Quantcast
Channel: Microsoft Deployment Toolkit forum
Viewing all 11297 articles
Browse latest View live

Parental Control set as Local Administrator on reference machine and copy it over as part of copy profile for all users

0
0

Hi Team, 

Looking for some advice on setting up Parental control in windows 8.1 for all users. I am going through the below article to configure parental control on windows 8.1, If i set it for Administrator account on reference master image, would it be copied over for all users if copy profile is enabled during image deployment? Any suggestions or if anyone has tried it before in similar way. The whole idea is to set it up for any user that logs onto the machine. or any other suggestion would also we appreciated. Organization wants to control basically access to windows store with some age limit . 

http://www.gottabemobile.com/2014/12/25/how-to-setup-parental-controls-in-windows-8-1/

Regards,


Import-MDTApplication Hide application in deployment wizard

0
0
Is there a way to hide an application in the deployment wizard when using Import-MDTApplication? This parameter did not check the box:
-hide 'true'

Connection to the deployment share could not be made (network driver not installed)

0
0

Hi guys! i bought the new laptop Dell Latitude E6510 and try to install the enterprise image but i got the error:

"A connection to the deployment share could not be made. The deployment will not proceed. The following networking device did not have a driver installed PCI\VEN_8086&DEV_10EA&SUBSYS_040B1028&REV_05."

I look on internet and i found out that it is the intel network card driver missing. So i get the driver from Dell website and i added this drivers in the MDT console.

Then i have updated the deployment share to rebuild the boot images. Everything went fine but i always get this error.

Am I missing something ?

AlwaysAuthenticate-flag not working in WinRE Custom Tool

0
0

I created a Custom Tool for my WinRE according to this site (https://technet.microsoft.com/en-us/library/jj126994.aspx). This is working very fine; I've got the tile in my WinRE and it works great (it calls a batch file).

However, I want the user to authenticate before running my custom tool (asadmin). I saw a possibility here (https://technet.microsoft.com/en-us/library/dd744576(v=ws.10).aspx) where it says, I just have to add the line:

<AlwaysAuthenticate/>

somewhere in the <Recovery>-block. After integrating the new WinREConfig.xml into my WinRE-Image, this doesn't have any effect. I don't get prompted to enter a password.

Do you have any ideas what the problem is or how I could trigger an authentication otherwise?

Problem with the file path TS.XML after the restart

0
0
Hi, I have a problem when making a deployment.

After rebooting, lost path "ts.xml" file.

In the "BBDD.LOG" file shows this error:

Copying D: \ Deploy \ Control \\ TS.XML

The bug is in the path, not the Task Sequence ID between "control" and "TS.XML" appears.

The route should be Deploy \ Control \ Task_Sequence_ID \ TS.XML

Do you know what may be the fault?

any solution?

thank you!

Running Unblock-TPM cmdlet from Windows PE

0
0

Here is the situation and hopefully somebody can help...

One of the guys in IT created and MDT deployment on Laptops and Tablets (Specifically Surface Pro 3).

Unfortunately, I don't think he really though this through and relied on the Vendor's (Sophos) information.

Basically I have a Surface Pro 3 with the hard drive encrypted, using a TPM + PIN configuration.

In a normal Microsoft scenario, when deploying Windows, Bitlocker would trigger to save the Recovery Key onto AD. However, when using Sophos, it encrypts the drive using Bitlocker, but instead the recovery key gets saved on the Sophos Console.

As some of you have experienced, the surface pro 3 are prone to turn on while kept inside a bag, and the keyboard would get pressed (typing bad pins on preboot auth). This leads to the dreaded TPM lockout.

Normally, the recovery key would be needed in order to boot, and then once inside the system, you would unblock the TPM. Unfortunately, for some unknown reason, the recovery key is not working and I am unable to boot the machine.

So there is no other option, right?

Well, I am trying something but don't know if it will work. In Windows 8.1, there is a cmdlet called unblock-tpm that should unblock the TPM (resetting the anti hammering setting back to 0). We have the password and owner account, so in theory, it should work. Once the TPM is unblocked again, by rebooting and using the PIN, the TPM should supply the key and be able to boot.

Unfortunately, I had no luck running this cmdlet from Windows PE. I assume it is an issue with the WMIs since the cmdlet tries to run but I get an error message.

Also, the Surface Pro 3 is very picky on which flash drive wants to boot from. So, while I am in the process of created a Windows to Go on a specific flash drive that should boot on the Surface, do you know of a documentation or if anybody has been able to correctly run the unblock-tpm cmdlet from outside the operating system (let it be winPE or any of those PE disc that are going around)?

Windows 8.1 local GPO Pack in MDT 2013?

0
0

Hi All,

I have a GPO Pack exported from SCM v3 and are trying to deploy via MDT on the Apply GPO Pack step. I understand the steps needed to modify ZTIApplyGPOPack.wsf as per the link below:

http://deploymentresearch.com/Research/Post/336/Adding-GPO-Pack-support-in-MDT-2013-for-Windows-8-1

but the problem is the files i need to copy to the export GPO pack from SCM GPOPack.wsf / LocalPol/exe /LocalSecurityDB.sdb
From inspecting the GPOPack.wsf file i can tell it's not supporting Windows 8.1 when i found the following message in the script :

    strMessage = "GPOPacks only work on Windows XP Professional, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012"

There are quite a number of references to this script so i'm not sure how do you modify this to make it work with WIndows 8.1?

Thanks for the advice in advance!

       

USMT Restore not happening

0
0

Hi Experts,

I am using USMT to transfer data from one machine to another machine.

In restoring the data a lot of  data is missing getting the below message in the log.

Info                  [0x080000] Include pattern skipped because enumeration root is not present: C:\Users\williamsc1\AppData\Local\Microsoft\Speech\Files\* [*]

Please let me the way to fix it.

Thanks & Regards,

Venkatesh


Since upgrade to MDT 2013, can't capture Windows 7 image.

0
0

Hi fellas,

I use Virtual Box to create a 32- and 64-bit reference Windows 7 VM, which I then capture using an MDT Sysprep & Capture TS.  This worked without a hitch using MDT 2012.

I recently upgraded to MDT 2013.  Since then, after the VM syspreps and reboots, I get a boot manager error saying Windows failed to start.  Status: 0xc0000260.

Not sure where to look for any logs.  What I've done so far:

- Upgraded to latest version of Virtual Box (4.3.18)

- Rebuilt both VMs from scratch.

- Deleted and recreated the deployment share and Sysprep & Capture task sequences.

Stumped for the time being, although I could always just boot to my Win PE disc and manually capture with imagex.  But c'mon.



Surface Pro 3 - UEFI not formating disk

0
0

Hello,

We are trying to deploy an image using MDT, the task always fails on preparing disk 0 partitions.

I have seen previous discussions on setting correct task sequence for UEFI devices which I have configured as below

The "Format and Partition Disk UEFI GPT" - Condition [If all true] IsUEFI = True
-EFI (Marked as Boot) 350 MB FAT32
-MSR 128 MB
-Windows Primary 100% remaining space NTFS; Variable: OSDisk

Come to a dead end now and need help

Error when trying to update media

0
0

Hi,

I have a new MDT server. I copied my deployment share and all other data from my previous server to the new server. Opened the deployment workbench and opened the deployment share.

I use offline media which we extract to a usb drive and build pc's from there. When I now want to update my media on the new server, it runs for a while and then give below mentioned error. Any idea what this can be? 

"System.Management.Automation.CmdletInvocationException: Data at the root level is invalid. Line 1, position 1. ---> System.Xml.XmlException: Data at the root level is invalid. Line 1, position 1."

The answer to life the universe and everything

0
0

Maybe it's been mentioned before. But I was digging around in MDT an stumbled across this in the ZTIOptIn.wsf file.

MDT 2013

Option Explicit
RunNewInstance

'//----------------------------------------------------------------------------
'//  Global Constants
'//----------------------------------------------------------------------------

Const ANSWER_TO_LIFE_THE_UNIVERSE_AND_EVERYTHING = 42

Hehehe


If this post is helpful please vote it as Helpful or click Mark for answer.

Getting "Windows could not parse or process the unattend answer file for pass [specialize]" with IE10 integration? Read this...

0
0
Hey guys,

I just discovered an issue with using MDT to integrate Internet Explorer 10 into Windows 7 & 2008 R2 image files. Building the images was no problem at all, but when I tried to deploy them it would bomb with this error every time:

"Windows could not parse or process the unattend answer file for pass [specialize]."

So a very annoying and cryptic error to say the least. Obviously the issue was with the unattend.xml file that gets auto-generated by MDT, but all the items under "specialize" had worked just fine when I built the image and the IE version was the only item that had changed. After comparing the Windows 7 & Server 2008 R2 unattend.xml files to my Windows 8 & Server 2012 unattend.xml files (because they have IE 10 native) I discovered that the following flag was missing from the Windows 8 & Server 2012 unattend.xml files:
<IEWelcomeMsg>false</IEWelcomeMsg>

So I simply commented it out like so:



Re-ran my test deployment and viola, 100% successful with zero errors. I was a little embarrassed/annoyed that this took me so long to track down, then I realized others might be struggling with this too so thought I'd share.

Hope my time spent saves someone else some grief!

MDT 2013 Windows 8.1 Enterprise LTI deployment to specific partition (preserve factory partition layout)

0
0

We're using MDT 2013 for an LTI deployment of Windows 8.1 Enterprise. The client task sequence in question is configured to install Windows to a specific drive/partition (disk 0, partition 4). The task sequence insists on targeting another partition (disk 0, partition 3) instead. In Windows PE, D: is assigned to the incorrectly targeted partition and C: to partition where we wish to have Windows installed.

I confirmed that the correct/expected task sequence is selected. DeploymentType is NEWCOMPUTER. Below are several BDD.log entries related to the deployment type and target partition selection process. TheNew Computer only > Format and Partition Disk task sequence step is disabled, and in its place we have a Run Command Line step that scripts diskpart to clean (quick format) the C: partition (disk 0, partition 4). Immediately before theInstall Operating System step, we tried setting the OSDPreserveDriveLetter variable to false, then true, with the same results.

<![LOG[Property DeploymentType is now = NEWCOMPUTER]LOG]!><time="10:59:58.000+000" date="07-28-2015" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
...<![LOG[DestinationOSInstallType = BYDISKPARTITION]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Found: DestinationDisk: 0]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Found: DestinationPartition: 4]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[New ZTIDiskPartition : \\MININT-RCTKLC1\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #3"    \\MININT-RCTKLC1\root\cimv2:Win32_LogicalDisk.DeviceID="D:"]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Disk Size : 11 GB]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Min Size : 15 GB]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Property OSDTargetDriveCache is now = D:]LOG]!><time="11:00:09.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Property OSDisk is now = D:]LOG]!><time="11:00:10.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Set the Tag variable: TargetPartitionIdentifier]LOG]!><time="11:00:10.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Property TargetPartitionIdentifier is now = ]LOG]!><time="11:00:10.000+000" date="07-28-2015" component="ZTIConfigure" context="" type="1" thread="" file="ZTIConfigure"><![LOG[Property TargetPartitionIdentifier is now = SELECT * FROM Win32_LogicalDisk WHERE Size = '11929645056' and VolumeName = 'Recovery Image' and VolumeSerialNumber = '26EC4F88']LOG]!>


The OS image applies successfully:

<![LOG[  Console > Successfully applied image.]LOG]!><time="11:27:06.000+000" date="07-28-2015" component="LTIApply" context="" type="1" thread="" file="LTIApply"><![LOG[  Console > Total elapsed time: 4 min 6 sec]LOG]!><time="11:27:07.000+000" date="07-28-2015" component="LTIApply" context="" type="1" thread="" file="LTIApply">


But the deployment routine fails with "boot drive was not found."

<![LOG[No boot drives found. None.]LOG]!><time="19:50:10.000+000" date="07-24-2015" component="LTIApply" context="" type="1" thread="" file="LTIApply"><![LOG[FAILURE ( 5615 ): False: Boot Drive was not found, required?]LOG]!><time="19:50:10.000+000" date="07-24-2015" component="LTIApply" context="" type="3" thread="" file="LTIApply"><![LOG[Event 41002 sent: FAILURE ( 5615 ): False: Boot Drive was not found, required?]LOG]!><time="19:50:11.000+000" date="07-24-2015" component="LTIApply" context="" type="1" thread="" file="LTIApply">

The target system is an HP Pro x2 612 G1 tablet/notebook configured for UEFI/GPT. The incorrect target partition and boot drive not found problems may be unrelated. I would like to get the deployment to target the desired partition and move forward from there... You can view the full LTIApply.log here.

Ideas?

Thank you!

USMT with MDT 2013

0
0

Hello guys

I'm trying to create a TS in MDT 2013 just for Capturing the user data and settings on the network without installing a new OS.

I created a new TS and picked "Standard Client Replace Task Sequence" and Disabled "Wipe Disk" cause I want to keep user data after the backup.

The problem is that when I run the script LiteTouch on the host machine, it will run without any problems, I was able to backup users profile on the network

\\Servername\DeploymentShare$\Scripts\LiteTouch.vbs 

But when I boot up the machine from the network (WinPE) and trying to use the same TS, it fails with 8 Errors (5456): Unable to determine Destination, Partition, and/or Drive

for the cs.ini, I'm using the default settings.

Any ideas ?

Thanks



Run Once script in image once deployed to machines for new user profiles as default.

0
0

Hi Team,

We want to have run once script for users that will run once for any user logs into the machine very first time (when profile is created for very first time for the user), this script will install application from the local hard drive. Since we are building reference machine (before sysprep) , which registry hive should we modify to achieve this scenario so that these settings will be available once image is captured and deployed to the machines? So it has to be user based not machine based. We will going to use 'copy profile' to maintain few settings that we want for all users as default. I am wondering which registry hive should we modify to run the script as 'Runonce' for all users on there first login, since it is going to be a copy profile, does it need to go with current user (login as administrator on reference machine) or it should go with 'default user' registry settings and maintained once image is captured and deployed. Any suggestions will be appreciated. Thanks.

Regards,

[Solved] Can't skip BDDwelcome

0
0

Hello.

Moving MDT 2013 (full updated, but w/o Preview) 2008R2->2012R2 and can't skip annoying BDDwelcome.

Here is Bootstrap.ini

[Settings]
Priority=Default
Properties=MyCustomPropertiy

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassowrd=YES
SkipComputerBackup=YES
SkipBitlocker=YES
DeployRoot=\\_this_server_name_\DeploymentShare$
SkipBDDWelcome=YES
UserID=_my_user_
UserDomain=_domain_
UserPassword=_password_

CustomSettings.ini

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
SkipBDDWelcome=YES
SkipDeploymentType=YES
OSInstall=YES
DeploymentType=NEWCOMPUTER
SkipAppsOnUpgrade=YES
SkipCapture=YES
SkipProductKey=YES
UserID=_my_user_
UserDomain=_domain_
UserPassword=_password_
SkipBitlocker=YES
SkipComputerBackup=YES
SkipTimeZone=YES
TmeZone=145
TimeZoneName=Russian Standard Time
SkipLocaleSelection=YES
SkipAdminPassword=YES
SkipRoles=YES
SLShareDynamicLogging=\\_this_server_\mdt_logs\%COMPUTERNAME%
EventService=http://_this_server_:9800

Can't understand what is wrong here?

The same MDT @ 2008 R2 skips BDDwelcome =(

Thanks!


-=C U=-


Windows 8.1 Deploy is trying to sign onto Microsoft Live account.

0
0
I have a few Windows 8.1 machines running through MDT2013 just fine. They boot to the desktop as Administrator and finish a few jobs and completes fine. Now I have a Motion tablet, set up the same identical way, but rather than booting to the desktop as Admin, it stops at the logon screen with two generic icons to choose from - one a Microsoft Live account and the other a Local Account. I have to choose the Local account and type in Administrator and the password I've already put in the unattend. I only have 30 of these tablets, but I don't understand why they're not logging onto the desktop as the others do. The TS steps are exactly the same and so is the unattend. Any ideas?

MDT 2013 - Storing Bitlocker Recovery Keys in AD for Win7Enterprise Deployment

0
0

I've been lurking through threads on TechNet and other various blogs on how to get my Win7 task sequence to enable bitlocker and send the recovery keys up to AD.  As many of you, my AD and GPO environment is unique - in particular our Legal Notice is set in the Default Domain policy so found early on that my MDT sequence was breaking very quickly.  Found the following set of tools and sequence steps and have been working like a charm so far:  <http://blogs.msdn.com/alex_semi/archive/2009/08/28/avoiding-legan-notice-that-breaks-mdt-autologon.aspx - that part is done. Good...

Now the Enabling of Bitlocker in my task:

We're a Lenovo shop so I have the scripts to set TPM to active.

I've followed all the items here < https://technet.microsoft.com/en-us/library/dn744301.aspx > and setup my Bitlocker GPO.  Here is an output of the policy via registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"ActiveDirectoryBackup"=dword:00000001
"RequireActiveDirectoryBackup"=dword:00000000
"ActiveDirectoryInfoToStore"=dword:00000001
"OSRecovery"=dword:00000001
"OSManageDRA"=dword:00000001
"OSRecoveryPassword"=dword:00000002
"OSRecoveryKey"=dword:00000002
"OSHideRecoveryPage"=dword:00000000
"OSActiveDirectoryBackup"=dword:00000001
"OSActiveDirectoryInfoToStore"=dword:00000001
"OSRequireActiveDirectoryBackup"=dword:00000001
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000001
"UseTPMPIN"=dword:00000000
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000

Here's a snippet of my cs.ini:
[Laptop-True]
BDEInstall=TPM
BDEInstallSuppress=NO
BDEWaitForEncryption=FALSE
BDEDriveLetter=S:
BDEDriveSize=2000
BDERecoveryKey=AD
;BDERecoveryPassword=TRUE
BDEKeyLocation=\\myunc\bitlockerkeys$

I have tried numerous solutions but haven't had luck.  Here is what I've tried so far:

  • Early in the State Restore section, have the steps that Enable TPM using Lenovo Scripts, regedit /s the regvalues posted above and restart.  Install my applications with reboots in between, join the domain and enable bitlocker = machine is encrypted, recovery key in \\myunc\bitlockerkeys$ but nothing in AD.  If I keep "OSRequireActiveDirectoryBackup"=dword:00000001 with 1 Bitlocker is paused/suspended once in Windows.  Need to manually start it.  If its changed to "OSRequireActiveDirectoryBackup"=dword:00000000, system is encrypted (or almost finished) when its booting after the TS is done.
  • Tried doing a gpupdate /force after recovering from the domain and before enabling Bitlocker but that breaks MDT since I have GPOs that are set to remove all local admin accts
  • After domain join, and enabling bitlocker, ran the below script which will force the recovery keys to AD here http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

I've looked at my BDD.log and smsts.logs and nothing states where the issue lies.  Are there any other logs or tips/hints someone could direct me to in order to get this working?

Thanks in advance!


Quick question: MDT 2k13U1 release date?

0
0
Anyone know the release date of MDT 2013 Update 1?
Viewing all 11297 articles
Browse latest View live




Latest Images