Creating a custom default profile on Windows 10 1803

Creating a custom default profile is a good way to streamline a Windows 10 deployment. How do you achieve this?

Note:- this article refers to the default profile creation process on Windows 10 version 1803, fully patched as of 05/07/2018. Further servicing updates (Windows patches) or feature updates (OS upgrades) will possibly invalidate this, although I will strive to keep this article as up-to-date as humanly possible.

The best way to set up a custom default user profile is to run from Audit Mode. This is a special mode of Windows that is invoked during the build process. The original purpose of it was for corporations to complete installation tasks before shipping them to users who could then complete the installation in the usual fashion. In Audit Mode, the device is logged on as the local Administrator account (which will be disabled afterwards) and allows changes to be made to the device prior to sysprep. However, if sysprep is run with the /copyprofile switch, the local user profile will then be copied into the default user profile and then become the default profile for the image.

Be aware that you can only run Audit Mode a specified number of times if you reach the stage of running sysprep when you’re finished – four times will be your limit, unless you use the /skiprearm switch. I find it easy simply to take a VM snapshot of the reference image prior to running sysprep and restoring if necessary.

In order to invoke Audit Mode, start a Windows 10 build and wait until you reach the point shown in the image below, then press Ctrl Shift and F3.

The machine will then boot into Audit Mode, where it will automatically log on as the built-in Administrator account.

Click on Cancel on the sysprep dialog box. Now, you can set about making any changes you want on a device or user level. Normally at this point I remove UWP apps as specified in this article. However, as this post is merely about the user perspective, here are some of the things I tend to do here:-

  • Set background and branding
  • Set Explorer to show file extensions
  • Set File Explorer to open at “my PC” instead of “Quick Access”
  • Set the Start Tiles as required
  • Set desktop icons as required (add My Computer and Control Panel)
  • Set Taskbar Pinned Items as required
  • Set browser homepage and search options

After this, we just need to do a quick bit of tidying up. Simply run this command to grab a copy of the Start Tiles layout to deploy to new users. Run it from an elevated PowerShell session

Export-StartLayout -Path $ENV:LOCALAPPDATA\Microsoft\Windows\Shell\LayoutModification.xml

Once you’ve got this done, you need to create an answer file for sysprep to read to tell it what to do. You can either create one using Windows tools, or simply steal the pre-canned one I have prepared here πŸ™‚ If you’re just interested in running with the pre-determined version, skip ahead to the section marked “Pre-canned answer file”

If you want to do this manually, download and install the Windows ADK, the 1803 version is currently available from this link. Next, install the Deployment Tools option from the ADK only.

Make sure you’ve got your Windows 10 source files available. You will need read/write access to the source files for Windows , so take a copy of the install.wim file from the \sources folder and put it somewhere you can access it with Read/Write permissions.

Once this has completed, run Windows System Image Manager from the Start Menu. From the File menu, choose New Answer File. Click on Yes and locate the install.wim file from your Windows image. Click on Yes to create a catalog file.

Now, we can go to work to customize the answer file as required. Under Components in the bottom left pane, select the folder that starts with amd64_Microsoft-Windows_Shell-Setup (or x86_Microsoft-Windows_Shell-Setup if you’re on a 32-bit platform), select it and choose Add Setting to Pass 4 specialize

Next you will see this is now added to the Answer File section in the middle pane. Expand this out and set the CopyProfile flag on the right-hand pane to True

You can set any of the other options within the answer file as you wish, but this one is the only one we actually need. Once finished, validate the answer file by using Tools | Validate answer file, then save it somewhere as an .xml file. In this case, we are just saving to c:\unattend.xml.

You can then open the file up in a text editor if required and check it.

Pre-canned answer file

If you want to avoid all this mess, here’s a pre-made answer file I use on a regular basis πŸ™‚ Items highlighted in bold you may need to check to match your environment, but otherwise you should just be able to copy and paste into an text file and use it with impunity!

<?xml version=”1.0″ encoding=”utf-8″?><unattend xmlns=”urn:schemas-microsoft-com:unattend”>
<settings pass=”specialize”>
<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64” publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”” xmlns:xsi=””>
<cpi:offlineImage cpi:source=”wim:D:/sources/install.wim#Windows 10 Enterprise” xmlns:cpi=”urn:schemas-microsoft-com:cpi” />

Watch out – these lines may wrap.

So once you’ve created your answer file, either manually or using the one above, you now need to run sysprep. Open up an elevated command prompt and run this command

c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown /unattend:c:\unattend.xml

Naturally, replacing the correct path to your own answer file.

An interesting aside – sometimes I get an error here that directs me to the sysprep log (setupact.log), and I commonly find this happens when I have been removing UWP apps at this stage. If you have removed a provisioned app that still exists in the user profile, sysprep will fail. You need to make sure any provisioned apps removed using Remove-AppxProvisionedPackage have also been removed from the active user account using Remove-AppxPackage. Also it is possible to get an error here if the Windows Media Player Network Sharing Service is running.

Once this is run, sysprep will do its stuff and then shut down the image

The system is now shut down and ready for image deployment with your custom default profile baked-in, but what I usually find is that the default profile will be a bit bloated and contain some references that are not necessary (like PowerShell command history, for instance). To get around this, I run the following script either during imaging or post-imaging just to ensure that the default profile is fully tidied up and as streamlined as possible. There are batch commands in here but they will run from PowerShell without issue, it does however need to run elevated.

takeown /f c:\users\default\appdata\local\Microsoft\WindowsApps /r /a /d Y
icacls c:\users\default\appdata\local\Microsoft\WindowsApps /grant Administrators:F /T /C /L
get-childitem C:\Users\Default\AppData\LocalLow -force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Local\Microsoft\Windows -exclude “Shell”,”WinX” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Local\Microsoft -exclude “Windows” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Local -exclude “Microsoft” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Roaming\Microsoft\Windows -exclude “Start Menu” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Roaming\Microsoft -exclude “Windows” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
get-childitem C:\Users\Default\AppData\Roaming -exclude “Microsoft” -Force | foreach ($_) {remove-item $_.fullname -force -recurse -confirm:$false}
Get-ChildItem c:\users\default -Filter “*.log*” -Force | Remove-Item -Force
Get-ChildItem c:\users\default -Filter “*.blf*” -Force | Remove-Item -Force
Get-ChildItem c:\users\default -Filter “*.REGTRANS-MS” -Force | Remove-Item -Force

This script will strim your default profile from around 125MB to about 4MB. Now, you are ready to deploy the image fully using your default profile that you have customized!


Setting up the default profile is an easy way to make general customizations, improve logon times, and make the whole user experience a lot more slick. It also cuts down on the amount of baseline policies that are required for the user environment, as they can be baked in. Ideally, this process should be repeated for each new iteration of Windows 10 feature releases.

You can also, if you wanted to, centralize the deployment of your default profile by copying the profile you created into a folder in the NETLOGON share and calling this folder Default User.v6 (for Windows 10 1703 and above, prior Windows 10 versions use the suffix .v5). In this situation, you could make changes in one location and have them reflected everywhere (assuming that DC connectivity is available for the client).

11,067 total views, 6 views today


  1. Awesome write up. I tried to use your canned unattend.xml file and found when copy and pasting it out I notice the ” s look weird. I had to back them all out and retype them and then everything started working.

  2. Hi James, excellent piece here as I’m trying to get my head around building a custom win 10 pro image for the organisation. Does it make any sense on having applications installed while CTRL SHIFT F3 as I would need to pin them to start for all users?

    Thanks again,

  3. Nice tutorial!
    We are stuck in the phase where the sysprepped image starts again and the “specialize” phase is executed.
    The displayed error is “Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].”

    C:\windows\Panther\UnattendGC\setupact.log shows “Error [Shell Unattend] CopyProfileDirectory from C:\Users\Administrator failed (0x80070070) ”

    I even tried with clean install in audit mode (no modifications or cutomizations) and still the same result.
    We use a very simple unattend.xml like the one in this tutorial.
    What could be wrong?

    1. Hi Sven

      Have you checked the permissions on the source administrator profile directory? Is the formatting OK in the unattend.xml file (if you’ve copied it from somewhere, the characters may have come across badly)? There are generally only a few tags at that particular section. Is CopyProfile definitely set to True?

      1. I didn’t change the permissions on the source administrator profile. I’ve used Ctrl-Shift-F3 for Audit mode and from there the “sysprep /oobe /generalize /shutdown /unattend:c:\unattend.xml” command.
        Otherwise no special actions or customizations.

        The unattend.xml is generated with the deployment tools as discribed in the tutorial and is very simple:


        1. Very strange then, I’d possibly try with a pre-canned XML file to see if you get the same behaviour (although be careful with the character types if you’re using mine)

          1. Strange, I took your pre-canned XML and it works!
            I see no difference with my XML except the order of the attributes in the line “”

            Thanks a lot!

    2. I saw this somewhere else, I’d double check your file, you may be using the wrong character set.

      “Your unattend.xml is in the UTF-8 with BOM but the Windows setup needs UTF-8 WITHOUT BOM”

  4. Hi James, Thanks so much for taking the time to put this article together.

    I’ve been trying to build my own image, I’ve installed MS Office and some other software then ran decrapifierv1803 and it all goes well. Created the answer file and ran sysprep without any faults BUT when i start up again, it loads the drivers … takes quite a while, prompts me with regional settings then Fails.
    ” Why did my PC restart ? Theres a problem thats keeping us from getting your PC ready….”

    Ive managed to pull out the logs but i have no idea what i should be looking for, any ideas ?

    1. Hmmm….not happened to me. Only thing different is the use of decrapifier, have you tried running a different optimization tool like the Citrix or VMware ones?

  5. Hi James

    I can’t seem to customize the taskbar without activating Windows. We use AD activation for win10 Enterprise and as machine is not domain joined i can’t get past this.

    How do you get around this?

    1. Hi Rob

      This only seems to happen to me if I restart Windows from Audit Mode and return to the same mode. First boot, it allows me to customize fine despite not being activated.

  6. Hi James,

    We wanna use mandatory profiles for our RDSH server 2016 environment, does this work the same way with windows 10 & server 2016? The old-fashioned way of creating mandatory profiles just doesn’t seem to work anymore for server 2016..


    1. It should, just there are some subtle differences – Server 2016 uses the TileDataLayer database still for Start Tiles, so if you’re messing with that, you might have to adapt slightly. But otherwise should be pretty much the same.

  7. I am utilizing the copy profile option and I have a pause in my MDT TS. I am noticing the profile to be around 300-400MB after making my modifications and resuming the TS to capture the .WIM. This unfortunately results in a large default profile (in addition to OneDrive not working properly). I have tried using the profile cleanup script however it put a question mark on the default profile size which I’m assuming will be the same for every user that logs in. Any ideas on the question mark issue? It’s almost like it corrupts things. Thanks!

    1. Hmmm, I’ve seen that question mark before, it usually means the permissions are inconsistent and SYSTEM can’t read it. Not sure that my cleanup script put the ACL in for SYSTEM, that might be something to check?

      1. Not sure what you mean specifically. If you can advise it would be greatly appreciated as I would love to use your script. Anything I can do to trim this profile down. It’s currently at 514mb. The only things I’ve done are remove modern apps and setting some local GP options. Not sure why it’s so high in size. Thank you

  8. Greetings.

    Thanks for the write up but I have a Dell 5490 that I’m installing Win10 Enterprise from a thumb drive. I follow the directions but I’m not finding an install.wim but see a boot.wim in the thumb drive. Where should I find the install.wim?

      1. I used a ISO to USB software and I didn’t see it but then again I booted off that USB stick. After you finish the build in audit mode, if I reboot it goes back to audit mode. How do I get it to continue setting up the unit?

  9. Thanks for this great procedure James and your related videos for a similar process with 1703.
    However, I have a few issues with cleaning up the Provisioned Apps as most of them apart form 2 or 3 produce an error and won’t remove. If I leave these installed and then SysPrep the machine, my Default profile is 175mb. I then ran the script to be-bloat the profile which reduces it down to under 2MB. This issue i then get is that when the profile is copies, the User.dat file does not get copied across which it normally does if I don’t de-bloat the profile?

    1. The ntuser.dat is usually a Hidden System file, is the de-bloat script changing the attributes so it can’t be copied?

      1. I checked all that and have even added specifics permission for logged on user but still won’t copy. I’m tryign again on a different PC as when you see the profiles in the Advanced System Propertis, it is showing the Default Profile size as ‘?’. It only did this after the de-bloat script ran.
        I will confirm the results from my other PC before end of the week.

  10. Hello James, For the command to export the start tiles layout “Export-StartLayout -Path $ENV:LOCALAPPDATA\Microsoft\Windows\Shell\LayoutModification.xml”, is there anything else we need to do, to make sure the new users get the saved tiles? Thank you for your time.

      1. From what I’ve noticed, when a regular user logs in and they attempt to look at Display settings or any other settings, it takes a long time for the box to appear. When an Admin or related account logs in, there is no issue. I’ve read on other forums that it “breaks” when Copy Profile is used.

  11. Any idea what causes the default profile to display a question mark for size in User Profiles under Advanced System Settings? Seems to be hit or miss in my lab on when that appears.

    1. Probably permissions. Try taking ownership of the filesystem and make sure Everyone has RX perms. I think my script is a little screwy and needs a couple of perms-related updates πŸ™‚

  12. I do have a question regarding the Copy Profile. As I said, I found that it “breaks” in W10 Version 1803 and others say it doesn’t. Are people using the “Copy Profile” in the unattend.xml file that is on the server as part of the Task Sequence or the “copy profile” option that is under the properties of the “Computer”? You know, right-click Computer, click Properties, click Advanced System Settings, go under User Profiles\Settings and copy the profile that way.
    I’m interested to see which one people are doing.

  13. Silly question…does the Windows ADK get installed on the reference PC, or a separate/management PC , or does it even matter?


Leave a Reply

Your email address will not be published. Required fields are marked *