new AD user, their profile is automatically based on that configured default profile, so all the settings and applications are ready without me having to log in manually on each machine.

Spunk said:

Is this a Peer to Peer network? or do you use Active Directory in a Domain?>
If the later, than you can just create a profile and copy and deploy it

Click to expand...

Thank you for the suggestion.

I have an active directory but the profile I customise is greyed out, only the default profile is allowed to be copied which I cannot log onto to customise. In addition, it moslty refers to roaming or manadtory profiles which is not the end goal.