Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Windows Logon Message stops MDT

Proposed Answer Windows Logon Message stops MDT

  • Friday, July 16, 2010 9:46 AM
     
     
    Sign In to Vote
    0

    We have a Windows Logon Message across our network. Users see the message before they can logon.

    However this is causing problems as it is stoping the MDT process. The image is installed, PC reboots but then the message appears. When you click OK, MDT continues and works perfectly.

    IS there anyway around this?

     

All Replies

  • Friday, July 16, 2010 10:06 AM
     
     
    Sign In to Vote
    0

    The message comes from a Group Policy?
    If so, maby you can solve this by first joining the computer to an OU where the policy not is being applied, and as a last step (after the last login) move the computer to the correct OU.

    Alternately, filter the Group Policy message on a group membership and add the computer to that group after the last login. 

     
  • Friday, July 16, 2010 10:31 AM
     
     
    Sign In to Vote
    0

    Yes done by Group Policy.

    I was hoping there was another way rather than having to move OUs or Groups. I will look into that.

     
  • Friday, July 16, 2010 6:58 PM
     
     
    Sign In to Vote
    0

    Is this a reference build or a custom image deployment? 

    Obviously you are joined to the domain, so just wanted to check.

    MCTS: ConfigMgr, MDT / http://myitforum.com/cs2/blogs/cnackers/default.aspx
     
  • Friday, July 16, 2010 10:31 PM
     
     
    Sign In to Vote
    0

    Set the Group Policy (using WMI filter) to not apply as long as the C:\Windows\Temp\DeploymentLogs folder does not exists.. e.g when the deployment is running

    Then add a final reboot to your deployment (using FinishAction=REBOOT or a custom script/HTA)

    / Johan

     
  • Saturday, July 17, 2010 7:00 PM
     
     
    Sign In to Vote
    0

    Set the Group Policy (using WMI filter) to not apply as long as the C:\_SMSTaskSequence folder exists.. e.g when the deployment is running

    Then add a final reboot to your deployment (using FinishAction=REBOOT or a custom script/HTA)

    / Johan


    Good idea........but not sure how to do it.

    I can use the statement Select * From Win32_Directory Where Name = 'C:\_SMSTaskSequence which I believe is correct.

    But won't that apply the GPO if SMSTaskSequence does exisit?? How do I tell it to NOT apply if the folder exists?

     
  • Saturday, July 17, 2010 9:18 PM
     
     Proposed Answer
    Sign In to Vote
    1

    I have tried this link http://blogs.msdn.com/b/alex_semi/archive/2009/08/28/avoiding-legan-notice-that-breaks-mdt-autologon.aspx and it works for me.

     

    • Proposed As Answer by SJ3ff Thursday, July 05, 2012 8:12 PM
    •  
     
  • Thursday, July 29, 2010 2:05 PM
     
     
    Sign In to Vote
    0

    I updated my post to rather check for the existence of C:\Windows\Temp\DeploymentLogs, that folder is not created until deployment is complete. Using != or <> in the CIM_Directory class will return true anyway (since it finds other folders).

    Select * From CIM_Directory Where Name = 'C:\\Windows\\Temp\\DeploymentLogs'

    / Johan

     
  • Wednesday, March 09, 2011 11:05 PM
     
     
    Sign In to Vote
    0

    Not to dig up an old post but if you add the WMI filter and link to the GPO will the change affect the rest of the computers on the Domain or only the new ones as they are deployed? In other words will the filter only delay the disclaimer screen on the new deploys.

     

    The reason I ask is I am testing the WMI filter and linking it to the GPO but a few test machines are acting a little strange (IE. not locking down after timeout, not seeing the Disclaimer after a rebooting, etc...). I am not blaming the WMI filter but wanted to check if it could produce other issues beyond the new deploys.

     

    Thanks

     
  • Friday, June 08, 2012 6:08 PM
     
     Proposed Answer Has Code
    Sign In to Vote
    0

    You could run the script after you join computer to the domain and set the "legalnoticetext" to empty string.

    As a last action you can then run "gpupdate /force" that would populate the key again.

    On Error Resume Next
Dim WshShell 
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext", "", "REG_SZ"

    • Proposed As Answer by Gai-jin Tuesday, July 03, 2012 8:24 PM
    •  
     
  • Tuesday, July 03, 2012 8:23 PM
     
     
    Sign In to Vote
    0
    Brano -- That looks like the simplest solution to this issue that I've seen so far.  I just have one concern, if the pc reboots during deployment after this step has run, then will computer policy re-apply, putting the security notice back?  Or will the notice stay disabled until the first time a domain user logs on?
     
  • Wednesday, July 04, 2012 3:57 PM
     
     
    Sign In to Vote
    0

    I have the same problem and trying to find a more elgant way to solve it. We join computers in a temporary OU and then move them overnight using a script that runs automatically on a server in their final place.

    If MDT had a switch to say JoinDomain as last step would be so much easier.

     
  • Friday, October 26, 2012 3:53 PM
     
     
    Sign In to Vote
    0
    I use this method by Alex located here. Basically it sets a variable to put the machine into a workgroup, completes the task sequence and then flips the machine back to the domain and the task sequence completes. The computer then needs to be restarted and is ready for the domain users to login.