Leveraging copyprofile in Windows 8 deployments and Internet Explorer protected mode
When leveraging the copyprofile=true attribute in an unattend.xml file during a Windows 8 deployment it's important to ensure the default local administrator profile's .\AppData\LocalLow is not present as this temporary data may cause unexpected side effects with Internet Explorer's protected mode. The purpose of the LocalLow folder is to provide protection for the user by providing a safe location that possibly unsecure data can be written and read. By default, a default profile does not have a LocalLow folder and it's a great idea if leveraging copyprofile in Windows 8 deployments to delete the LocalLow folder from the local administrator profile as part of a cleanup step before capturing the image.
Note that if you are experiencing unexpected results using Internet Explorer's protected mode it's also possible to remove the .\AppData\LocalLow folder either from the default profile or a specific profile and allow it recreate.
Comments
- Anonymous
February 17, 2016
Noticing the same problem in Windows 10. This seems to affect both the Explorer "Desktop" QuickAccess shortcut and IE DOMStore.
Is this a reported bug for MDT 2013 U1?- Anonymous
March 23, 2016
I didn't track the origin of action that caused the LocalLow folder to be created. If you find that it occurs creating a Windows 10 image using a bare MDT 2013 U1 TS and isn't caused by an outside application this would definitely be worth knowing.
- Anonymous