Editing unattend.xml
-
Wednesday, June 13, 2012 12:14 AM
After creating a task sequence can I just open up the control\<sequenceID>\unattend.xml with WISM and edit it?
Specifically, I want to disable the OOBE, autologon Administrator and add a FirstLogonCommand to run a vbs that I wrote to name the machine and add it to the domain.
All Replies
-
Wednesday, June 13, 2012 2:43 AM
You can edit the unattend.xml file with WISM, however I'm confused why you want to configure these things since the OOBE shouldn't actually show up when you deploy Windows using MDT, unless the system is sysprepped at the very end of the task sequence. All the other things can also be done with MDT like building machine names and joining domain.
Kind regards,
Stephan Schwarz
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT -
Wednesday, June 13, 2012 1:45 PM
I haven't actually tried it yet but if I sysprep and capture a customized machine, sysprep will run and the oobe will be displayed correct? And editing the unattend.xml for this deployment sequence I could remove the oobe?
I understand naming and joining the domain is supported in the task sequence and/or unattend but I already have the vbs that works and there's some logic in it for our environment so I'd like to stick with it for now.
-
Wednesday, June 13, 2012 2:28 PM
Hi,
Ok now that I think I have a better understanding of what you’re trying to achieve I can try to give you an answer as what to do.
There are three scenario’s where one of them might apply to you, since I’m not entirely sure which, I’ll write them all up.
First.
You deploy Windows 7 using MDT, using the standard client task sequence. You specify at the begin of the wizard to sysprep and capture this image. Now, if you were to edit the Control\TSID\Unattend.xml file in this case, you might get undesired results, the reason for this is because this unattend.xml file is actually used for both the initial deployment, and it is again used again to copy it to the %windir%\System32\Sysprep so that Sysprep can process it. You’d have to disable the step in the task sequence to execute sysprep and manually add a new run command line that executes sysprep.exe and supply the /oobe /generalize /quit /unattend:unattend.xml switches to include a different answer file to be used for sysprep so you can provide different other settings for the OOBE/autologon/firstrun commands etc.
Second.
You’re running an installed version of Windows 7, whether this was done manually or done by MDT won’t matter as long as the actual task sequence itself has finished. The key point in this case would be that once you’re satisfied to capture this image you run a task sequence that’s based on the sysprep and capture template. In this case you could edit the Control\TSID\Unattend.xml since this answerfile is only used during the Sysprep step and not during an initial installation.
Third
If you’re actually concerned about the actual deployment of the customized image, which I’ll assume you’d be deploying with MDT. Then in this case I would recommend to deploy the image into a workgroup. I would actually recommend not to change anything at all in the unattend.xml file in this scenario, but instead just create all your changes including running the vbs script that you plan on using as part of the task sequence itself.
Kind regards,
Stephan Schwarz
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT -
Wednesday, June 13, 2012 2:59 PM
Ok, I've already deployed a basic image to my "master" machine using source files from the Win7 disc. I am now customizing it to add all my apps (thick image), once I'm done I want to capture this so it can be deployed to other machines, both of the same model and different models. I need the oobe skipped because no one will be sitting there to click through it, autologon as Administrator, and run my vbs to name the machine, join the domain, disable autologon (and a few other things) and then reboot so it's ready for the user.
So it looks like option 2 would fit my needs, but once I've captured the image I need to create a new TS to deploy itt? Wouldn't that put me back with the problems of option 1 again?
Another thing, is the best way to customize the image to be logged in as Administrator while I make my changes and then copy the profile using the Microsoft-Windows-Shell-Setup > CopyProfile setting in unattend.xml?
-
Wednesday, June 13, 2012 3:14 PM
Please note, MDT will do these things automatically:
Skip OOBE
Enable auto-logon using built-in administrator account.
Launch the task sequencer to execute predefined actions, or custom actions defined by you.
Once every task has completed, it will inintiate a cleanup process. This will remove all MDT files again from the PC, disable the built-in Administrator account and it's autologon settings. At the end a summary page will be displayed whether the deployment was successful or not (warnings or errors will be shown in this page if applicable).
From what I understand, the only thing in this process missing is running your own custom vbscript to join the computer to your domain and change the pc name. You can run this vbscript from the task sequence, anywhere in the "State Restore" section. It's as simple as adding a "run command line" step to the task sequence and then provide the path and filename to your script.
In addition, you could enable the skipping of the results summary and force the client to reboot or logoff so it will be ready for an end-user (however not seeing this screen will pretty much force you to verify the log files to make sure there were no errors on deployments).
When working with the CopyProfile, you need to make sure this is used with the unattend.xml that is actually used to >>>deploy<<< the customized OS onto the end-user machines.
Kind regards,
Stephan Schwarz
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT -
Wednesday, June 13, 2012 3:42 PM
Thank you very much for the help so far. I've only been on these forums for a few days and the help and ideas I've been given has been awesome.
I would like the autologon to be disabled by my vbs, not by MDT, how is this possible? My vbs is actually 2 files, the first one runs (names the machine), creates an entry in runonce for the second phase, reboots and the second vbs joins the machine to the domain, disables autologon and reboots. I'd like my vbs to disable autologon because I have some logic in there to reboot the machine if the machine doesn't have an IP, so I don't really know how many logins it may take, I just disable it when everything is complete.
Is it before the image is uploaded (ie the sysprep and capture task) that the unattend.xml with CopyProfile setting copies Administrator to Default, or after the image comes down (ie the standard client task) to the new machine?
-
Wednesday, June 13, 2012 4:02 PM
The LTICleanup.wsf script takes care of disabling auto-logon, you can find this around line 128-140. However, I personally don't recommend editing these scripts. If you have a reason to do so, you should make a copy of them, and rename them and use the copy of the script instead to be executed from the task sequence (you can edit the filename of the script that is executed for the "cleanup" step). This way any other task sequences that depend on the default scripts dont get undesired results.
I would actually recommend to adjust your own script somewhat, since you mention it actually reboots the pc after adding the runonce entries. If you were to add this script to the task sequence, and it reboots without MDT knowing then MDT will start throwing up warnings.
In your case I'd remove the reboot section from script 1, and simply use the task sequencer and add another reboot after the script 1 has been executed. For the second one, I dont think that the checking for an IP is a necessity due to MDT requiring a network connection (assuming we're not dealing with install from media based installations) so MDT will actually throw up an error message that it could not connect to the deploymentshare due to a network error and prevents the rest of the task sequence to be executed (including your script).
For the CopyProfile, it's the latter. Once the image is deployed on the machine, and the machine boots for the first time, it processes the configuration settings that were applied to it, of CopyProfile was enabled, the Administrator account is copied to the default user profile at this stage.
Kind regards,
Stephan Schwarz.
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT- Marked As Answer by J. Wall Wednesday, June 20, 2012 4:09 PM
-
Wednesday, June 13, 2012 6:18 PM
Ok, I'll take your recommendations and modify my scripts and run them using the task sequencer, I'll fiddle with that.
I'm not following how to specify my custom unattend.xml. Do I just disable the State Restore > Imaging > Sysprep Only > Execute Sysprep task and instead add a new "run command line" task in its place that runs "sysprep.exe /oobe /generalize /reboot /unattend:unattend.xml"
-
Wednesday, June 13, 2012 6:45 PM
Yes, however don't use /reboot, since this enforces a reboot without the task sequencer knowing about it. Use /quit and let the task sequencer finish on it's own. Also you'll have to provide the entire path to sysprep, so that'd be %windir%\System32\Sysprep.
Kind regards,
Stephan Schwarz
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT- Edited by Stephan Schwarz Wednesday, June 13, 2012 6:46 PM
-
Tuesday, June 19, 2012 4:26 PM
I am still trying to get my Administrator account copied to Default User. Here's my workflow:
- Install Win7 using an MDT task sequence which injects the necessary OEM drivers
- Customize the Administrator profile
- Capture the image using a Sysprep and Capture task. I initiate the task by connecting to the share from within Windows. I have SkipCapture=YES in my Default rules so the command I run is actually "cscript \\192.168.1.63\DeploymentShare$\Scripts\LiteTouch.vbs /rulesfile:\\192.168.1.63\DeploymentShare$\Control\CustomSettingsTest.ini", CustomSettingsTest is identical except SkipCapture=NO
- The image is captured, afterwards my "master" reboots to the Oobe. I shut it off.
- In the MDT workbench I imported a new operating system and choose the captured wim
- In the MDT workbench I created a new Standard Client Task Sequence, and select the captured wim as the operating system
- I opened the properties of the TS > OS Info tab > Edit Unattend.xml and modified the Microsoft-Windows-Shell-Setup under the Specialize phase to set CopyProfile to True
- I turned my "master" back on, pressed F12 and ran the TS to install my captured image with edited unattend.xml
- When the workstation was done imaging it logged Administrator in but none of my config is there (see below). I created a second user, rebooted logged in with him and again none of my config is there.
Some of the things I am setting in the Administrator profile are:
- "Use small icons" in the taskbar
- Never combine taskbar buttons
- "Always show all icons and notifications on the taskbar"
- Deselected "Use large icons" on the start menu
- "Show hidden files, folders and drives" in Windows Explorer
- Deselected "Hide extensions for known file types"
- In Action Center, disabled alerting me for all issues ie Windows Update, Spyware protection, Internet Security settings, UAC etc
- Hid the icon for the Intel video settings in the sys tray (Right-click > Exit Tray)
- Disabled hiberation: Start > cmd > powercfg -h off
- Set small icons in Control Panel
- Set screensave to Ribbons, 15 min
- Set to never turn the display off and never go to sleep
What am I doing wrong here? Should I be making these changes in Audit mode?
-
Tuesday, June 19, 2012 5:55 PM
You shouldn't need to do this in Audit mode per-se, the Built-in admin account is fine.
Here's a couple of links that might be of some help to you:
From the overview itself, it seems like your process is correct though. However, some of the settings you specify will not be copied into the default user profile, can't tell you for sure which ones I'm certain off, but I'm pretty sure not all of those will remain saved. I however can't find the document or site I was saw which was pretty clear in listing what would be copied and what not.
Check out your \Windows\Panther\UnattendGC\Setupact.log to see if the setting has been processed (search for copyprofile).
Kind regards,
Stephan Schwarz
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCC.
How to configure Windows RE/OEM Recovery Partition with MDT- Marked As Answer by J. Wall Wednesday, June 20, 2012 4:09 PM
-
Wednesday, June 20, 2012 4:01 PM
.png)
