Is there a good way to script a change to default user ntuser.dat at boot up?

I've been copying a new NTUSER.DAT in a boot script to 1000 PCs, but that seems a bit excessive. I tried simply modifiying the HKEY CURRENT USER at logon, but the settings only apply if I do them prior to logon.

Under normal circumstances, this would be fine if the user's profile stayed on the machine, but it doesn;t because the machine is running faronic's deep freeze,

I suppose I could load a hive in the boot script, change the settings, an then unload the hive, but frankly, that seems a bit daring.

I must really post hard questions, because no one ever responds.

but to leave out the desired result you would like to see makes it a one dimensional problem. And you said Default User that is a system user profile. Is that what you meant?


Also isn't this a better way?

http://technet.microsoft.com/en-us/library/bb490257.aspx

I created an image for 1000-1300 PCs. It has already been pushed, and despite 3 rounds of testing, they are just now discovering errors.

The PCs run Faronics Deep Freeze, which basically restores everything at boot. Hence everytime a user logs in, they get a new profile from the default user profile (which I have previously customized when I built it).

Each boot, a script is run that makes modifications. During the night, Deep Freeze enters a "thaw cycle" and the changes pushed in the script become permanent. Ultimately, I can copy a new ntuser.dat to the default user profile and as long as I use intelligent scripting, I can make it only happen once.

But.. (and in life there is always a but..) When 1000-1300 PCs bang into the server during the that cycle, the CPU, I/O etc goes through the roof for a while. Ideally, I'd like to push 10K of registry changes rather than a 3MB file to these devices. The problem is when it rusn these scripts it does so as .default, and not default user. To make this work, I would have to load the default user's NTUSER.DAT as a hive, make the changes, and unload the hive as part of the script. I'd like to avoid this if at all possible and was hoping there was a better way to manipulate the default user's NTUSER.DAT withough loadinding and unloading it during the boot script.

That is a lot of stuff to go through. So are you in a Windows environment? Is GPO an evil word? I mean most of this can be done through GPO with less issues. Who cares what Deep freeze does then? The policy will just load at login including any user scripts that need applied. And these can be applied in a targeted way as well. So do you use AD or not? personally i loath scripts and think they should all be shipped off to the deep ocean and buried. BTW if you are in a Windows environment Server 2008/Vista <and now XP if sp3 is deployed> you can use power shell scripts and damn near do anything you want to. Also since this seems like an extreme secure site <or like most places overkill security> why not use a profile server? Map all the users profiles to a single location and redirect? We do this for Terminal services due to disk resources. But it could work for you. Just make all users mapped to a single profile location every time. Anyway maybe i still am not getting the picture. But as you know there are a 100 solutions to this you just have to find the best one for you.

good thoughts though. Thanks.