none
Deploying Windows 7 machines to Remote Users RRS feed

  • Question

  • So first I think I know the answer to this overall question but I want to just ask it to make sure that I am not missing some gem out there that will be the silver bullet I need for deploying Windows 7 machines to remote users.  First let me provide the scenario:

    Our company has a significant number of remote users who we support and from time to time, either because we are refreshing the hardware or need to replace it, we need to ship a newly image machines to these remote users.  Now these are machine joined to the domain and the remote user will be using their domain account to log into the machine.  The dilemma that we are trying to work around, is how do we get the user's profile on the machine if it is not connected to the domain?  Here is what we do not want to do;

    • We do not want to request the users credentials (thus asking for a password) and create the profile before shipping out the machine.
    • We do not want to create a generic password for the users, thus messing up any current machine or device accessing corporate services they may have in their possession.

    Now so far the solutions we have it as follows:

    • Once the user receives the computer, log into a local account such as Admin, Configure network (mostly WiFi), Log into VPN, Switch Users, then use their Domain credentials to login and thus creating their profile, Switch Users again and login as Admin to disconnect VPN and log the account off.

      This works but we want to reduce the number of logins required to just having the user login once.
    • Using tools from our VPN provider we have setup the option to Sign in before login, which grants the user the ability to launch VPN at the login screen thus allowing them to connect to the corporate network before logging in and creating their profiles.

      This was almost an ideal solution but not quite the silver bullet since a wired connecting is required.  If the remote user only has wifi readily available, they will still need to log into a local account to setup a wifi profile.  We also found out that the solution we found for Signin before login disabled Switch user option while logged in.  Fortunately this was not an huge issue for us.

    So what are we hoping for as a "silver bullet"?

    • Is there a way of creating a Domain profile before shipping a machine without users credentials?
    • One of our Techs feels that there should be away of logging into a local profile, log into VPN, create the domain profile and have it merged into the local profile.  Has anyone see this, done this or know of a way to do this?
    • Is there any way of creating a WiFi profile without logging into a local account first?
    • Does anyone know of a better way of doing this?

    I know there are a number of question on this but we have definitely done some research online and really can't find much on this subject (that is after having to weed out all of the discussion on remote into desktops and such).  So please share your experience or suggestions, which will be greatly appreciated.


    Thursday, March 5, 2015 9:40 PM

All replies

  • Hi,

    So according to the description, due to the refresh or replace of the hardware, you need to re-deploy the image, but have problems with the domain user profile.

    In my opinion, there's no need to create new domain account during the deployment, you can migrate the original local\domain account to the the newly created system, retaining user's files and settings using usmt during the remote installation,

    I suggest you refer to the following link:

    Migrating Files During a Remote Installation with USMT and Windows Deployment Services

    https://technet.microsoft.com/en-us/library/ee681559(v=ws.10).aspx

    Migrate User Accounts

    https://technet.microsoft.com/en-us/library/hh824918.aspx

    USMT is a good tool to manage the user profile if you want to refresh the image for your company.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, March 6, 2015 6:19 AM
    Moderator
  • Thank you Yolanda for your reply.  So your suggestion (just to make sure I have this straight) is to use USMT to migrate files and user profile remotely.  This would not require the user profile to be on the machine first? (Sorry still have a bit to learn about USMT).
    Friday, March 6, 2015 8:08 PM
  • This would not require the user profile to be on the machine first? (Sorry still have a bit to learn about USMT).

    Yes, you can first run scanstate to store the user profile and its settings to a network share or some other migration store. To make a better deployment, I recommend you refer to the detailed instruction about USMT.

    https://technet.microsoft.com/en-us/library/hh825180.aspx

    Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, March 9, 2015 2:46 AM
    Moderator