jump to navigation

User Tiles in the Domain October 8, 2010

Posted by Micah Rowland in Uncategorized.
trackback

In a previous post, I described a solution for handling user account tiles for local accounts. A reader recently emailed me inquiring about user tiles for domain users and I realized that I had failed to cover how Windows 7 handles this and how an IT department could leverage this functionality.

For those of you who have read the previous post, you’ll remember that Windows 7 (and Vista) stores the usertile picture that is displayed on login and on the start menu in the registry buried in the SAM hive. This article assumes you have read the previous one and will only briefly reiterate key points as necessary.

For domain accounts, the story is slightly different. Domain account usertiles are not in fact stored in the registry but in a much more accessible location, C:\ProgramData\Microsoft\User Account Pictures\ . If only local accounts were so easy. But don’t worry, we’ll still have a fun time. The usertile files for each user are saved as DOMAIN+username.dat. For example, John Doe at Contoso would be stored as CONTOSO+jdoe.dat. The contents of this dat file will look very familiar to any of you who have looked at local usertiles in the registry. In fact, the hex data stored in this file is EXACTLY the same as how it would be stored in the registry.

So lets get our plan of attack:

  1. Login to a domain account. Any will do.
  2. Set our usertile the old fashioned way.
  3. Retrieve the generated dat file.
  4. Use it!

WAY SIMPLER THAN LOCAL ACCOUNTS!

Let’s take the following scenario posed by one reader. Contoso would like users in each of 5 departments to have a department specific usertile. First we login using a domain account (for our example John Doe will do) and set its usertile to the first department’s desired tile. We then copy the C:\ProgramData\Microsoft\User Account Pictures\CONTOSO+jdoe.dat file to a holding area and rename it to departmentname.dat. We then repeat for the remaining 4 departments. Now that we have the proper dat files we can leverage them in a few different ways. Most users will go the route of the logon script: Check for group membership to ascertain the department of the user (or read an Active Directory attribute) and copy the proper department dat file into the local computer’s User Account Picture directory. We could also preload our OS deployment with a set of all user files for all members of the domain (probably only a good idea in an organization with a small number of users). Using a logon script will ensure that the proper department icon is used, even if a user changes it, though placing a complementing logoff script would be prudent to prevent any non-compliance.

Whatever way you cut it, it’s pretty much up to you at this point. Bon Appétit!

Advertisements

Comments»

1. I discovered the new Windows user tile API | Joco blog - December 6, 2010

[…] only states the obvious: you can do it manually in the control panel. Someone blogged here and here on how to automate some parts of the process. The part of the process which is covered in these […]

2. Joe - October 25, 2010

I like this… I’ve wanted to incorporate something like this for awhile but was not aware of the .dat file. However, I am a bit confused about how to best implement it so that it impacts all users. For example, in my workplace I would like to change the logon picture for all users regardless of department. Anyone who uses the computer, gets the picture at the logon screen (not just post logon).

How would a logon script accomplish this if the user has not yet logged on – they are just resting at the logon screen? Or am I overlooking /over complicating something? It doesn’t seem I can use the %USER% variable anywhere because again, the user has not logged on yet. Any insight?

Thanks,

Joe

3. Chris Barlow - October 8, 2010

Thank you very much for this, it works exactly as you say.

Rather than using login scripts, we are applying this via. Group Policy. In Windows Server 2008 the easiest way is to create a new ‘File’ entry under ‘User Configuration’ -> ‘Preferences’ -> ‘Windows Settings’ -> ‘Files’. In the ‘Destination File:’ field use the %username% variable, eg:

C:\ProgramData\Microsoft\User Account Pictures\CONTOSO+%username%.dat


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: