Windows Logon Message stops MDT


  • We have a Windows Logon Message across our network. Users see the message before they can logon.

    However this is causing problems as it is stoping the MDT process. The image is installed, PC reboots but then the message appears. When you click OK, MDT continues and works perfectly.

    IS there anyway around this?

    16. července 2010 9:46

Všechny reakce

  • The message comes from a Group Policy?
    If so, maby you can solve this by first joining the computer to an OU where the policy not is being applied, and as a last step (after the last login) move the computer to the correct OU.

    Alternately, filter the Group Policy message on a group membership and add the computer to that group after the last login. 

    16. července 2010 10:06
  • Yes done by Group Policy.

    I was hoping there was another way rather than having to move OUs or Groups. I will look into that.

    16. července 2010 10:31
  • Is this a reference build or a custom image deployment? 

    Obviously you are joined to the domain, so just wanted to check.

    MCTS: ConfigMgr, MDT /
    16. července 2010 18:58
  • Set the Group Policy (using WMI filter) to not apply as long as the C:\Windows\Temp\DeploymentLogs folder does not exists.. e.g when the deployment is running

    Then add a final reboot to your deployment (using FinishAction=REBOOT or a custom script/HTA)

    / Johan

    16. července 2010 22:31
  • Set the Group Policy (using WMI filter) to not apply as long as the C:\_SMSTaskSequence folder exists.. e.g when the deployment is running

    Then add a final reboot to your deployment (using FinishAction=REBOOT or a custom script/HTA)

    / Johan

    Good idea........but not sure how to do it.

    I can use the statement Select * From Win32_Directory Where Name = 'C:\_SMSTaskSequence which I believe is correct.

    But won't that apply the GPO if SMSTaskSequence does exisit?? How do I tell it to NOT apply if the folder exists?

    17. července 2010 19:00
    • Navržen jako odpověď SJ3ff 5. července 2012 20:12
    17. července 2010 21:18
  • I updated my post to rather check for the existence of C:\Windows\Temp\DeploymentLogs, that folder is not created until deployment is complete. Using != or <> in the CIM_Directory class will return true anyway (since it finds other folders).

    Select * From CIM_Directory Where Name = 'C:\\Windows\\Temp\\DeploymentLogs'

    / Johan

    29. července 2010 14:05
  • Not to dig up an old post but if you add the WMI filter and link to the GPO will the change affect the rest of the computers on the Domain or only the new ones as they are deployed? In other words will the filter only delay the disclaimer screen on the new deploys.


    The reason I ask is I am testing the WMI filter and linking it to the GPO but a few test machines are acting a little strange (IE. not locking down after timeout, not seeing the Disclaimer after a rebooting, etc...). I am not blaming the WMI filter but wanted to check if it could produce other issues beyond the new deploys.



    9. března 2011 23:05
  • You could run the script after you join computer to the domain and set the "legalnoticetext" to empty string.

    As a last action you can then run "gpupdate /force" that would populate the key again.

    On Error Resume Next
    Dim WshShell 
    Set WshShell = WScript.CreateObject("WScript.Shell")
    WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext", "", "REG_SZ"

    • Navržen jako odpověď NeighborGeek 3. července 2012 20:24
    8. června 2012 18:08
  • Brano -- That looks like the simplest solution to this issue that I've seen so far.  I just have one concern, if the pc reboots during deployment after this step has run, then will computer policy re-apply, putting the security notice back?  Or will the notice stay disabled until the first time a domain user logs on?
    3. července 2012 20:23
  • I have the same problem and trying to find a more elgant way to solve it. We join computers in a temporary OU and then move them overnight using a script that runs automatically on a server in their final place.

    If MDT had a switch to say JoinDomain as last step would be so much easier.

    4. července 2012 15:57
  • I use this method by Alex located here. Basically it sets a variable to put the machine into a workgroup, completes the task sequence and then flips the machine back to the domain and the task sequence completes. The computer then needs to be restarted and is ready for the domain users to login.
    26. října 2012 15:53
  • Hi,

    I've just had the same problem and solved it after many moons of over-complicated thinking.

    There is a very simple way to delay the legal message based upon the presence of C:\_SMSTaskSequence.

    If you are using the GPO for "Interactive logon: Message text for users attempting to log on" and "Interactive logon: Message title for users attempting to log on" it's simple: DON'T!!!!!

    Instead of using the Interactive Logon Policy items, create registry items for the below...

    You can then apply "Item Level Targeting" on these and only apply is folder C:\_SMSTaskSequence does NOT exist.

    It's as simple as adding a new "File Match" item and then right click on it, go to "Item Options", then choose "Is Not". Then change "Match Type" to "Folder" and enter "C:\_SMSTaskSequence" in the "Path".

    Bob's your uncle, MDT delayed Legal Notice Text :)

    6. května 2015 16:56
  • hi, Chris. could you help with the details step on this.

    27. března 2017 10:35