Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Deployed computers not remembering last user logged in?

Answered Deployed computers not remembering last user logged in?

  • Monday, December 03, 2012 7:39 PM
     
     
    Sign In to Vote
    0

    Alright, I've tried searching for this topic around the forums, so forgive me if someone already asked this, but for some reason, the computers I deploy, when finished, don't ever remember the last person who's logged in after a reboot, or some sort of logoff action

    Everything in the script works fine - things complete without error, and the OS deployment is happy.  But after it ends, it never remembers the last logged in user.  Even after joining the domain, and using different accounts, it refuses to remember.  I checked to see if various registry keys existed (LastLoggedOnUser, Winlogon key) and they all seem to exist, so I have no idea what the issue is.

    Has anyone else come across this problem?

     

All Replies

  • Monday, December 03, 2012 8:16 PM
     
     Answered
    Sign In to Vote
    1

    I'm going to assume you're using MDT 2012 and Windows 7. If so it applies a local GPO pack now, that Microsoft deems is the new minimal security a corp environment should have,  during the last phase of the installation. There's two ways you can go about "fixing" this. You can either

    • Disable the Apply local GPO package step in your Task sequence under State Restore 
    • Bbrowse under your distribution folder to<drive letter>\Distribution\Templates\GPOPacks\Win7SP1-MDTGPOPack\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit and edit GptTmpl.inf ... look for line

    MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1

    Change it to

    MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0

    which will fix the issue as well but leave all the other security settings set.

    Hope this helps!

    • Proposed As Answer by Andrew Barnes Tuesday, December 04, 2012 3:52 PM
    • Marked As Answer by Q-Tech Wednesday, December 05, 2012 12:58 PM
    •  
     
  • Monday, December 03, 2012 9:48 PM
     
     
    Sign In to Vote
    0

    @Lindz1212,

    Excellent!  I'll try that tonight, and let you know.  

    Thanks for the tip!

     
  • Tuesday, December 04, 2012 8:21 AM
     
     Proposed
    Sign In to Vote
    0

    In addition to Lindz1212 answer.

    If you add ApplyGPOPack=NO to customsettings.ini it will not apply GPO pack for all your task sequences.

    • Proposed As Answer by Andrew Barnes Tuesday, December 04, 2012 3:52 PM
    •  
     
  • Tuesday, December 04, 2012 4:39 PM
     
     
    Sign In to Vote
    0

    So I tried disabling the Local GPO package, but the deployment still doesn't remember.  Darn.

    I have a question though - this WIM image I'm deploying, it's a captured image.  If it never had a last user logged in on the master image, would that cause this issue in my deployment?

    I'll try your suggestion next Mike - I'll attempt anything!  Haha

     
  • Tuesday, December 04, 2012 6:26 PM
     
     
    Sign In to Vote
    0

    what was the capture source and how?

    NO domain GPO applied? What happens if you log on and run RSOP.msc? what GPO is applied if any?

    • Edited by Shrek46 Tuesday, December 04, 2012 6:26 PM
    •  
     
  • Tuesday, December 04, 2012 6:35 PM
     
     Answered
    Sign In to Vote
    0

    Did you create this image using MDT where it actually did apply the local policy?

    Local policies will remain in effect even if the system is sysprepped, captured and redeployed.

    Verify the existence of the local policy "Interactive Logon: Do not display last user name" (Computer config > policies > windows settings > security settings > local policies > security options)

    Kind regards,

    Stephan Schwarz.

    If one of these posts answered your question or issue, please click on "Mark as answer".

    My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCSA, MCC-2011.
    How to configure Windows RE/OEM Recovery Partition with MDT
    How to configure Windows RE/OEM Recovery Partition with MDT 2012 Update 1

    • Proposed As Answer by Michael Klinteberg Wednesday, December 05, 2012 9:28 AM
    • Marked As Answer by Q-Tech Wednesday, December 05, 2012 12:58 PM
    •  
     
  • Wednesday, December 05, 2012 12:56 PM
     
     
    Sign In to Vote
    0

    @Shrek46,

    Yes, we have it set so that no domain GPO gets applied until it's moved into a specific OU.  

    @Stephan Schwarz,

    You guys rock!  That was it - I didn't turn off the GPO package when I created the image, so it always keeps the setting.  

    With that figured out, just another question -- is there a way I can edit the GPOPack so that it enables this setting, instead of disabling it?  I could redo the image, but if there's a way to just edit the GPO so that it enables it everytime, I don't have to go through that whole rigamaroll.  

    Thanks again for all your advice! 

     
  • Thursday, December 06, 2012 4:05 AM
     
     
    Sign In to Vote
    0
    You can use the Microsoft Security compliance manager to edit the GPO, check out this article, http://www.deploymentresearch.com/Blog/tabid/62/EntryId/47/Creating-and-Applying-Custom-GPO-Packs-using-MDT-2012-Beta-2-with-or-without-SCCM-2007-2012.aspx