none
Adding a domain user to Local Admin Groups using MDT 2012 RRS feed

  • Question

  • I don't know if this will help anyone, but it did me after weeks of searching.  If you are trying to add a domain user or domain groups to the local administrators group using MDT, simply go to the cs.ini and add "SkipAdminAccounts=No".  But the administrators accounts page will only appear if you choose to join a domain. 
    • Edited by Marshal21 Tuesday, March 25, 2014 8:21 PM
    Tuesday, March 25, 2014 8:21 PM

Answers

  • Correct, if you were to go into the %DeployRoot%\Scripts\DeployWiz_Definition_ENU.xml file you would see the entry for the DeployWiz_AdminAccounts.xml page as follows:

    	<Pane id="AdministratorAccounts" reference="DeployWiz_AdminAccounts.xml">
    		<Condition><![CDATA[ UCase(Property("SkipAdminAccounts")) = "NO" and UCase(Property("DeploymentType"))<>"REPLACE" and Property("DeploymentType")<>"CUSTOM" and Property("JoinDomain") <> "" ]]></Condition>
    	</Pane>
    

    Most Wizard Pages are displayed by default, and you can turn them off by using the SkipXxxXxxxxx Page variable to hide them during wizard execution. This page is different, since it was added for MDT 2012, the MDT team decided to leave it *OFF* by default, instead you must explicitly turn off the SkipAdminAccounts variable by setting it to "NO".

    Additionally, you would not need to display this page if you were running a Refresh or a Custom Task Sequence.

    Finally, this page does not actually *create* accounts, instead it just adds pre-existing user accounts and adds them to the local Administrators group. This scenario is only valid when you are joining the machine to a domain, so you must Join to the Domain.

    If you are interested in adding other local users to the Administrators Group, you should write a script to create the account(s) and add them to the local group. Windows 8.1 has some *gotchas* that have to do with Microsoft Accounts, but that's a different Story :^).


    Keith Garner - keithga.wordpress.com

    Tuesday, March 25, 2014 9:04 PM
    Moderator

All replies

  • thanks for the info , besides this here I leave this resource for domain binding to MDT greetings:)

    http://blogs.itpro.es/octaviordz/2013/10/21/migrar-de-windows-7-a-windows-8-uniendo-a-dominio-con-mdt-2012/


    Freelance-IT http://www.freelance-it.com.mx

    Tuesday, March 25, 2014 9:01 PM
  • Correct, if you were to go into the %DeployRoot%\Scripts\DeployWiz_Definition_ENU.xml file you would see the entry for the DeployWiz_AdminAccounts.xml page as follows:

    	<Pane id="AdministratorAccounts" reference="DeployWiz_AdminAccounts.xml">
    		<Condition><![CDATA[ UCase(Property("SkipAdminAccounts")) = "NO" and UCase(Property("DeploymentType"))<>"REPLACE" and Property("DeploymentType")<>"CUSTOM" and Property("JoinDomain") <> "" ]]></Condition>
    	</Pane>
    

    Most Wizard Pages are displayed by default, and you can turn them off by using the SkipXxxXxxxxx Page variable to hide them during wizard execution. This page is different, since it was added for MDT 2012, the MDT team decided to leave it *OFF* by default, instead you must explicitly turn off the SkipAdminAccounts variable by setting it to "NO".

    Additionally, you would not need to display this page if you were running a Refresh or a Custom Task Sequence.

    Finally, this page does not actually *create* accounts, instead it just adds pre-existing user accounts and adds them to the local Administrators group. This scenario is only valid when you are joining the machine to a domain, so you must Join to the Domain.

    If you are interested in adding other local users to the Administrators Group, you should write a script to create the account(s) and add them to the local group. Windows 8.1 has some *gotchas* that have to do with Microsoft Accounts, but that's a different Story :^).


    Keith Garner - keithga.wordpress.com

    Tuesday, March 25, 2014 9:04 PM
    Moderator