I have a few laptops here that need to have some users profiles preloaded onto them before sending them out in the field so that they can log into them without needing to be connected to the domain controller. I have done some research on Spiceworks and some Google'ing with no luck.
Is there a way to initialize these accounts on the laptops so that when they go out in the field they are able to login? I do not want to ask all the users to log into each laptop once as that is an inconvenience.
The laptops are all running Windows 7 Professional x64 and the domain controller is on a Windows Server 2008 x64 SP2 server.
Best Answer
This is not possible using any supported methods. However:
you can provision the profile, it's just a directory, and a registry key structure under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
. Both are easily copied from a machine they've already logged into. You can also use the Default user profile directory if you don't have one already. Be sure to check permissions on the directory when you're done copying.Their password is a hash stored in a registry entry in
HKEY_LOCAL_MACHINE\SECURITY\Cache
. This can again by copied from a machine they've logged into already. You'll need the psexec utility from the SysInternals suite; runpsexec -i -s -d regedit
or you wont be able to access the SECURITY hive of the registry.Also, there may be multiple keys cached in that directory. I'd generically suggest either pulling the hash from a machine where the user is the only person to log-on, or a limited set of users; or using a cracking program to identify which hash belongs to the user in question. I wont provide any more detail on the latter method, as it should be easy to find information on the Internet.