Sorry, just having this conversation with myself I guess... To answer my question.. It seems like maybe unattend.xml is followed on the first boot to WinPE, but maybe is not run on every subsequent TS managed reboot into WinPE - after the Task Sequence engine is established? Is that possible?
Yes. It seems that is true. Unattend.xml gets run during pre-installation hook boot, but once the TS has staged WinPE to the hard drive and reboots to the hard disk and not the initial boot, then unattend.xml is ignored. I think the TS is in control now and there doesn't seem to be a way to ensure something else runs first. It still seems to run WinPEinit - but it looks like it uses an XML file called WinPEUnattend.xml that I don't think I'll have any luck controlling. Do I really need to call my 802.1x script as a TS step after EVERY "reboot to WinPE" in the task sequence or is there some way to insert a command that gets run every time WinPE is booted and not just before the task sequence initially starts? I have to reboot the computer into WinPE quite a few times before the OS is laid down. Ugh... Tedious. From: [email protected] [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Friday, October 23, 2015 2:23 PM To: [email protected] Subject: [MDT-OSD] RE: Implementing 802.1x in WinPE I think the answer might be to use an unattend.xml file, but I still have something wrong. It doesn't appear that the script identified in the RunSynchronousCommand section is actuialy running. Can anyone see a problem? If I copy the command shown in the unattend.XML file and paste it into an F8-launched command window, I DO get a good IP address, but I not sure what is stopping this from working. Here is my unattend.xml file which is (I think correctly) at X:\unattend.xml when I F8 to a cmd prompt and get a directory of X:... It seems like maybe unattend.xml is run on the first boot to WinPE, but maybe is not run on every subsequent reboot into WinPE - after the Task Sequence engine is estabished? Is that possible? <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State";> <Display> <ColorDepth>16</ColorDepth> <HorizontalResolution>1024</HorizontalResolution> <RefreshRate>60</RefreshRate> <VerticalResolution>768</VerticalResolution> </Display> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Description>Configure8021x</Description> <Order>1</Order> <Path>wscript.exe x:\sms\pkg\sms10000\deploy\scripts\Connect8021x.wsf</Path> </RunSynchronousCommand> </RunSynchronous> </component> </settings> </unattend> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Friday, October 23, 2015 11:21 AM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] Implementing 802.1x in WinPE I am working through getting my deployment process to work on 802.1x enabled secured ports. Environment = SCCM 2012 R2 CU4, MDT 2013 not U1, WinPE 5.1 64bit, OSD with MDT integrated, deploying Win7x64. We use USB boot sticks not PXE and for the moment I am only concerned with bare metal deployments. According to the document "Windows 7 Deployment Procedures in 802.1X Wired Networks" HERE<http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&uact=8&ved=0CB4QFjAAahUKEwjq3vDT-9jIAhVCSiYKHXlaCvY&url=http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Ftelligent-evolution-components-attachments%2F01-6127-00-00-03-31-62-58%2FWindows-7-Deployment-Procedures-in-802-1X-Wired-Networks.pdf&usg=AFQjCNGYlqsG2B6LkR6HQrumdZAoF8stCg&sig2=4YNHSf0zoISXQVag_VxALg>. The solution requires me to update winpeshl.ini which I think I cannot do with MDT. Changes I make to the source WinPE.wim get overwritten when the MDT process builds winpe.xxx00000.wim. Of course I could them crack open THAT wim and edit winpeshl.ini, but I'd have to do it every time the boot image is rebuilt which is not infrequently and also that seems kind of "hacky". Is there a better way other than WinPEshl.ini to ensure a VBScript runs every time WinPE starts up and can be automated with MDT/OSD? I see that some suggest to edit the OSDInjection.xml file to copy my modified winpeshl.ini instead... Is that the "best" solution? It seems weird that that Microsoft document which references MDT and ZTI would suggest editing the winpeshl.ini file when they know (or should know) that the MDT boot disk creation process doesn't allow that. I did add a call to the VBScript to my pre-execution hook script and that works great. Of course pre-execution hooks are only called on the very first boot into WinPE and not called on subsequent boots once the TS is established. I know there are options like USB->Ethernet adapters with whitelisted MAC addresses or building new computers on unsecured ports. Not looking for those suggestions at the moment. Also concerned wirth the WinPE part only right now. I think I have the instructions for what happens once we reboot into the full OS figured out. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
