locked
Point all new users at same local profile in Windows 7 (to speed up VDI login times) RRS feed

  • Question

  • Hi all,

    Is there a way to point all new user logins to an existing local user profile in Windows 7? I want to avoid the process of having the new user's profile being copied from the Default profile so I can speed up login times. We use VMware View in non-persistent mode so when the student logs out the desktop is nuked (kinda like DeepFreeze). Because of this every time the user logs in the Default profile gets copied over and it takes a long time. I do not want to use roaming profiles.

    I found a product that does this (ForensIT's User Profile Manager 2.1) but unfortunately it does not do passthrough login from the VMware View Client, the user has to log in there then log into the Windows desktop which is unacceptable.

    I am at my wits end here :-(

    Thanks

    Thursday, April 26, 2012 8:11 PM

All replies

  • Log on to the computer with the user account which you need make the default profile, locate to control panel->Advanced system settings. Click the “Settings” under "User profiles" copy to a location, and then grant full control to everyone. Copy this profile to the Netlogon share and rename the profile to Default User.

    Then please check the status.Thanks.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, April 30, 2012 8:23 AM
  • Hi Joan,

    Thanks for the suggestion, I want to avoid having any profile data be copied down to the local PC, I actually want any new user that logs in to use a local profile that is already established on the PC. The file/folder copy process is what is making the logon take so long.

    Thanks for any suggestion you might have.

    Monday, April 30, 2012 3:55 PM
  • I would like to let you know that when the user first logon in the domain, system will check the user profilelist, default user folder under netlogon share, default user folder on the local computer, and then copy the information from it.

    In your scenaario, I suggest you can put the default user folder on the local computer, and ensure no default user folder under netlogon share folder. Then the new user will load the profile from local.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, May 1, 2012 8:25 AM
  • Hi Joan,

    The way you describe it is how we have our system(s) set up now, we do not have a default user profile in the netlogon share and we do have a customized local default user account on the Windows 7 system, the problem is it takes too long for that local default user profile to be copied over to the new user's profile folder at logon. Since VMware destroys any data written to disk (including the new user's profile) upon logout you have to suffer through the profile rebuilding process on every logon. We are trying to map any new user to use an existing local profile already established on the Windows 7 box to save time but it looks like it can't be done. :-(

    Thanks for the suggestions though

    Tuesday, May 1, 2012 7:45 PM
  • Hi,

    I would like to know if you need any assistance on this. If not, please mark it as answered.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, May 4, 2012 6:57 AM
  • Hi Joan,

    Unfortunately my question has not been answered. What I want to do (have all new users share an existing local profile... not copy a default profile to become their new profile) I believe can not be done.

    • Proposed as answer by eladgrs1 Saturday, January 25, 2014 2:10 PM
    Friday, May 4, 2012 1:29 PM
  • Hi Brian,

    what Logon Times do you get?

    I have Logon Times (welcome displayed)  from about 10-15 seconds with the default profile created according to the sysprep/copyprofile Method.

    I gets slightly faster if i user local mandatory profiles. But in my testing i was never faster than 7-8 seconds.

    What i found: you can create a mandatory Profile with one user and set this user to use his "own" Profile as mandatory an get Logon Times of 2-4 seconds what can be perceived as "instantly".

    This is even the case if the profile for the user didnt exist before... so what takes the time is NOT the copying of the mandatory or default Profile.

    What takes the time is a change of Name or Sid - user the same profile for a different user it would load 7-8 seconds again even if you replace occurences of the user name with %username%

    What i am testing right now is the use of a mandatory  dummy_user together with Novell Client. I now this is  daring it will possibly break many Applikation because of the wrong %username%.

    Another thing i found that the ActiveSetup Component {89820200-ECBD-11cf-8B85-00AA005B4340} will cost 30 seconds at login time if Folder Redirection is used. (My documents and desktop). Can be reproduced running the stubpath command "start /wait regsvr32.exe /n /i:U shell32.dll".

    Another  game breaker so far is that IE9 typed URLs seem to persist at some place that i havent foud yet: Local Mandatory Profile with Internet Explorer 9 wierdness

    best regards

    MArkus

    Friday, May 4, 2012 2:47 PM
  • Hi Markus,

    The place where our virtual desktops hang for the longest time is at the "Preparing your desktop" screen, the "welcome" portion of the screen goes by really quickly. You know what is funny is we were actually able to knock a few seconds of the load time by redirecting the user's My Documents and Desktop folders to a network folder share using group policy. I was able to shave off a few more seconds by allocating a 2nd processor and more memory (from 1.5 GB to 2 GB) to each virtual desktop and by triggering my group policies as local group policies within the master image instead of using domain group policies. We still are not getting great logon times.... its about 53 seconds from the VMware logon until you get to the Windows 7 desktop. One product we are researching right now is Liquidware Labs ProfileUnity, supposedly it will knock down the login times considerably but we haven't finished the test install yet.

    Can you speak a little more to this paragraph you mentioned...?

    -----------------------------------------------------------------------------

    What i found: you can create a mandatory Profile with one user and set this user to use his "own" Profile as mandatory an get Logon Times of 2-4 seconds what can be perceived as "instantly". This is even the case if the profile for the user didnt exist before... so what takes the time is NOT the copying of the mandatory or default Profile. What takes the time is a change of Name or Sid - user the same profile for a different user it would load 7-8 seconds again even if you replace occurences of the user name with %username%

    -----------------------------------------------------------------------------

    Are you using all local accounts? With VMware View the accounts have to be from the domain. What I have been trying to do is somehow point all domain users to an existing local profile but I haven't had any luck. Feel free to contact me off list gibson_brian AT wheatoncollege.edu

    Friday, May 4, 2012 6:02 PM
  • Hi Brian,

    53 seconds sound like an active setup problem. look at hklm\software\microsoft\activesetup\installed components. this commands will be run beforere the desktop appears. compare this to the HKCU hive every installed comonetent that is missing will be run. you could preload the components in your default profile. after that your logon will be significantly faster. then run each stubpath command from the command line with start /wait to get a feeling for the time they need. as i mentioned most of them are fast except {89820200-ECBD-11cf-8B85-00AA005B4340} this will cost 30 seconds if folder redirection is enabled. {2C7339CF-2B09-4501-B3F3-F3508C9228ED} = Themes setup. use it, you will get black desktop otherwise. >{60B49E34-C7CC-11D0-8953-00A0C90347FF} IE Branding i omit this one because i dont use IEAK Branding.

    if you see "preparing your desktop" youre not using the MS recommended way of creating a default profile which is described here: http://support.microsoft.com/kb/973289  however this profile will not inherit all the settings you configure with the amdinistrator account and also the username "administrator" will appear. you could eventually replace it with %username%.

    yes i use all local accounts the novell ZCM DLU creates a dynamic local user after sucessful novell login. this means every logon is a logon of a new user for the workstation. disregarding roaming profiles now i have 3 Options:1.  use the default user profile (sysprep-copyprofile-method) which is save and i recommend to start with. 2. local mandatory profile for all users (use LGPO to set mandatory profile path) . option 3: one dummy_user with mandatory profile created from dummy_user itself. somehow that is what we had 14 years ago with novell client and windows 98. only that today a total separation of system and user profile "steady state" is supposed to work. (what in fact still seems not to work) : http://technet.microsoft.com/en-us/library/gg241178(v=ws.10).aspx

    im not sure if the vdi profile products address problems like this. i would not spend money for the redirect of "my documents" and "desktop" this are 2 simple registry entries.

    regards

    Markus

    Friday, May 4, 2012 10:17 PM
  • If you would like to make the new user copy the default user profile from local, I suggest you can manually make the default user profile on the local machine. At the same time, ensure no default user profile in the netlogon share folder. Then the new user will load the profile from local.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, May 8, 2012 9:09 AM
  • Hi Joan, what you described is how we have it set up now but just the process of having the default local profile being copied over to the new user profile is taking too long. What I want to do is have any new user that logs in have them use an existing local profile.  For example, I would create a new local user named "template" in my master image and configure it the way I want. I would then (somehow) point a user who hasn't logged into the system yet (say the user's name is "bob") to use the "template" profile located in C:\Users\template instead of having the default profile copied to C:\Users\bob. I have tried setting various NTFS permissions on the C:\Users\template folder and putting registry entries into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIndows NT\CurrentVersion\ProfileLIst to try and map any potential new user login to the C:\Users\template profile but with no luck. :-(
    Tuesday, May 8, 2012 3:27 PM
  • Hi Brian,

    you dont need "various NTFS Permissions".

    The task is: Setup Workstations where every Login is a login of a new user by definition.

    Option 1 to do this: default user profile  (google: sysprep copyprofile)

    Option 2 to do this: Mandatory Profile. You can even  set up a Local Mandory Profile (c:\users\mandatory.V2). You can configure Mandatory Profiles for all users as per GPO Machine-Setting under Profiles. You omit the V2 then (c:\users\mandatory)

    If you are familiar with these technics you can try to tune the profiles further. But i belive you can not get faster logon times as 10-12 seconds with 1) and 7-10 seconds with 2)

    Keep in Mind: The folder Structure c:\users\mandatory.V2 needs read acces for everyone.

    And in the registry structure ntuser.dat you need full acess for everyone. This is security Problem only on a Terminal Server.

    If youre trying to tune the mandatory and include the usrclass.dat  you also have to give full access to everyone (use regedit - load usrclass.dat - set permission)

    best regards

    Markus

    Tuesday, May 8, 2012 3:48 PM
  • I second disabling all the active setup keys in autoruns for a faster new user login, especially in 64 bit win7 which has twice as many.  It's all about reducing drive seeking.


    • Edited by JS2010 Tuesday, May 8, 2012 3:53 PM
    Tuesday, May 8, 2012 3:52 PM
  • Hi Markus,

    I will try the mandatory profile suggestion... I tried it a while back but I'm pretty confident I was not doing it right :-) 

    Thanks!

    Tuesday, May 8, 2012 3:56 PM
  • in my setup i disable only 2

    {89820200-ECBD-11cf-8B85-00AA005B4340} Windows Desktop Update

    >{60B49E34-C7CC-11D0-8953-00A0C90347FF}  IE Branding

    I dont use IE Branding and the first on makes the loading delay for 30 with folder redirection.

    There could even be  problems  disabling Windows Desktop Update. i read the recent Folder would not display correctly then.

    Tuesday, May 8, 2012 4:00 PM
  • Hi Brian,

    I would like to know if the above suggestion works for you. Please keep me posted on the status on your end.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, May 13, 2012 8:07 AM
  • Hi I am investigating a similar problem, I don't see any answers here that resolve the initial question. There is a quote here that says they have logon time of 10-15 seconds, but my tests indicate this:

    OS windows 7 ent PC I5 Ram 8G Windows 7 no apps new user creation control alt delete to desktop ~18 secs

    join the machine to the domain 100M network, no group policies ~26 secs.

    it can only get worse from here. It is quick if the profile exists but the time windows takes to logon a new user is slow. Ours currently is 120 seconds which is the issue I am working on. Unfortunately it seems to be an os problem and I do not see that it will be any better under win 8.1, but I am hopeful.

    • Edited by Chris in AU Wednesday, October 23, 2013 11:12 PM layout
    Wednesday, October 23, 2013 11:08 PM
  • Hi Chris.

    Since this is a virtual environment (VMware View 5.2) what we ended up doing is implementing VMware's Persona Management to manage the user's profile folders on a network share combined with using a group policy that does folder redirection for two specific folders ("My Documents" and "Desktop"). I can't remember the specific reason why our consultant wanted to isolate those 2 folders on the profile. The very first time a new user logs in takes about 45 seconds but subsequent logins after that are very quick, maybe 10 seconds or so, this is because their profile already exists on a network share and it only pulls down what it needs to get the user up and logged into their Windows sessions.

    I second the suggestion of disabling certain active setup components. We had one that was building a 25 MB database file for Windows Mail every time the user logged in which was silly.  Looking back at my own notes here is some info on it

    --------------------------------------------------------------

    We got the most bang for our buck by removing the stub entry and
    setting the isInstalled to "0" for the Windows Mail Active Setup
    component located here
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
    {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    and did the same for here

    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
    {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    --------------------------------------------------------------

    The following URL explains the Active Setup Components pretty well.

    http://helgeklein.com/blog/2010/04/active-setup-explained/

    I also suggest running msconfig and going to the Startup tab before every recompose and uncheck any programs that you do not need running when the system boots up. A lot of apps put crap in the Startup folder (adobe, java, apple etc...). I also go into the Services management console and enable the view that shows you just non-Windows services and I either disable the ones I don't need or set them to "Automatic (Delayed Start)". We had one service for a USB Dyno label printer that somehow was adding a couple minutes to the login!!!!

    If you do end up using domain Group Policies try to group as many settings as you can into as few group policy objects, that helps speed things up as well. Our consultant had us join our VMware View master pool image to the domain and log in at least once as a domain user so it does have a local copy of the group policies it receives...not sure if that really helps but hey.... it can't hurt. At one point I started moving my domain group policies into Local Group Policies where ever I could but i don't think that sped things up tremendously. It is tougher to keep track of the enabled group policies when they are local so write them down somewhere :-)

    We are starting to look at UniDesk as an overlay for VMware because it helps you virtualize apps, manage user profiles etc... My guess is getting the apps out of the master image might help with start up times as well. Contact me off line if you have any questions gibson_brian AT wheatoncollege DOT edu

    BTW, we are sticking with using defprof.exe for copying a template user's profile to the "Default User" profile within the master image. It's free, it works, it's brain dead simple and you can use it an unlimited number of times unlike sysprep...Microsoft, what were you thinking getting rid of the built in copy profile utility from Windows XP ?!?!?!

    Thursday, October 24, 2013 1:02 PM
  • Brian, 

    I too am looking for the silver bullet you described in your initial post. 

    Did you find that the majority of your slowness was resolved due to group policy and the folder redirection with persona management? 

    Thanks very much, 

    Joe

    Tuesday, January 28, 2014 10:30 PM
  • Hi Joe,

    The combination of Persona Management and folder redirection really did the trick. By having an existing Windows profile (in the Windows share that holds the Persona Management profile data and the redirected folders) it knocked down the login times considerably, I think we are down to about 10 seconds or so. The first time the user ever logs in it will take a while since the profile needs to be built off the default user profile but after that the logins are super quick.

    • Proposed as answer by Edson.Rodriguez Wednesday, January 29, 2014 4:34 PM
    Wednesday, January 29, 2014 2:04 PM
  • Hi Joe,

    fastest logon times you receive with preexisting Profile.

    in one case i Setup vdi pooled Desktops which will persist only once using http://pgina.org  to handle authentication. 

    i use the gatway-user functionality of pgina and preload a Profile that will be used by this user. (i add an entry with the _Future_ SID in the registry under /Windows NT/currentversion/profileList   )

    if you reliably discard the pooled Desktop after single use you can even use the same username and local Profile for all users.

    Nothing faster than pre-existing user and Profile.

    best regards

    MArkus

    • Edited by wehr Wednesday, January 29, 2014 2:53 PM
    Wednesday, January 29, 2014 2:47 PM
  • Thanks Brian, 

    Would you mind sharing the configuration you ended up with for the Persona Management GPOs? Just curious to see how it stacks up against what I'm currently running. 

    Joe

    Wednesday, January 29, 2014 3:47 PM
  • I have my default user profile down to 26 megs, and it didn't seem to help getting lower than that.  However between having deepfreeze and symantec it's hard to get to an amazing logon speed right after boot.  SSD drives will fix it, so it's really the disk seeking that's the problem, and if you have 200+ boot processes, they all contribute to i/o.

    Plus I have no active setup, or i/o heavy startup programs like adobe and matlab.  You can run a trace in windows performance toolkit and sort by highest i/o.  I like to disable superfetch and readyboot when I do it.



    • Edited by JS2010 Wednesday, January 29, 2014 3:58 PM
    Wednesday, January 29, 2014 3:53 PM
  • Would you share a bit more about VMWare's Persona Management, how you applied this solution and how much it cost?   My understanding is that licensing (as in $$$)  would be an issue.   
    Wednesday, January 29, 2014 4:36 PM
  • Hey Joe,

    Shoot me an email at gibson_brian AT wheatoncollege.edu and I'll email you a screen shot of the GPO the consultant we used set up for persona management and folder redirection. You need that along with a Windows network share to hold the profile folders. The NTFS permissions on the share were a little squirrelly too, you have to make it so the person can create their own profile folder and add/remove/modify content inside but not have access to other's profile folders.

    Edson, I believe we got Persona Management as part of our enterprise View license so there is no "additional" cost but you are right, licensing for View is very expensive. We are part of a consortium (OSHEAN) and are higher ed so we get a discounted rate. The other expense you have to think about is you need additional storage to hold the user's network profiles and you need to be able to back them up. You pay for View by the number of concurrent desktops and not by the users who use it so we can get away with a 200 seat license which supports our roughly 2,000 students

    Wednesday, January 29, 2014 5:06 PM
  • Hi wehr,

      Knowing that your post on speeding up on windows user login, I feel you are really an expert. May your kindly give me some hints on how to login all AD/domain user to use with a pre-existing profile? 

      Grateful indeed.

    Best

    little-hippo

    Monday, July 25, 2016 3:52 AM
  • Hi Little-hippo

    by redirecting the users to a local or Server based mandatory Profile with the
    "set roaming profile path for all users logging onto this computer gpo"

    Then you have to create a good Mandatory Profile. Set permissions on this Profile to use for everyone => "authenticated users"

    If on a Terminal Server be careful with permissions since users could access other users registry.

    regards

    Monday, July 25, 2016 5:07 AM
  • wehr,

      Could you please show me the steps? Since I want to apply it on pooled desktop, the profile need not mandatory.

      Actually, is there a way Windows AD/domain login speeding up to use with a pre-existing profile like pGina Single user login?

      Is there any way not creating a new user profile, just redirect it to use a specific pre-existing profile in order to speed up authentication?

      Thanks again.

    little-hippo
    Monday, July 25, 2016 9:34 AM

  •   Actually, is there a way Windows AD/domain login speeding up to use with a pre-existing profile like pGina Single user login?

      Is there any way not creating a new user profile, just redirect it to use a specific pre-existing profile in order to speed up authentication?

    i guess 1 or 2 seconds at Login time are not worth the effort. you have to also take care of Profile handling components of the VDI Software (in my case vWorkspace has a Service that deletes "unused" profiles"). And with all future configurations and Software installations you have to keep in head about the Profile config.

    I precreated Profiles with a SID that corresponds to a new user created from pgina. The SID increments by 1 for every new local user on the workstation. So simply copied a few Profiles ahead.

    For AD-Users it wont work because they already have their sid. you could precreate Profiles for all AD-users or for a specific user after knowing the pooled VDI he would hit now. I guess the Profile handling components of the VDI-Vendors work like this.

    look at the "set roaming profile path for all users logging onto this Computer " GPO

    Monday, July 25, 2016 10:20 AM