Today I would like to talk about an issue I faced recently. I think many of our customers are still using the "CopyProfile" setting available in the answer file (unattend.xml) to copy the built-in administrator profile to the default profile. That way, when a new user is created on that machine, it will get all the customization done on the administrator profile.
Before explaining how to solve that issue, I strongly recommend avoiding using CopyProfile and doing all the customization during the deployment using task sequences for instance.
The recent issue I faced is IE11 (with Protected mode enabled) crashing continuously on Windows 10 computers where CopyProfile has been used.
The reason for those crashed has been identified and it appears that after running sysprep with copyprofile setting enabled, all of the Low Mandatory Level ACL of "%userprofile%\AppData\LocalLow" folder are missing.
There's 2 solutions whether you have already deployed computers using copyprofile or if you want to solve that issue proactively on not yet deployed computers.
For already deployed computers
Deploy through script under the user context the following command line to add the missing permissions:
icacls %userprofile%\appdata\locallow /setintegritylevel (OI)(CI)L
icacls %userprofile%\appdata\locallow\microsoft /setintegritylevel (OI)(CI)L
icacls "%userprofile%\appdata\locallow\microsoft\Internet Explorer" /setintegritylevel (OI)(CI)L
For computers not yet deployed
For computers which are not yet deployed, we can solve that issue editing the master image. After having captured your master image, delete the following folder:
You can also do that during the final image deployment within a MDT/SCCM task sequence. To do that, you just need to be aware that the RD (rmdir) command line cannot delete hidden folder. In our case, "Default" and "AppData" folders are both hidden. To automate the deletion of the LocalLow folder, we need to unhide, delete then hide again the concerned folders.
Here is a sample script to delete LocalLow folder:
ATTRIB -H "C:\Users\Default"
ATTRIB -H "C:\Users\Default\AppData"
rd /Q /S "C:\Users\Default\AppData\LocalLow"
ATTRIB +H "C:\Users\Default\AppData"
ATTRIB +H "C:\Users\Default"
Hope it will help solving the IE crash issues on computers where CopyProfile has been used 🙂
Good Windows 10 deployment to everyone!!