none
MDT Credential Wizard Takes all domain credentials RRS feed

  • Question

  • I have setup MDT and locked down the deployment share to built in administrator group and shared the deployment share with this same account. I removed the "everyone" user group from the deployment share, I have removed domain users from the users group on the server and locked down the server to only allow domain admins to logon (domain users are denied access). When I PXE boot into a machine to deploy an image I get prompted for mdt network credentials, when I enter a domain admin (that is in the built in administrators group on the server and has FULL access to the deployment share) everything works as expected. When I log in with a domain user account (not admin) I get past the login screen and then get a blank screen. It seems the permissions are not getting checked properly but the regular user cannot proceed with the deployment because they do not have access to the deployment share. How are they able to login though? A regular domain user should get an access denied error but they do not. I would like to get the access denied error as expected. Any assistance would be greatly appreciated. 
    • Edited by arch2015 Monday, June 24, 2019 10:59 PM
    Monday, June 24, 2019 10:58 PM

All replies

  • You only want domain admins to be able to PXE boot and build pc's? Then why not just put one domain admin name in your bootstrap and only give the domain admins that password? (omit it from the bootstrap)

    Tuesday, June 25, 2019 7:24 PM
  • There are two parts of the share to making MDT work. 

    Make sure to use Advanced Sharing, but permissions need to be Everyone with Change and Read.

    Where locking down the deployment share happens is in the Security tab. That's where you set your access. Make sure everyone isn't listed and then add the account or accounts that you want to be able to run MDT task sequences. They will only need Read, Read & execute, List to be able to run a task sequence.


    Daniel Vega

    Thursday, June 27, 2019 2:57 PM