Hello there, my name is Matt Call and I am an Architect working for Microsoft Services. I've spent the better part of ten years putting Windows on things with enterprises of all shapes and sizes. I specialize in Windows Deployment (using all tooling), Windows Security and the Windows Platform.
In a hope of saving the desktop management people of the world hundreds of man hours, I'm rebooting my blog and plan on discussing challenges with putting Windows on Devices. As I work through topics from my daily struggle, feel free to shoot me a mail (email@example.com) with any ideas for future posts.
Enough of that - on to this week's topic: CopyProfile and Start Menu Layout!
CopyProfile and the Start Menu - Where's my Start Menu?
Beginning with Windows 8, Microsoft added the ability to manage the Start Screen one way or another. At the time, the customer I was working with was using CopyProfile and the AppFolderLayout.bin method to distribute the custom configuration for the start layout. This held a few advantages
- It provided a pretty easy IT Pro experience - IT Pros could configure the layout the way that wanted and export the bin file. Put this bin file in a directory during image build and voila, a custom start layout.
- Users could modify the start layout - IT Pros could allow (or lock down in later versions) the start layout to be changed and retained by the users, very similar to the consumer experience - which is great!
Well, as time went on Enterprises started asking for more and Microsoft delivered several new options including GPO's, partial lockdowns, etcetera (see the blog post here for more details).
Flash forward to 2018, and Microsoft no longer supports using CopyProfile to modify the Start Layout (see links here and here) and that means IT Pros need to start migrating from the legacy CopyProfile method to Import-StartLayout. While there are other methods (like GPO/MDM/PPKG), Import-StartLayout behaves more closely to CopyProfile allowing users to have a default layout they can customize without enforcement.
PROBLEM: When using Import-StartLayout and CopyProfile it is possible to overwrite your start layout during deployment. To understand why and how to avoid it, keep reading.
CopyProfile and Import-StartLayout (if you're still using CopyProfile for Other things)
A key piece to making this whole thing work is order of operations. If we examine where Import-StartLayout puts the file - its C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml as shown below:
So that’s nice, right smack dab in the middle of the default user profile. Which means if we run CopyProfile after the start layout is imported your left with a directory that looks like this (post-deployment):
So the question becomes, where'd my start layout go?
Well - Since CopyProfile is applied at deployment time by mirroring the Administrator account, my best guess is that it is being overwritten by the contents of C:\Users\Administrator\AppData\Local\Microsoft\Windows\Shell, because after all - I asked it to copy the profile :). So to prove this I'll drop a little breadcrumb file (I know, I'm basic) and see if we can get it to carry over post copy profile:
So when I run the test again in the same fashion, applying the start layout using PowerShell and using CopyProfile at deployment time, I see this in C:\Users\Default\AppData\Local\Microsoft\Windows\Shell :
So it appears that CopyProfile is indeed overwriting the layout directory.
SOLUTION: Knowing that CopyProfile is behaving this way, an easy workaround is to run Import-StartLayout after CopyProfile runs at Deployment time (Specialize Phase). This will make sure that the Default profile has been "built" before the layout is imported, putting it in place for use the first user.
Order of Operations is Everything -
When building your deployment process you need to be aware of how you are deploying your start layout. In most cases, it will be necessary to run your Import-StartLayout process at deployment time. This will ensure that Windows has completed its CopyProfile work and you can safely inject the start layout without fear of being overwritten.
So the process should look like this:
1. Build your custom start layout
2. Run your deployment
3. In your State Restore Phase inject the Start Layout (Using Import-StartLayout)
So that’s it for this week - hopefully I can keep posting weekly with interesting items
That’s all for now -