MDT's process is gone after first reboot


  • Hi all,

    We use MDT 2012.

    Recently we decided to customize the Image/Capture file that is installed on the computers at the company.

    We have a computer that we performed a capture of it, we did no changes on it, other than Windows 7 updates and editing the Default user (wallpaper, homepage, desktop icons etc.)

    Until the last capture we made, everything worked fine.

    We tried to capture a new image using the old Task Sequence of capturing with no success, every time we received error messages (each time more and more).

    The same problem also appeared when we tried to create a new Task Sequence of capturing and left the default settings of it.

    Then we created a new Task Sequence with no Sysprep (

    The capture seem to be working properly. We updated the .wim file in the Task Sequnce of the deployment, the came a new problem:

    After deploying OS (By the way, the installation of the OS is correct, but without applications or "Finish" screen), the computer reboots and reach the login screen without a trace of the deployment process.

    Even when we took a new capture of computer that is configured to "automatically login", after deployment, the computer reach the desktop screen without a trace of the deployment process.


    • Edited by Amit_H Sunday, June 02, 2013 1:43 PM
    Sunday, June 02, 2013 1:40 PM

All replies

  • You need the Sysprep step so that it generalizes the image (like the name, some GUIDs, etc).  Otherwise, EVERY machine you deploy from that WIM will be exactly the same, not just the same image.

    Take a few steps back and lets figure out why you couldn't capture the image with Sysprep.  Can you post any of the logs from the broken Capture Task Sequence?  Is the machine you are doing the Capture from a VM?  Do you have a Snapshot of it prior to Capture if you are using "Sysprep and Capture" and not completely building it from scratch?

    David Coulter | | @DCtheGeek

    Sunday, June 02, 2013 2:34 PM
  • Hi DCtheGeek, thank you for the quick response.

    This is not a VM, this is a latop, Windows 7 Enterprise installed on it (clean install from disk).

    We just updated it and custom the default user.

    We tried (again) to create a new Task Sequence of capturing with Sysprep, at this time, we did not change anything. We just left it with its default settings. (When creating this TS, OS should be chosen, we chose a clean image of Windows 7, is this correct?)

    When we tried to capture the laptop mentioned above from boot, we received the following errors:

    When we tried to capture the laptop using "LiteTouch.vbs" script (from OS), then we received the following errors:

    (The "Operation aborted..." error repeats a few times).

    Can you tell where is the log file, so that we can copy the text instead of taking a picture of it?

    By the way, we were told that Windows 7 does not need in Sysprep because it can identify the changes by itself.

    • Edited by Amit_H Monday, June 03, 2013 9:07 AM
    Monday, June 03, 2013 8:57 AM
  • Blog post for finding your log files with MDT:

    That said, best practice is to do your build and capture from a Virtual Machine (like in Hyper-V on Windows 8) if possible.  It allows you to make snapshots and revert as necessary and keeps it "driver agnostic" during the build.  And whoever told you that Windows 7 does not need Sysprep was wrong.  It is required to both generalize and image as well as apply the Unattend.xml during Deployment imaging.

    Those said... can you try running LiteTouch.vbs as an administrator?  And just to confirm, you didn't copy LiteTouch.vbs or other files locally, you connected to the MDT share and are running it from the mapped drive or UNC?

    David Coulter | | @DCtheGeek

    Monday, June 03, 2013 10:15 PM
  • Hi again,

    About the log files -  there is no "MININT" folder, and the "%WINDIR%\TEMP\DeploymentLogs" contains logs from 2011.

    If it changes, MDT has its own partition (D:), anyway, there is no MININT under D: drive as well.

    Even when we searched for "logs" under D: drive, there were no results.

    Back to the matter, we use VMware if it helps, we will try to install Windows 7 Enterprise, update it and edit default user, then we will try to capture it. We will let you know what happened.

    We run LiteTouch.vbs this way:

    Enter OS of the laptop we want to capture using local Administrator.

    Open the path of the MDT server using Start>Run> \\MDT-Server\...

    It asks for credentials, and we insert one of the domain administrators account (without mark "remember my credentials").

    Run "Scripts\LiteTouch.vbs"

    Continue as usual to take a capture of the OS.

    Get errors.

    Even when we tried to map the path (without mark "Reconnect at logon" if it matters), open cmd as local administrator and run LiteTouch from there - we get errors.

    Another issue, can you please explain why when creating a Task Sequence of capturing it requires an OS image? (There will be an image only after we will use this TS! Where is the logic behind that?!)

    Thanks a lot!

    Tuesday, June 04, 2013 7:11 AM
  • To answer your last question, the Task Sequence needs a reference to your OS so that it can grab the right Unattend to use during the capture.  It's disabled by default in the Task Sequence, but is needed for reference only.

    Instead of manually installing Windows, making changes, and then manually capturing it, have you tried to do a fully automated capture.  Basically, it's the same default "Standard Client Task Sequence" but you select to do the Capture in the Wizard at the beginning and it triggers the group at the end to boot to WinPE and capture the WIM.  Then you don't have to manually configure your VM the way you want, you configure the Task Sequence to do the changes you want.  Automates it and makes it more repeatable. : )

    Anyway, back to your problem.  The "Capture Only" isn't really configured for booting from WinPE (and instead is for running via LiteTouch).  Just to be clear, "LiteTouch.vbs" should be run as a local admin on the machine.  The creds you provide once launching LiteTouch.vbs are for connecting to the DeploymentShare, not for the local machine.  Make sure to open a Command-prompt as Admin on the machine, then run LiteTouch.vbs.  The first error about not being able to read the registry makes me think it's a "local admin" issue.  So let's validate that, first.

    David Coulter | | @DCtheGeek

    Tuesday, June 04, 2013 2:30 PM
  • Hi!

    We tried to capture VMware and it worked! Thanks!!!

    Anyway, it worked only using LiteTouch.vbs with local administrator, not using boot mode (we got errors).

    Can you instruct us how exactly we should do the "automated capture" you mentioned? It sounds to be very useful for us!

    Wednesday, June 05, 2013 1:36 PM
  • Yes, like I said, the Capture is configured to be run from LiteTouch.vbs, not from WinPE.  There are steps in it to do some config work, then call WinPE, then do the capture.  Calling from WinPE just confuses it. : )

    From a very high level, here are the steps for "automated capture":

    • Import original media OS into MDT (like Windows 7 x64 SP1)
    • Create a new "Standard Client Task Sequence", point to the OS you just imported, and answer the rest of the Wizard questions.
    • Ensure your CustomSettings.ini doesn't have steps that would skip the capture (like SkipCapture=YES)

    Then boot your VMware to your MDT Boot Image, select this new Task Sequence, in the Wizard on the Capture screen select the option to perform the capture, and it will run the install, do some Windows Updates, sysprep the image, and then capture it to a WIM.  Once you've got this part to work, it's simply a matter of adding steps to the Task Sequence (best place to start is the "Custom Tasks" group in "State Restore" group).  You can add steps to install Applications (that you'll need to import into MDT), run Scripts to make configure changes, command lines for registry updates or other items, etc.  Then try running the new Task Sequence on the VM again.  The idea is that you have a Task Sequence that installs original OS media, does updates, installs the apps you want and config you want, then captures it.  Voila, automated!

    David Coulter | | @DCtheGeek

    Wednesday, June 05, 2013 2:37 PM
  • Hello again, and thanks for helping!

    Actually, we tried to build a new Task Sequence, and all programs were installed correctly.

    But we encountered a new strange problem: After deployment was successfully completed, we restarted the computer and tried to enter Local Administrator account, and for some reason it was disabled.

    Do you have any idea how to solve this issue?

    Sunday, June 09, 2013 3:03 PM
  • For your Deploy Task Sequence, does your Unattend.xml have the EnableAdmin segment (under component "Microsoft-Windows-Deployment" in the "specialize" pass)?

            <RunSynchronousCommand wcm:action="add">
              <Path>cmd /c net user Administrator /active:yes</Path>

    Without it, you would have had to add your own local admin account during the Build and Capture Task Sequence (which many people chose to do) when creating the WIM.

    David Coulter | | @DCtheGeek

    Sunday, June 09, 2013 3:49 PM
  • Hello again,

    This is what we have:

    <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
            <RunSynchronousCommand wcm:action="add">
              <Path>cmd /c net user Administrator /active:yes</Path>
            <RunSynchronousCommand wcm:action="add">
              <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
            <RunSynchronousCommand wcm:action="add">
              <Description>disable user account page</Description>
              <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>

    Seems to be correct. Does not it?
    Monday, June 10, 2013 7:47 AM
  • Yes, that seems to be correct.

    Let me ask this for clarity.  You ran the new "build" Task Sequence against the machine and verified it built a WIM and saved it to the network.  Then you imported that WIM, created a "Deploy" Task Sequence, used the imported WIM, and imaged a new machine with the "Deploy" Task Sequence, right?  The machine you couldn't log into wasn't the one you performed the "Build" Task Sequence against immediately after capturing it, right?

    David Coulter | | @DCtheGeek

    Monday, June 10, 2013 12:48 PM
  • Never mind,

    We found the source of the problem, while trying to copy a task sequence, we mistakenly replaced the "unattend.xml" file.

    But we have another 2 problems:

    1. Recently, while deploying, sometimes after restart, the computer loses connection with the deployment server. We receive a message, but when clicking "Retry", it continues the deployment. It's pretty anoying, bottom line we want the computer to be installed unattended.

    2. When booting from NIC, and entering the deployment, we get a welcome screen ( with no cursor, mouse and keyboard are not responding. After shutting down the computer (using the computer's button), the problem disappears.

    Can you help please?

    Thursday, June 20, 2013 8:53 AM
  • 1.  There are reports in this forum about gigabit nic cards being "too fast" and having issues on connect that work fine later.  Is the hardware you are seeing this on a gigabit nic card?

    2.  Sounds like a driver or driver load problem.  Are you using WAIK (WinPE 3) or ADK (WinPE 4)?  Also, if you want to bypass that screen, you can just add SkipBDDWelcome=YES to the [Default] segment of your Bootstrap.ini on your Deployment Share rules.  Note that changing Bootstrap.ini will require you to regenerate your Boot Images to see it get used.

    David Coulter | | @DCtheGeek

    Thursday, June 20, 2013 3:03 PM
  • 1. This is Intel's network card. After checking the issue, probably the problem is different. We install pilot of desktops with SSD hard disk. Apparently the SSD HD is too fast, it loads the LiteTouch file from Startup folder before the NIC can connect...

    2. For some reason, this problem seems to be disappeared.

    Is there an option from MDT to add Task Sequence to move the computer object in Active Directory by its name?

    Like, if computer name it's ABC-LAP, move it to Laptops OU, it it's ABC-DESK move it to Desktops OU.

    Tuesday, June 25, 2013 9:16 AM
  • You could edit LiteTouch.vbs to introduce a few seconds of delay in order to give the NIC time to initialize prior to the rest of the script running.  If you wanted, you could get fancy and do a lookup for the HDD that has this issue specifically and then delay only if it matches that model, so the delay (other than the lookup) wouldn't affect other systems.

    For the AD move, you could take a look at this post ( for a script.  Then create a Task Sequence Step for Laptop Move and one for Desktop Move, but set the Condition for IsLaptop or IsDesktop, etc, as needed.  Or you could change the script itself to do that logic and call it just once.

    David Coulter | | @DCtheGeek

    Tuesday, June 25, 2013 1:27 PM
  • Hi,

    Great Idea! How should we do it? Just edit LiteTouch.vbs under Scripts folder? MDT's just copying it to Startup folder while deploying?

    Need to add

    WScript.Sleep 100

    for 10 seconds delay on the first line in LiteTouch.vbs?

    About the OU change, we still trying to figure out what the script you sent me above is doing. We couldnt understand where to edit it exactly, how to run it from TS and how it moves computers to another OU without using computer name... We will let you know later if we succeed.

    Another question please, is there any option to edit the local administrator password of deployment? we set a new password on capture, set the same one while creating the TS, but for an odd reason, while deploying it sets the old password we set in the past for local administrator and not the new one...

    Wednesday, June 26, 2013 2:23 PM
  • Yes, I would edit both LiteTouch.vbs and LTIBootstrap.vbs (since this is the file that is used to restart the Task Sequence and it calls LiteTouch.wsf directly).

    For the OU script, you'd use a Command Line Step and call it like this:

    cscript.exe "%deployroot%\scripts\MoveComputerOU.vbs" "OU=Staging,DC=mydomain,DC=local"

    You would also need to place the MoveComputerOU.vbs file into your Scripts folder on the Deployment Share.  Line 38 is where it gets the current running devices Computer Name.  You'd create one of the Steps for each OU you would want to move the machine to, then would set the condition on it so that that particular MoveComputerOU only runs when say IsLaptop=TRUE or Model=SomeTablet or whatever you want for each of your OUs.

    The local admin password of the deployment would have been set when you created the Task Sequence.  The Task Sequence creation Wizard gives you the ability to set the admin password, or to have it not configured (and MDT handles it).  If you need to change it, it's stored as part of the Unattend.xml for that Task Sequence.  Here's an example from one I just created where I set the password:


    David Coulter | | @DCtheGeek

    Wednesday, June 26, 2013 2:46 PM
  • 1. We tried to edit LiteTouch.vbs LTIBootstrap.vbs under Scripts folder, just added the line:

    WScript.Sleep 10000

    for 10 seconds delay, after "Initialization" title in the scripts.

    But we still get the error, it seems the deployment doesn't delayed, it starts immediately.

    2. About the OU issue, tried to use MoveOU.vbs from here: and used this Command in TS:

    cscript.exe MoveOU.vbs "OU=Desktops,OU=Computers,OU=Site,DC=Domain,DC=local"

    and used this condition for the command:


    Select * From Win32_ComputerSystem WHERE Name LIKE "%DESK%"

    (for computers with "DESK" in computer name)

    But with no success. Here's the Deployment Summery:

    3. Tried to edit unattend.xml and insert a new password in "MyPassword" sections where you displayed above, with no success.

    Here the error message we had:

    By the way, before we changed it, there was written a long passwordthat does not familiar to us, seems to be encrypted.


    • Edited by Amit_H Monday, July 01, 2013 2:24 PM Mistake
    Monday, July 01, 2013 2:24 PM
  • Someone?
    Sunday, July 07, 2013 12:06 PM
  • For the delay, can you see the delay in the logs showing that it actually waited 10 seconds?  And maybe 10 seconds isn't enough... maybe go crazy and try like 2 minutes and then work backwards until it stops helping.

    For the MoveOU, does it run if you run it by hand or is it the WMI that's failing?  In the logs (smsts.log) you can see if it was skipped or executed.

    If it was encrypted, then PlainText was probably set to False?

    David Coulter | | @DCtheGeek

    Monday, July 08, 2013 5:22 PM
  • I have simply added the delay for all scripst by modifiying the ZTIUtility.vbs script. Simply add one line, wscript.sleep 5000, to the script to delay 5 seconds. I added mine here under check for ip address and it fixed the issues I had exactly like yours and many others.

      'Check for IP address

      wscript.sleep 5000

      Set colAdapters = objWMI.ExecQuery("select * from win32_NetworkAdapterConfiguration where IPEnabled=True")

    Hope this helps!

    Tuesday, July 09, 2013 2:41 PM
  • Do not directly edit the xml. Use the MDT workbench.

    Tuesday, July 09, 2013 3:20 PM
  • It seems the problem is not in the seconds quantity. the deployment is not delayed. Maybe editing this file does not affect the deployment process.

    Where can we find all these scripts? We searched for all *.log files without finding it. That's why we sent the deployment summery, maybe you can find there something that helps to find the solution.

    So if it's encrypted, how do we change the local admin password?


    Thursday, July 11, 2013 11:47 AM
  • Thanks! It works perfectly!!!

    What about the two other questions?

    Thursday, July 11, 2013 12:57 PM
  • Like I said before, read this post to help you find your log files:

    As to changing the password, the Unattend.xml just uses Base64 to "encrypt" the password.  If you want to quickly change the password in the Unattend.xml, use Base64 (I use this page: to get your encrypted string, and replace it in the <Password><Value> segment.  The Unattend.xml is stored in %DeployRoot%\Control\<TS ID> folder.

    David Coulter | | @DCtheGeek

    Thursday, July 11, 2013 3:25 PM
  • Hi, We will check the issue. We have another problem now :|

    When trying to capture an image, we're getting this message:

    A VBScript Runtime Error has occurred:

    Error: 500 = Variable is undefined VBScript Code:


    ValidateCaptureLocation We did not change anything.

    Have no idea why this is happening.

    Anyone knows?



    The question is mentioned above (reply to wizard999).

    We found the source of problem. Please help.

    • Edited by Amit_H Wednesday, July 17, 2013 12:01 PM change
    Monday, July 15, 2013 7:37 AM
  • I have simply added the delay for all scripst by modifiying the ZTIUtility.vbs script. Simply add one line, wscript.sleep 5000, to the script to delay 5 seconds. I added mine here under check for ip address and it fixed the issues I had exactly like yours and many others.

      'Check for IP address

      wscript.sleep 5000

      Set colAdapters = objWMI.ExecQuery("select * from win32_NetworkAdapterConfiguration where IPEnabled=True")

    Hope this helps!

    We found the source of the problem...

    The editing of delay like you suggested, making this error message.

    There is another place where we can insert this sleep line that won't make problems?

    Wednesday, July 17, 2013 11:58 AM
  • Perhaps your editing was incorrect....this is in my ztiutility.vbs - i bolded the only line i added - as you can see the same sleep function is natively in the code farther down - i simply took that idea and line from below and added it to pause the script 5 seconds before it continutes with checking for valid network connectivity - it works 100% - mdt2012u1

    Function ValidateNetworkConnectivity

      Dim Entity, ID, oAdapter, oAdapter2, colAdapters, colAdapters2, sIPConnectionMetric, sWirelessConnectionMetric
      Dim bValidIP

      ' Check for networkadapters present

      bValidIP = True
      If objWMI.ExecQuery("select * from win32_NetworkAdapter where Installed = true and adaptertypeid = 0").Count = 0 then
       oLogging.CreateEntry "No networking adapters found, The network drivers for your device are not present",LogTypeError
       ValidateNetworkConnectivity = Failure
       exit function
      End if

      'Check for IP address
      wscript.sleep 5000

      Set colAdapters = objWMI.ExecQuery("select * from win32_NetworkAdapterConfiguration where IPEnabled=True")

      For Each oAdapter in colAdapters
       If oAdapter.DHCPEnabled = TRUE Then
        If oAdapter.DHCPServer = "" Then
         bValidIP = False
         bValidIP = True
         Exit For
        End if
        oLogging.CreateEntry "DHCP is not enabled, assuming static IP address", LogTypeInfo
        bValidIP = True
        Exit For
       End if

      If bValidIP <> True Then
       'No IP Address, do an ipconfig /renew
       oShell.Run "ipconfig /renew",0,true
       on error resume next
       wscript.sleep 5000
       on error goto 0
       Set colAdapters2 = objWMI.ExecQuery("select * from win32_NetworkAdapterconfiguration where IPEnabled = True")
       For Each oAdapter2 in colAdapters2

    Wednesday, July 17, 2013 1:50 PM