1

We have about 15 people who use our conference room with a large TV and a Logitech unit with a camera and audio for meetings. The users have Teams and setup their own meetings, but we also connect to meetings using GoToMeeting, Webex, Ring Central, Zoom etc. Even some odd classroom and testing type meetings too.

I currently have an older W10 pc in the room and it has gotten slow and needs to be replaced. I started to set up a new pc but realized with W11 here are more issues.

I thought about a single login but we have documents that need to be secure and we don’t want the users to leave behind something they shouldn’t.

Here is what I see as givens:

Each user has their own AD login.
-Each user needs access to O365 online for Teams and Outlook. But also needs to be able to open Word and Excel files from our servers. I would prefer no copies being made to the cloud.
-Access to Network drives for file access and storage.
-W11 has a lot of Bloatware that I was trying to come up with a way to remove it BEFORE the users log in. Have not found a way.
-I would like to Turn off things in the Taskbar Settings and Lock Screen status apps for all users.
-I would like to set some Edge settings for all users Before they login.
-Turn off things like One drive for users BEFORE they login.

I am trying to be able to have the user’s login and no apps start running except when they click on it or set it to run on startup like maybe Teams.

Is there a way to set up one login and then copy and rename it?? Or another way to accomplish my goals.

Any help is appreciated.

5 Spice ups
2

Hello Maria,

In my conference rooms, we have dedicated PCs that auto-login to local accounts and push the room audio and video. Users then bring their laptops into the conference rooms and join the room equipment in a Teams meeting and are able to present the files they have access to without them being stored on the room PC. We use SharePoint versus file shares, but no access is granted to the room PC directly.
PC Decrapifier was my go-to for bloatware removal, but I haven’t used it in a couple of years.

4 Spice ups
3

We have a meeting room available to he general public. We use the Crestron solution, which does NOT make a computer available to them. They just bring their own laptops, like Joe said.

I think decrapifier is gone now. I use BCUninstaller. There’s a version you don’t have to install, just run it off a thumb drive.

If I were to provide a public use PC there, I would definitely get DeepFreeze on that computer, because users do crazy stuff and they will definitely muck it up. For in-house staff, there must be some Intune stuff you can do to keep it clean. It would be nice if you could “educate” people on being safe, but we all know that never works.

4

For Joe1043: WE have desktop for all users - no laptops and unfortunately Pc Decrapifier is not longer available. I thought that may be a good solution and got excited for a minute but the website says they not longer allow download. :frowning:

5

Looking at the BCUninstaller…this looks good too. Does it work for future logins to the pc?

Any idea what version works off the USB?

Believe it or not, that the pc that is there now has worked well for a while. No one has screwed it up really. It is just getting old and even though I cleaned it up, it has just has gotten too slow for some users.

I don’t want to place a new one there and it be slow due to the Windows bloat and what ever it may try to open on login. I don’t want to setup 15 users logins. Trying to find a good solution.

1 Spice up
6

For BCUninstaller, if you want the non-installed version, look for “portable.” Basically you unzip it and put it all in a folder, then run the BCUninstaller.exe file.
Revo Uninstaller is also a good tool, but I think their portable version is pay-to-play.

Have you tried the MS Windows Installation Media utility? You can install a clean, fresh from MS version of Windows. You do have the hassle of rounding up HDD and Network drivers, though. Other than that, it’s a clean install.
Here’s a doc from MS on using intune to keep those profiles clean.
Windows 10/11 settings to manage shared devices using Intune

7

Some of these things should be handled via group policy. Alternatively if you have Intune, through a policy there. For example, mapping drives, turning off OneDrive. For OneDrive it should be

Computer Configuration\Administrative Template\Windows Components\OneDrive
“Prevent the usage of OneDrive for file storage” should be Enabled

For Microsoft Edge:

Configure Microsoft Edge for Windows with policy settings | Microsoft Learn

For debloat, came across this one recently:

Give that one a look. I’ve not personally tried it, so your mileage may vary.

If need be you could just stick this machine (and any others like it) in a sub OU and apply the GPO just to that new OU.

8

There are so many thing that you want…but then you should have a lock down machine as you only have 15 people.

This is what I have set up for my smaller organizations

  1. Domain Joined PC but using a local user account (all bloatware & crapware removed for that user)
  2. PC is logged on using autologin and with simple password (123456) in case of Windows screens saver or Windows login required
  3. We use Chrome for all web-based ERP, eHR, email, Google Chat etc (set to clear cookies & history when browser is closed)
  4. UNC shortcuts are on desktop to file servers (users were told not save their passwords)
  5. There is a wall paper “DO NOT SAVE FILES” to remind users
9

Taking so many requirements into consideration, please consider the solutions below:

1. User Profiles and Security

Active Directory (AD) Logins: Ensure each user has their own AD login. This will help maintain security and individual access to necessary resources.
Group Policies: Use Group Policy Objects (GPOs) to manage user settings and security policies. This can help enforce rules like disabling OneDrive, setting Edge settings, and managing taskbar settings.

2. Removing Bloatware

Windows 11 Debloater: Use tools like Windows10Debloater (which also works for Windows 11) to remove unnecessary apps and bloatware. This can be done before users log in.
Custom Image: Create a custom Windows 11 image with all the necessary settings and applications pre-configured. This image can be deployed to the new PC.

3. Configuring User Settings

Taskbar and Lock Screen: Use GPOs to configure taskbar settings and lock screen status apps. You can find these settings under User Configuration > Administrative Templates.
Edge Settings: Configure Edge settings via GPOs or by using the Edge administrative templates available from Microsoft.

4. Managing Startup Applications

Startup Programs: Use Task Manager or GPOs to manage startup applications. Ensure only essential apps like Teams are set to run on startup.
Script Automation: Create scripts to automate the setup process for each user. PowerShell scripts can be particularly useful for this.

5. Network and File Access

Network Drives: Map network drives via GPOs or login scripts to ensure users have access to necessary files without storing them locally.
Office 365 Access: Ensure users can access Office 365 online and configure Office applications to save files directly to network drives instead of the cloud.

6. Single Login and Profile Management

Default User Profile: Configure a default user profile with all the necessary settings. This profile can be copied to new user profiles when they log in for the first time.
User Profile Management: Use tools like User Profile Wizard to migrate and manage user profiles efficiently.

7. Additional Tips

Regular Maintenance: Schedule regular maintenance tasks to keep the system running smoothly, such as disk cleanup and updates.
User Training: Provide training for users on how to use the new system and best practices for security and file management.

By following these steps, you can create a streamlined and secure environment for your conference room PC, ensuring that all users have a consistent and efficient experience.

10

Thanks, Partrick, for your input. I also saw the Win11Debloat. Can you tell me if I would just be downloading the one PowerShell file called Win11Debloat.ps1? And then editing as I see fit, I guess. And it looks like Alex posted another PowerShell script to do something similar.

Thanks Adrian and especially Alex for the extensive reply. To be clear we already have Ad logins, am doing some settings in GPO, have mapped drives thru GPO/DFS and we do regular maintenance and updates.

Alex you mention in Single Login and Profile management – Configure a default user profile with all the necessary settings. This profile can be copied to new user profiles when they log in for the first time. Do you have a link on how to do that? User Profile Wizards seems to move from pc to pc. Is that right or can it copy the profile on the same pc for a new user?

11

You can achieve the functionality of automatically copying a profile when a new user logs in for the first time by configuring a default user profile. Here are some relevant resources and steps:

1. Configure the Default User Profile:

a. Set up a user account and configure all necessary settings.

b. Copy this user profile to the default user profile location.

c. Ensure that when a new user logs in for the first time, the system automatically copies the settings from the default user profile.

2. Using Group Policy:

a. You can manage user profiles using Group Policy. Through Group Policy Objects (GPO), you can specify the path and other settings for user profiles.

b. Refer to Profile Management policy descriptions and defaults for more details on profile management.

3. User Profile Wizard:

a. User Profile Wizard is typically used to migrate user profiles from one PC to another, but it can also be used to copy profiles for new users on the same computer.

b. You can use User Profile Wizard to copy an existing profile to a new user profile.

12

I really like the idea on the first option “Configure the Default User Profile” - this would work best I think for the situation. However, User Profile Wizard doesn’t see the Default Profile - at least not the free version. Does one of the pay version allow me to coy to the default? What other options do I have for creating a profile and then coping it into the default profile?

13

After I learned about it, If you prefer not to use paid tools, the manual methods or leveraging Sysprep may be helpful to you. They are reliable and provide control over how profiles are configured and deployed. If you encounter issues with permissions or specific settings not copying over properly, consider reviewing the permissions on the default profile folder and ensuring no files are locked or in use.

14

The only main issue I have is that all those crapware cannot be removed until the after the user have logged in. Worse is that some of the crapware gets reinstalled after come CU or version updates etc.

But why are you still using mapped drives ? If you use UNC shortcuts, users can be prompted for Domain ID & Passwords whenever they need to use resources from file servers.

You are only looking at 15 users ? For some of my Organizations, we have 200 to 12,000 users, thats where autologin or single “local” user comes in very handy. The only issue with autologin is that the password is “hidden” and maybe required to unlock the machine if logout timing kicks in…so the workaround is a simple password might be needed (or displayed).

Then maybe as my company is 99% on Google Suites & all our eHR & ERP etc are web based, thus using their Google Account and/or Domain Account respectively, they literally can use all the resources they need with Chrome and a UNC shortcut

15

I assume these 15 people have their own computer at their desk.

Here’s one idea:

  1. have a single local account on the conference computer, with Teams, etc. installed.
  2. have users login to Teams, etc. with their account and join a meeting.
  3. have users RDP into their work station and share that screen with the meeting.
16

Alex: I really like the idea on the first option “Configure the Default User Profile” but I don’t know how to set it up. I am ok with a manual method as this is just one pc. I am ok with paid tool if it is cheap. How do I setup the Default profile easily? I did some research online but nothing is simple. Is there a way to literally copy it from another user? My profile is already setup the way I want all the others.

I am leaving my drives as is. Not part of this problem. I do not want a single login. I stated the reason why previously.

17

The process of setting up default user profile on Windows computer is really not that simple, I have searched for this and got the following steps to set up default user profile on Windows computer that you can refer to:

  1. Log in with the user account you want to copy and make all the necessary settings and customizations.
  2. Switch to another administrator account, open “System Properties”, select the profile you want to copy in “User Profiles” settings, and copy it to the C:\Users\Default directory, and set the permission as “Everyone’.
  3. Make sure to back up the current default configuration file before copying in case of any problems.
  4. If you prefer an easier method, you can use a third-party tool such as the ForensiT User Profile Wizard to automate this process.
18

Alex I will try that method and let you know. I did load the ForensiT User Profile Wizard but it doesn’t allow me to see the default user to copy or overwrite. It is not in the listing of profiles stored on the computer.

19

That’s a shame indeed, that’s all I can help with, I hope you can find other ways and share them, respectfully.

20

Here are some images to help with what I am seeing:

Screenshot Profiles
Screenshot Profiles466×757 84.4 KB

If I hit a Profile in User Profiles to copy one already setup, the Copy to is grayed out.

Screenshot Default Profile
I can copy the Default Profile, if I can set it up. Copy to working.

Screenshot ForensiT
Using the ForensiT, I don’t see the Default Profile at all. I left just the beginning values in the path to show it.