Create a local user or administrator account in Windows 10

You can create a local user account (an offline account) for anyone who will frequently use your PC. The best option in most cases, though, is for everyone who uses your PC to have a Microsoft account.

If needed, the local user account can have administrator permissions; however, it’s better to just create a local user account whenever possible.

Caution: A user with an administrator account can access anything on the system, and any malware they encounter can use the administrator permissions to potentially infect or damage any files on the system. Only grant that level of access when absolutely necessary and to people you trust.

As you create an account, remember that choosing a password and keeping it safe are essential steps. Because we don’t know your password, if you forget it or lose it, we can’t recover it for you.

If you’re using Windows 10, version 1803 and later, you can add security questions as you’ll see in step 4 under Create a local user account. With answers to your security questions, you can reset your Windows 10 local account password. Not sure which version you have? You can check your version.

Create a local user account

Select Start > Settings > Accounts and then select Family & other users. (In some versions of Windows you’ll see Other users.)

Select Add someone else to this PC.

Select I don’t have this person’s sign-in information, and on the next page, select Add a user without a Microsoft account.

Enter a user name, password, or password hint—or choose security questions—and then select Next.

Change a local user account to an administrator account

Select Start > Settings > Accounts .

Under Family & other users, select the account owner name (you should see «Local Account» below the name), then select Change account type.

Note: If you choose an account that shows an email address or doesn’t say «Local account», then you’re giving administrator permissions to a Microsoft account, not a local account.

Under Account type, select Administrator, and then select OK.

Sign in with the new administrator account.

Customize the default local user profile when you prepare an image of Windows

This article describes how to customize the default local user profile settings when you create an image in Windows 7.

Original product version: В Windows 7 Service Pack 1, Windows Server 2012 R2
Original KB number: В 973289

Summary

After you deploy the image, the default local user profile settings are applied to all new users who log on to the computer.

To customize a default user profile or a mandatory user profile, you must first customize the default user profile. Then, the default user profile can be copied to the appropriate shared folder to make that user profile either the default user profile or a mandatory user profile.

When the default user profile is customized as described in this article, it reconstructs the source profile in a format that is appropriate for use by multiple users. This is the only supported method of customizing the default user profile for the Windows operating system. If you try to use other methods to customize the default user profile, it may result in extraneous information being included in this new default user profile. Such extraneous information could lead to serious problems with applications and system stability.

This article supersedes all previously published procedures about how to customize default local user profiles when you prepare images.

Customize a default user profile

The only supported method for customizing the default user profile is by using the Microsoft-Windows-Shell-Setup\CopyProfile parameter in the Unattend.xml answer file. The Unattend.xml answer file is passed to the System Preparation Tool (Sysprep.exe).

Step 1: Configure the default user profile

Log on to Windows by using the built-in local Administrator account.

You cannot use a domain account for this process.

Open the User Accounts control panel, and remove all added user accounts except for the one Administrator-level user account that you used to log on to Windows.

Configure the settings that you want to copy to the default user profile. This includes desktop settings, favorites, and Start menu options.

Customizing the Start menu and the Taskbar is limited in Windows 7.

Step 2: Create an Unattend.xml file that contains the Copy Profile parameter

Create an Unattend.xml file that contains the Copy Profile parameter ( Microsoft-Windows-Shell-Setup\CopyProfile ). By using this Copy Profile parameter, the settings of the user who is currently logged on are copied to the default user profile. This parameter must be set to true in the specialize pass.

Windows System Image Manager (Windows SIM) creates and manages unattended Windows Setup answer files in a graphical user interface (GUI).

Answer files are XML-based files that are used during Windows Setup to configure and to customize the default Windows installation.

Use the Windows System Image Manager tool to create the Unattend.xml file. The Windows System Image Manager tool is included as part of the Windows Automated Installation Kit (Windows AIK). Obtain the AIK for your operating system from one of the following websites:

For more information about Windows AIK, see Windows Automated Installation Kit (AIK). Directions about how to create an answer file can be found in the Help information that is included with Windows AIK. For more information about how to create an answer file, see Work with Answer Files in Windows SIM.

Step 3: Customize the default user profile in the Unattend.xml file

Open an elevated command prompt. To do this, click Start, type cmd in the Search box, right-click cmd in the Programs list, and then click Run as administrator.

If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

At the command prompt, type the following command, and then press ENTER:

Sysprep.exe is located in the %systemdrive%\Windows\System32\sysprep directory.

To confirm that the CopyProfile command successfully completed, open the %systemroot%\panther\unattendgc\setupact.log file.

Search for lines that resemble the following (in the specialize pass):

[shell unattend] CopyProfileDirectory from c:\Users\Administrator succeeded.
[shell unattend] CopyProfile succeeded.

This line confirms whether the CopyProfile command succeeded and which user profile was copied to the default user profile.

Capture the image.

Deploy the image. For more information about how to use Sysprep to capture and deploy an image, see Sysprep Technical Reference.

• You must use the /generalize switch with sysprep.exe so that the Copy Profile parameter can be used. The /unattend option is used to point to the desired Unattend.xml file. Therefore, in this example, the Unattend.xml file is located in the c:\answerfile folder.
• The built-in administrator account profile is deleted when you perform a clean Windows installation or when you run the Sysprep tool. The CopyProfile setting is processed before the built-in administrator account is deleted. Therefore, any customizations that you make will appear in the new user account profile. This includes the built-in administrator account profile settings.
• If there are multiple user profiles, Windows sysprep may select an unexpected profile to copy to the default user profile.
• Not all customizations will propagate to new profiles. Some settings are reset by the new user logon process. To configure those settings, use Group Policy settings or scripting.

What to consider if you use automated image build and deployment systems

When you use tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, the CopyProfile setting is not required when you run the Sysprep command. These tools usually replace or change the Unattend.xml file after the image is deployed to the disk but before the operating system has started for the first time after you run the Sysprep command. Therefore, the Unattend.xml file that is used in the Microsoft Deployment Toolkit or System Center Configuration Manager deployment process must contain the CopyProfile setting.

If you set the CopyProfile setting to true when you run Setup from the Windows 7 installation media during the image build process, the administrator profile settings may be unintentionally copied into the default user profile. The administrator profile settings are typically present in the Install.wim file on the installation media.

Turn the default user profile into a network default user profile

To turn the default user profile into a network default user profile, follow these steps:

Use an account that has administrative credentials to log on to the computer that has the customized default user profile.

Use the Run command to connect to the NETLOGON shared folder of a domain controller. For example, the path resembles the following:
\\ \NETLOGON

Create a new folder in the NETLOGON shared folder, and name it Default User.v2.

Click Start, right-click Computer, click Properties, and then click Advanced system settings.

Under User Profiles, click Settings. The User Profiles dialog box shows a list of profiles that are stored on the computer.

Select Default Profile, and then click Copy To.

In the Copy profile to text box, type the network path of the Windows default user profile folder that you created in step 3. For example, type the path \\ \NETLOGON\Default User.v2 .

Under Permitted to use, click Change, type the name Everyone, and then click OK.

Click OK to start to copy the profile.

Log off from the computer when the copying process is completed.

Turn the default user profile into a mandatory user profile

You can configure the default local user profile to become a mandatory profile. By doing this, you can have one central profile that is used by all users. To do this, you have to prepare the mandatory profile location, copy the local default user profile to the mandatory profile location, and then configure a user’s profile location to point to the mandatory profile.

Step 1: Prepare the mandatory profile location

On a central file server, create a new folder or use an existing folder that you use for roaming user profiles. For example, you can use the folder name Profiles:
\Profiles

If you are creating a new folder, share the folder by using a name that is suitable for your organization.

The share permissions for shared folders that contain roaming user profiles must enable Full Control permissions for the Authenticated Users group. The share permissions for folders that are dedicated to storing mandatory user profiles should enable Read permissions for the Authenticated Users group and enable Full Control permissions for the Administrators group.

Create a new folder in the folder that is created or identified in step 1. The name of this new folder should start with the logon name of the user account if the mandatory user profile is for a specific user. If the mandatory user profile is for more than one user, name it accordingly. For example, the following domain has a mandatory profile, and the folder name begins with the word mandatory:
\Profiles\mandatory

Finish naming the folder by adding .v2 after the name. The example that is used in step 3 has the folder name mandatory. Therefore, the final name of the following folder for this user is mandatory.v2:
\Profiles\mandatory.v2

Step 2: Copy the default user profile to the mandatory profile location

Log on to the computer that has the customized local default user profile by using an account that has administrative credentials.

Click Start, right-click Computer, click Properties, and then click Advanced System Settings.

Under User Profiles, click Settings. The User Profiles dialog box shows a list of profiles that are stored on the computer.

Select Default Profile, and then click Copy To.

In the Copy profile to text box, type the network path of the Windows default user folder that you created in the Step 1: Prepare the mandatory profile location section. For example, type the following path:
\\ \Profiles\mandatory.v2

Under Permitted to use, click Change, type the name Everyone, and then click OK.

Click OK to start to copy the profile.

Log off from the computer when the copying process is completed.

On the central file server, locate the folder that you created in the Step 1: Prepare the mandatory profile location section.

Click Organize, and then click Folder options.

Click the View tab, click to select the Show hidden files and folders check box, click to clear the Hide extensions for known file types check box, click to clear the Hide protected operating system files check box, click Yes to dismiss the warning, and then click OK to apply the changes and close the dialog box.

Locate and right-click the NTUSER.DAT file, click Rename, change the name of the file to NTUSER.MAN, and then press ENTER.

Previously it was possible to copy profiles by using the System Control Panel item. This copy to default profile option is now disabled as it could add data that made the profile unusable.

Step3: Prepare a user account

As a domain administrator, open the Active Directory Users and Computers management console from a Windows Server 2008 R2 or Windows Server 2008 computer.

Right-click the user account to which you want to apply the mandatory user profile, and then click Properties.

Click the Profile tab, type the network path that you created in the Step 1: Prepare the mandatory profile location section in the profile path text box. However, don’t add .v2 at the end. In our example, the path would be as follows:
\\ \Profiles\mandatory

Click OK, and then close the Active Directory Users and Computers management console. The user will now use the customized mandatory user profile.

Still need help

If this article does not answer your question, ask a question and pose it to other community members at Microsoft Community.

Resources

If you are having issues logging on to a user profile, see the website: