Configuring Standard User Accounts

Applies To: Windows 7, Windows 8

The first step to configure the shared computers for Blue Yonder Airlines is to configure user accounts on each computer. Because the company has a network of computers running Windows Server® 2008 R2, and the employee user accounts are listed in Active Directory®, Ben does not need to configure user accounts on the computers that employees will share. He simply needs to avoid adding user accounts to the local Administrators group. Domain users are members of the Standard Users group by default. This will isolate users so that they cannot change system files or settings, and they cannot access other users’ files or settings.

Ben needs to create user accounts for computers that guests will share. The best way to define these accounts is based on roles. For example, a school might define three roles—students, teachers, and staff—and then configure each shared account as appropriate. A library might configure patron and staff roles. Ben needs only one named ByaGuest. Rather than creating this account in Active Directory, he will create an account on each computer and then configure the computers to automatically log on by using the ByaGuest account.

To create a local user account

  1. On the shared computer, open Computer Management from the Administrative Tools folder (accessible from Control Panel by clicking System and Security and then Administrative Tools). If Windows prompts you for an administrator password or confirmation, type the password or confirm that you want to continue.

  2. In the console tree, click Local Users and Groups and then click Users.

  3. On the Action menu, click New User.

  4. In the New User dialog box (shown in Figure 1), type a user name, description, and password.

Figure 1 Creating a new user account

  1. Select the User cannot change password and Password never expires check boxes to ensure continuous access to the shared account then click Create.

  2. If you want to create more than one user account, repeat the preceding steps for each user account, and then click Close.


When you create user accounts for individual users, do not select the User cannot change password check box. However, when you create shared, role-based user accounts, select this check box to prevent users from changing the password and to prevent other users from accessing the shared computer. Additionally, select the Password never expires check box to ensure continuous access to the shared account.

In addition to creating standard user accounts, you can configure them to use customized settings when users first sign on to the computer. Windows stores users’ files and settings in user profiles, which are separated from system settings. By default, Windows stores these user profiles in C:\Users, creating one subfolder for each user who logs on to the computer. The first time a user signs on to the computer, Windows creates the user’s profile folder by copying the default user profile from C:\Users\Default to the user’s profile folder.

Configuring default user profiles is an easy way to configure new user accounts. However, they aren’t appropriate for all settings. Default user profiles are a great and simple way and to configure preferences that you want to allow users to change. They are not appropriate for settings that you want to control. For these, use Group Policy settings. For more information about configuring policies, see the section titled Configuring Group Policy Settings in this document.

To create a default user profile

  1. Log on to a computer running Windows 8 or Windows 7 as a member of the local Administrator group. Do not use a domain account.


Use a lab or extra computer running a clean installation of Windows 8 or Windows 7 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). The process these steps describe removes all domain accounts from the computer, including user profile folders. After creating the default user profile, you can copy it from C:\Users\Default to a network location or to a removable storage device.

  1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background.

  2. Create an Unattend.xml file that sets the CopyProfile parameter to True. The CopyProfile parameter causes Sysprep to copy the currently logged-on user’s profile folder to the default user profile. You can use Windows System Image Manager, which is part of the Windows Automated Installation Kit (Windows AIK) to create the Unattend.xml file. For more information, see How to Customize the Default User Profile by Using CopyProfile, or Windows Automated Installation Kit for Windows 7.

  3. At a command prompt, type the following command and press ENTER:

    sysprep /oobe /reboot /generalize /unattend: unattend.xml

    (Sysprep.exe is located at: C:\Windows\System32\sysprep)

  4. Complete the out-of-box experience, and then log on to the computer by using an account that has local administrator privileges.

  5. Click Start, type user profile, click Settings (if on Windows 8), and then click Configure advanced user profile properties.

  6. In the User Profiles dialog box (shown in Figure 2), click Default Profile, and then click Copy To.

    Figure 2  Copying the default user profile by using the User Profiles dialog box

  7. In the Copy To dialog box, do the following:

    1. In the Copy profile to text box, type the path of the location where you want to save the default user profile.

    2. Under Permitted to use, click Change, type Everyone, and then click OK.

  8. Click OK to copy the default user profile.


Other methods of creating default user profiles exist. For example, you can click the Copy To button on the User Profiles dialog box to copy a user profile folder to the default user profile. However, the steps that this section describes are the only steps that Microsoft supports for customizing a default user profile. These steps clean the source user profile so that it supports multiple users. For more information, see How to customize default user profiles in Windows 7 and in Windows Server 2008 R2.