I am working through getting my deployment process to work on 802.1x enabled secured ports. Environment = SCCM 2012 R2 CU4, MDT 2013 not U1, WinPE 5.1 64bit, OSD with MDT integrated, deploying Win7x64.
We use USB boot sticks not PXE and for the moment I am only concerned with bare metal deployments. According to the document "Windows 7 Deployment Procedures in 802.1X Wired Networks" HERE<http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&uact=8&ved=0CB4QFjAAahUKEwjq3vDT-9jIAhVCSiYKHXlaCvY&url=http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Ftelligent-evolution-components-attachments%2F01-6127-00-00-03-31-62-58%2FWindows-7-Deployment-Procedures-in-802-1X-Wired-Networks.pdf&usg=AFQjCNGYlqsG2B6LkR6HQrumdZAoF8stCg&sig2=4YNHSf0zoISXQVag_VxALg>. The solution requires me to update winpeshl.ini which I think I cannot do with MDT. Changes I make to the source WinPE.wim get overwritten when the MDT process builds winpe.xxx00000.wim. Of course I could them crack open THAT wim and edit winpeshl.ini, but I'd have to do it every time the boot image is rebuilt which is not infrequently and also that seems kind of "hacky". Is there a better way other than WinPEshl.ini to ensure a VBScript runs every time WinPE starts up and can be automated with MDT/OSD? I see that some suggest to edit the OSDInjection.xml file to copy my modified winpeshl.ini instead... Is that the "best" solution? It seems weird that that Microsoft document which references MDT and ZTI would suggest editing the winpeshl.ini file when they know (or should know) that the MDT boot disk creation process doesn't allow that. I did add a call to the VBScript to my pre-execution hook script and that works great. Of course pre-execution hooks are only called on the very first boot into WinPE and not called on subsequent boots once the TS is established. I know there are options like USB->Ethernet adapters with whitelisted MAC addresses or building new computers on unsecured ports. Not looking for those suggestions at the moment. Also concerned wirth the WinPE part only right now. I think I have the instructions for what happens once we reboot into the full OS figured out. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
