RE: [External] Re: [MDT-OSD] Autologon not working in 1709 ZTI Task Sequence

[Jerousek, Jeff]

The defaultuser0 seems to be Microsoft using autologin to apply updates and 
some other settings.

You can prevent all of the defaultuser0 stuff by directly removing the related 
OOBE keys from the registry before you reboot.

Thanks,
Jeff Jerousek

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Olsson Mats (4004)
Sent: Tuesday, February 6, 2018 6:27 AM
To: mdtosd@lists.myitforum.com
Subject: RE: [External] Re: [MDT-OSD] Autologon not working in 1709 ZTI Task 
Sequence

Yep. MS has changed the behavior. I have been unable to get an answer on if it 
is ia bugg or by design


From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady
Sent: den 6 februari 2018 11:41
To: mdtosd@lists.myitforum.com
Subject: Re: [External] Re: [MDT-OSD] Autologon not working in 1709 ZTI Task 
Sequence

" You cannot do a gpudate from within a task sequence because the OS is in 
provisioning mode during task sequence and so will not apply Group Policies 
while the task sequence is running.  That was added to Configmgr a long time 
ago. "
are you sure about that, it's not blocked anymore and does seem to work  
(gpupdate /force) in the Windows phase of OSD

[Inline image 1]

On Tue, Feb 6, 2018 at 1:57 AM, Ashutosh Mishra 
> wrote:
we tried it all in our might but nothing helps. We ended up with having manual 
intervention skipping the auto-logon.

Regards,
Ashu

On 6 February 2018 at 10:47, elsalvoz 
> wrote:
Have you tried adding a schedule task before the TS is done and run your  
commands that way? Something like make changes to auto logon and reboot the 
system.


Cesar A.

On Feb 5, 2018 4:10 PM, "Miller, Todd" 
> wrote:
The 6 minute countdown is something we put in so that we had time to remote 
into the registry to check out the autologon registry key from remote regedit.  
 The length of countdown doesn’t matter.  The Restart  is done by the 
TSPostAction variable. The computer should sit patiently at the CTRL-ALT-Delete 
for 6 minutes, reboot and autologon.  The original timeout is only 15 seconds – 
we just extended it so that we could investigate the computer state before the 
reboot.  We can see that some process is clearing the .

You cannot do a gpudate from within a task sequence because the OS is in 
provisioning mode during task sequence and so will not apply Group Policies 
while the task sequence is running.  That was added to Configmgr a long time 
ago.


I am looking for a way to ask the SystemOOBE, when it is finished screwing up 
the computer to perform a few commands to put the autolgon back in place. Undo 
the damage it has caused, and kindly reboot the computer – and if possible, to 
do it without Cortana telling me about it.


From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Lanctot, Charles
Sent: Monday, February 05, 2018 2:09 PM

To: mdtosd@lists.myitforum.com
Subject: RE: [External] Re: [MDT-OSD] Autologon not working in 1709 ZTI Task 
Sequence

I think the 6 minute wait on the shutdown might be your problem, the task 
sequence wont wait 6 minutes if you’re just telling it to “shutdown -r -t 360”, 
the command will execute successfully and the task sequence will move on. As 
mentioned before the autologon keys are deleted in the cleanup script (run 
after the task sequence finishes). A custom exit script may resolve your issue 
but how about doing it like this:

OS Deploy Task Sequence

  1.  Deploy OS
  2.  App Installs etc
  3.  Change autologon keys to use domain account
  4.  Domain join (if not joined already)
  5.  Reboot
  6.  Run Command Line: Cmd.exe /c gpupdate
  7.  Reboot
  8.  The end (Runs cleanup and deletes autologon keys)

This way you get your domain login with your 2 reboots and a gpupdate to boot.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miller, Todd
Sent: Monday, February 05, 2018 1:47 PM
To: mdtosd@lists.myitforum.com
Subject: RE: [External] Re: [MDT-OSD] Autologon not working in 1709 ZTI Task 
Sequence


I have found a more recent twitter thread that describes my problem pretty 
exactly, no solutions offered though…

[MDT-OSD] RE: ThinkPad Yoga 370 is not a laptop?

[Jerousek, Jeff]

That is exactly why I check for battery > 0%  instead.

Thanks,
Jeff Jerousek


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Klish, Brian
Sent: Thursday, August 17, 2017 1:41 PM
To: mdtosd@lists.myitforum.com
Subject: [MDT-OSD] ThinkPad Yoga 370 is not a laptop?

Just wanted to pass the word on this discovery.  We just got through deployment 
of several hundred “Lenovo ThinkPad Yoga 370” laptops.  We just discovered some 
software did not install because MDT did not identify them as a laptop.  
Looking now I see some older threads that talk about this identification being 
unreliable; mostly on servers I guess.  News to me until now.  This is really a 
Lenovo problem if I understand it correctly.  Just thought I’d pass the word…

-Brian

[MDT-OSD] RE: Creating Windows Images for distributor install

[Jerousek, Jeff]

I don't see how this could save time unless there is a large internal delay 
after someone orders a new machine.

We've addressed this issue for us by having a PXE server at every remote office 
and the DART Viewer integrated, so the most a non-technical user should have to 
do is hit F12 or hold down a volume key. If the office has a semi-technical 
user they get rights to build our standard image.

You also run the risk of these computers never joining the domain and not being 
exactly what you ordered if you never get hands on them or an inventory from 
the SCCM client.

Thanks,
Jeff Jerousek


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ross, Chris
Sent: Wednesday, April 5, 2017 8:39 AM
To: mdtosd@lists.myITforum.com
Subject: [MDT-OSD] Creating Windows Images for distributor install

Hi,

My company is looking at leveraging a service our hardware reseller offers 
which is to preload our OS to any hardware we purchase.  Does anybody have any 
experience with this?  Any pitfalls I should be aware of?  Right now I have a 
lot of questions swirling in my head about how this would change what we do 
today and changes needed to support this going forward.

Today we use Microsoft MDT/SCCM for our imaging and I think I'd still need to 
maintain all this infrastructure in the event a system OS is unrecoverable and 
would need to be reimaged.  Or would my better option be to create an image 
file that also contains a recovery partition like OEMs do?  My worry about that 
though is that the recovery image would become stale very quickly.  The way I 
see it I'd need to support our current imaging strategy for reimaging, or 
modify it greatly to move to an image setup that mimics closely that of an OEM.

Questions I have are about how to handle the domain join, Windows Updates, 
anti-virus updates, additional software updates like say Adobe Flash/Reader 
updates on the first time start-up of the system after it has been imaged?  Is 
there a way to create a dynamic unattend.xml to handle domain join based on 
network location?   Or would I be better off dumping everything to staging OU 
and then using say Maik Koster's web service (or similar) to handle this?  I 
handle all that right now in a task sequence with the Microsoft tools and can 
get away with updating my gold image a few times a year; with preloading I 
think I'd need to keep updating my gold images at least every month to few 
months to keep on top of Windows Updates.  What about additional application 
layering?  We're doing some group based deployments and using the Application 
Catalog from SCCM.  Would I really be saving a lot of time using distributor OS 
installs?

Basically the ask of me is to our get a solution in place where we can order 
equipment, have our reseller apply our corporate image and once the system is 
received by us it is ready to go with as little downtime or human interaction 
from our support teams as possible.  With the ultimate goal being we can ship 
direct to an employee in one of our branch offices from the reseller and all 
they need to do is turn the system on and away they go.

Does anybody have any experience at this or can offer ideas on how best to 
approach this?

Thanks,
Chris



---
This communication, including any attached documentation, is intended only for 
the person or entity to which it is addressed, and may contain confidential, 
personal, and/or privileged information. Any unauthorized disclosure, copying, 
or taking action on the contents is strictly prohibited. If you have received 
this message in error, please contact us immediately so we may correct our 
records. Please then delete or destroy the original transmission and any 
subsequent reply. Thank you.

La présente communication, y compris toute pièce qui y a été jointe, est 
destinée uniquement à la personne ou à l'entité à laquelle elle a été adressée, 
et contient des renseignements à caractère confidentiel et personnel. Toute 
diffusion ou reproduction non autorisée ou toute intervention entreprise 
relativement à son contenu est strictement interdite. Si vous avez reçu ce 
message par erreur, veuillez nous le signaler immédiatement afin que nous 
puissions effectuer la correction à nos dossiers. Veuillez par la suite 
supprimer ou détruire le contenu de la transmission originale ainsi que toute 
réponse ultérieure. Merci.
---

RE: [MDT-OSD] RE: Partial Start Menu question

[Jerousek, Jeff]

Yeah, it's mildly useful. The first time a locked group is put in place you 
reset the user's menu completely but after that any changes will not affect 
what they place on their menu themselves if I remember correctly, unless it is 
one of the locked applications in which case it gets moved.

https://4sysops.com/archives/partially-lock-the-windows-10-start-menu-layout-with-group-policy/

Thanks,
Jeff Jerousek<mailto:jeff.jerou...@lrs.com>


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller, Todd
Sent: Tuesday, February 14, 2017 5:06 PM
To: mdtosd@lists.myitforum.com
Subject: RE: [MDT-OSD] RE: Partial Start Menu question

Hmm, that is suboptimal.  I don't even understand how this is useful.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jerousek, Jeff
Sent: Tuesday, February 14, 2017 3:45 PM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] RE: Partial Start Menu question

** STOP. THINK. External Email **
>From my own testing it seems to only get re-evaluated when a new xml is pushed 
>out or a fresh profile is created.

Thanks,
Jeff Jerousek<mailto:jeff.jerou...@lrs.com>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miller, Todd
Sent: Tuesday, February 14, 2017 3:26 PM
To: mdtosd@lists.myITforum.com<mailto:mdtosd@lists.myITforum.com>
Subject: [MDT-OSD] Partial Start Menu question

I am attempting to have a partial locked start menu. This is just an example 
I'm working through.  I am trying to figure out the mechanism prior to rolling 
out Windows 10.  I want to figure out how we would do a partial custom start 
menu in my environment.  I will be asked to add tiles to a corporate section 
from time to time so I need to make sure I have the process down.

I am having trouble getting it to work in the way I think it is supposed to 
work.


Here is my testing scenario...


The Windows 10 (1607) computer is deployed without Office.  The computer is 
assigned a custom start menu layout with two locked sections via GPO pointing 
to a locally copied custom XML.

When User A logs in we see that both of the locked sections are present, The 
Office section is empty - this is expected since Office is not installed.  The 
other locked section containing Calculator, Notepad, and Weather  works and the 
tiles are visible.



User A installs Office and reboots the computer

User A logs back in.  The locked section for Office tiles is still empty, 
though the applications show up in the left "all programs" section of Start.  I 
thought that once the applications pointed to by the tiles are installed the 
tiles are supposed to detect that and become visible... User A logs out

User B logs in for the first time on this computer.  The locked section for 
Office tiles is fully populated according to the custom layout. Both locked 
custom sections look correct.  User B logs out

User A logs in - custom Office section is still empty.

If I delete UserA's profile on the computer using an admin account, and User A 
logs back in, the locked sections are correct with the Office tiles.

What triggers User's locked sections to be reevaluated?  I thought I read that 
this would get evaluated each time explorer starts up.  But it seems like it 
might only happen when the user account is first populated.



How is it is supposed to work?  The documentation talks about adding tiles 
later by updating the XML file.  So I think it is supposed to be dynamic, but I 
can't make it work that way.








Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If you are not the intended recipient, any 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify the 
sender immediately and delete or destroy all copies of the original message and 
attachments thereto. Email sent to or from UI Health Care may be retained as 
required by law or regulation. Thank you.



Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If you are not the intended recipient, any 
dissemination, distribution or copying o

[MDT-OSD] RE: OSD task sequence Variables ?

[Jerousek, Jeff]

In PE with a prestart command you could do that.

Thanks,
Jeff Jerousek


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Bain.John
Sent: Monday, December 5, 2016 10:43 AM
To: mdtosd@lists.myitforum.com
Subject: [MDT-OSD] OSD task sequence Variables ?

Is it possible to set a OSD task sequence variable and then in an SCCM 
application, create a deployment type to check for that task sequence variable?
How do you reference that task sequence variable ?

For example:


· Task sequence sets the OSDInstall = True

· Application deployment , Deployment Requirements,OSDInstall = True


John

[MDT-OSD] RE: Windows 10 - mouse cursor gone during OSD

[Jerousek, Jeff]

It is annoying but I can usually do everything I need to with tab, alt+tab, 
win+↔,win+↑,win+↓

Thanks,
Jeff Jerousek


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller, Todd
Sent: Friday, November 4, 2016 9:24 AM
To: mdtosd@lists.myitforum.com
Subject: [MDT-OSD] RE: Windows 10 - mouse cursor gone during OSD

I see this problem has been asked, but I don’t know if there was ever an answer.

When I “F8” to open a command window during an OS Deployment of Windows 10, 
there is no mouse cursor displayed.  The cursor is just hidden, the mouse still 
“works” it is just the pointer is no visible.  It makes troubleshooting OS 
Deployment difficult to impossible because the only real action you can do is 
with the keyboard.  Windows get in the way of what you are looking at - it is 
just really difficult to maneuver in the OS without the mouse cursor.

Has anyone figured out a good way to recover the cursor?   This is really 
tedious.  Anything in the Unattend.xml that could counteract this effect or 
maybe some command In the TS that could run after reboot to show the mouse.  It 
feels like whatever process is hiding the desktop with the black screen is also 
hiding the mouse.  So frustrating.

The cursor is present in WinPE stages, but not full OS.  It is also fine from 
the same boot media in Windows 7 deployment.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, February 17, 2016 11:37 AM
To: mdtosd@lists.myitforum.com
Subject: [MDT-OSD] Windows 10 - mouse cursor gone during OSD

Anyone else have this problem. If my TS bombs out for any reason, if I want to 
troubleshoot I have no mouse pointer. The mouse “works” (I can blindly click 
around and see things happen), but there’s no pointer.


Best Regards,

Mike Murray
Desktop Management Coordinator - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu




Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If you are not the intended recipient, any 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify the 
sender immediately and delete or destroy all copies of the original message and 
attachments thereto. Email sent to or from UI Health Care may be retained as 
required by law or regulation. Thank you.

[MDT-OSD] RE: MDT detections HP servers as Laptops

[Jerousek, Jeff]

And by laptop I meant batterystatus.

Select * from Win32_Battery where Batterystatus > 0

Thanks,
Jeff Jerousek<mailto:jeff.jerou...@lrs.com>

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Daniel Ratliff
Sent: Monday, June 20, 2016 8:50 AM
To: mdtosd@lists.myitforum.com
Subject: [MDT-OSD] RE: MDT detections HP servers as Laptops

Good to know, thanks for the confirmation Mike and Jeff.

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jerousek, Jeff
Sent: Monday, June 20, 2016 9:30 AM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] RE: MDT detections HP servers as Laptops

This is why I prefer to use the wmi check, if laptop > 0% for laptops.

Thanks,
Jeff Jerousek<mailto:jeff.jerou...@lrs.com>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike
Sent: Monday, June 20, 2016 7:59 AM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] RE: MDT detections HP servers as Laptops

I don't work with servers, so I haven't been in a situation to see this.  
You're probably right on both counts though.  Based on HP's inconsistencies on 
the desktop/laptop front I wouldn't put it passed them to be too relaxed on 
setting the proper chassis type.

It's a "bug" in MDT in that it is perhaps more of "old code" that hasn't been 
looked at recently to take into account sloppy hardware vendors.  ;-)

Mike


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Monday, June 20, 2016 8:23 AM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] MDT detections HP servers as Laptops

Anyone ran across this before? We have some HP servers that are coming up as 
IsLaptop=TRUE and IsServer=FALSE because the ChassisType is 18, "Expansion 
Chassis".

According to ZtiGather.wsf, the only server is ChassisType 23.

If not 
IsNull(objInstance.SMBIOSAssetTag) then

sAssetTag = Trim(objInstance.SMBIOSAssetTag)
End if
Select Case 
objInstance.ChassisTypes(0)
Case "8", "9", 
"10", "11", "12", "14", "18", "21"

bIsLaptop = true
Case "3", "4", 
"5", "6", "7", "15", "16"

bIsDesktop = true
Case "23"

bIsServer = true
Case Else

' Do nothing
End Select

But looking at the options logically, I would think 17-23 would all be servers, 
except for maybe 21 which could be a docking station.

17

Main System Chassis

18

Expansion Chassis

19

Sub Chassis

20

Bus Expansion Chassis

21

Peripheral Chassis

22

Storage Chassis

23

Rack Mount Chassis


I know I can edit ZtiGather, but I really don't want to do that. Does this look 
like a MDT bug or just hardware not setting the proper ChassisType?

Daniel Ratliff


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

**
Electronic Mail is not secure, may not be read every day, and should not be 
used for urgent or sensitive issues

The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

RE: [MDT-OSD] Collapsing Task sequence groups

[Jerousek, Jeff]

I was speaking specifically to OSD. I get that there are probably two different 
teams working on these things but we have no plans of using MDT in our 
environment.

Thanks,
Jeff Jerousek

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Thursday, April 7, 2016 3:35 PM
To: mdtosd@lists.myitforum.com
Subject: RE: [MDT-OSD] Collapsing Task sequence groups

“Unfortunately, the enterprise product doesn’t seem to be the priority.”

Sorry, have an urge to step in on that statement – what do you mean by it? 
They’ve already implemented multiple items directly suggested on uservoice 
which has only been around for like 9 months. The development pace and schedule 
of ConfigMgr is quite rapid and they’ve made many, many improvements over the 
last 24 months or so.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jerousek, Jeff
Sent: Thursday, April 7, 2016 2:58 PM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: RE: [MDT-OSD] Collapsing Task sequence groups

It’s there.

Unfortunately, the enterprise product doesn’t seem to be the priority.

Thanks,
Jeff Jerousek

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady
Sent: Tuesday, April 5, 2016 2:05 PM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: Re: [MDT-OSD] Collapsing Task sequence groups

raise the idea on uservoice

On Tue, Apr 5, 2016 at 8:05 PM, Bain.John 
<john.b...@cic.gc.ca<mailto:john.b...@cic.gc.ca>> wrote:
Thought this was kind of strange as it can be done in MDT, but in the SCCM 2012 
OSD task sequence editor I can’t collapse a group and its kind of hard to 
manage when it gets long … you lose sight of the group hierarchy.
How do others handle long task sequences ?

John
[cid:image001.png@01D190E9.F74EEEA0]

RE: [MDT-OSD] Collapsing Task sequence groups

[Jerousek, Jeff]

It’s there.

Unfortunately, the enterprise product doesn’t seem to be the priority.

Thanks,
Jeff Jerousek

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Niall Brady
Sent: Tuesday, April 5, 2016 2:05 PM
To: mdtosd@lists.myitforum.com
Subject: Re: [MDT-OSD] Collapsing Task sequence groups

raise the idea on uservoice

On Tue, Apr 5, 2016 at 8:05 PM, Bain.John 
> wrote:
Thought this was kind of strange as it can be done in MDT, but in the SCCM 2012 
OSD task sequence editor I can’t collapse a group and its kind of hard to 
manage when it gets long … you lose sight of the group hierarchy.
How do others handle long task sequences ?

John
[cid:image001.png@01D190DD.E522A480]