Saturday, August 04, 2012 1:00 PM
We normally do the following:
1. For each freshly created PC in AD, add a group to the PC that applies policy.
2. Manually add a domain group to local admin for developers that need it.
I think that I understand how to do #2 (Administrators001=DOMAIN\GroupName in my cs.ini), but I'd like to figure out how to do #1.
The main problem is that #1's policy will be renaming the local administrator account, so I need it to apply before the auto-login step in the deployment sequence (so I can have it properly auto-login and finish the deployment).
I did see this old post, but I was sorta hoping that there was something awesome built in by now, or something easier.
Sunday, August 05, 2012 7:43 PM
No such thing is built-in.
In general it's suggested to use a staging OU where there's no GPO's that affect the deployment, and as a last step of the deployment move the computer account to a different OU. This way the task sequence can complete normally and once it's done, the GPO can take effect to rename the admin account after the reboot.
And the post you found should still apply to solve the issue regarding adding the computer object to a security group.
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCSA, MCC-2011.
How to configure Windows RE/OEM Recovery Partition with MDT