Monday, December 03, 2012 7:39 PM
Alright, I've tried searching for this topic around the forums, so forgive me if someone already asked this, but for some reason, the computers I deploy, when finished, don't ever remember the last person who's logged in after a reboot, or some sort of logoff action
Everything in the script works fine - things complete without error, and the OS deployment is happy. But after it ends, it never remembers the last logged in user. Even after joining the domain, and using different accounts, it refuses to remember. I checked to see if various registry keys existed (LastLoggedOnUser, Winlogon key) and they all seem to exist, so I have no idea what the issue is.
Has anyone else come across this problem?
Monday, December 03, 2012 8:16 PM
I'm going to assume you're using MDT 2012 and Windows 7. If so it applies a local GPO pack now, that Microsoft deems is the new minimal security a corp environment should have, during the last phase of the installation. There's two ways you can go about "fixing" this. You can either
- Disable the Apply local GPO package step in your Task sequence under State Restore
- Bbrowse under your distribution folder to<drive letter>\Distribution\Templates\GPOPacks\Win7SP1-MDTGPOPack\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit and edit GptTmpl.inf ... look for line
Change it to
which will fix the issue as well but leave all the other security settings set.
Hope this helps!
Monday, December 03, 2012 9:48 PM
Excellent! I'll try that tonight, and let you know.
Thanks for the tip!
Tuesday, December 04, 2012 8:21 AM
In addition to Lindz1212 answer.
If you add ApplyGPOPack=NO to customsettings.ini it will not apply GPO pack for all your task sequences.
- Proposed As Answer by Andrew Barnes Tuesday, December 04, 2012 3:52 PM
Tuesday, December 04, 2012 4:39 PM
So I tried disabling the Local GPO package, but the deployment still doesn't remember. Darn.
I have a question though - this WIM image I'm deploying, it's a captured image. If it never had a last user logged in on the master image, would that cause this issue in my deployment?
I'll try your suggestion next Mike - I'll attempt anything! Haha
Tuesday, December 04, 2012 6:26 PM
what was the capture source and how?
NO domain GPO applied? What happens if you log on and run RSOP.msc? what GPO is applied if any?
- Edited by Shrek46 Tuesday, December 04, 2012 6:26 PM
Tuesday, December 04, 2012 6:35 PM
Did you create this image using MDT where it actually did apply the local policy?
Local policies will remain in effect even if the system is sysprepped, captured and redeployed.
Verify the existence of the local policy "Interactive Logon: Do not display last user name" (Computer config > policies > windows settings > security settings > local policies > security options)
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCSA, MCC-2011.
How to configure Windows RE/OEM Recovery Partition with MDT
How to configure Windows RE/OEM Recovery Partition with MDT 2012 Update 1
Wednesday, December 05, 2012 12:56 PM
Yes, we have it set so that no domain GPO gets applied until it's moved into a specific OU.
You guys rock! That was it - I didn't turn off the GPO package when I created the image, so it always keeps the setting.
With that figured out, just another question -- is there a way I can edit the GPOPack so that it enables this setting, instead of disabling it? I could redo the image, but if there's a way to just edit the GPO so that it enables it everytime, I don't have to go through that whole rigamaroll.
Thanks again for all your advice!
Thursday, December 06, 2012 4:05 AMYou can use the Microsoft Security compliance manager to edit the GPO, check out this article, http://www.deploymentresearch.com/Blog/tabid/62/EntryId/47/Creating-and-Applying-Custom-GPO-Packs-using-MDT-2012-Beta-2-with-or-without-SCCM-2007-2012.aspx