locked
Problems deploying Custom GPOPacks with MDT 2012 and Windows 7 RRS feed

  • Question

  • I am running into an issue with deploying a custom GPO pack to my windows 7 sp1 Baseline build.

    I am using MDT 2012 and the standard Client build task sequence.

    I have modified the GPOPackPath variable to reflect the custom PACK in my .ini file.

    The task sequence runs through completely and reports no errors.

    When I look at the ZTIApplyGpoPack log in my OSDlogs folder it states that the Pack applied successfully with no errors. Yet none of the policies have been applied.

    Has anyone seen these symptoms as well? Any help or suggestions would be greatly appreciated.
    Thursday, May 17, 2012 1:35 PM

Answers

  • I was going to update this post to let anyone who was interested know that I solved the issue. 

    I was using MDT 2012's Media deployment to create an .iso file and then mounting the .iso to my virtual machine for deployment.  Everything worked fine with the exception of the GPO pack application.

    It turns out when the Deployment is copying the individual packages down locally for the task sequence, it carries the attributes with them.  In this case it carried the read only attribute down with the "Localsecuritydb.sdb" file.  During the Apply GPO pack process, MDT writes to this file in order to apply the settings in your backup to the local computer.  Since it was read only it was failing.  There were no errors present in the log file, just no changes to the policy.

    I was able to work around this by modifying the GPOPack.wsf, by adding remove attribute command after it copies the needed files locally.

    Thanks for the support provided in this issue.

    • Marked as answer by Lambicmxr Tuesday, July 17, 2012 2:15 PM
    Tuesday, July 17, 2012 2:15 PM

All replies

  • I am running into an issue with deploying a custom GPO pack to my windows 7 sp1 Baseline build.

    I am using MDT 2012 and the standard Client build task sequence.

    I have modified the GPOPackPath variable to reflect the custom PACK in my .ini file.

    The task sequence runs through completely and reports no errors.

    When I look at the ZTIApplyGpoPack log in my OSDlogs folder it states that the Pack applied successfully with no errors. Yet none of the policies have been applied.

    Has anyone seen these symptoms as well? Any help or suggestions would be greatly appreciated.

    Hello Lambicmxr, did you ever get a response or figure this out?

    David Cobb Windows IT Pro

    Monday, May 28, 2012 5:27 AM
  • Which Specific Policies are being applied? Can you Run rsop.msc on the machine and see if the policy which you applied has been overridden by a domain or OU level policy?


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Monday, May 28, 2012 8:39 AM
  • This is a stand alone, non-domain joined server.  I would like to specify my GPO Pack from within my task sequence.  Trying to figure out what the variable would be.  I changed my GPOPackPath variable in customsettings.ini and then I got an error.  Working on that.  One of my policies changes the UserName of the admin account.  That may be causing the error. 

    David Cobb Windows IT Pro


    Monday, May 28, 2012 3:42 PM
  • In my situation this is a stand alone workstation, so there is no chance of a domain policy taking precedence.

    David If you are using a MDT task sequence and are trying to rename the administrator account via your GPO pack, In my experience this does not work.  Both the Administrator and Guest accounts get renamed during the sysprep process.  I was able to get around this by using a WMIC command later in the task sequence.

    As to my problem it seems the only settings not being set are those contained in the .inf file.  Those settings contained in the database seem to apply fine.  I have manually run this pack against the OS and all settings are set fine with no issues.

    I can get this to work via the setupcomplete.cmd file, but I would much rather prefer the automated process that is built into mdt 2012.

    Again any help is much appreciated.

    Wednesday, May 30, 2012 3:16 PM
  • I was going to update this post to let anyone who was interested know that I solved the issue. 

    I was using MDT 2012's Media deployment to create an .iso file and then mounting the .iso to my virtual machine for deployment.  Everything worked fine with the exception of the GPO pack application.

    It turns out when the Deployment is copying the individual packages down locally for the task sequence, it carries the attributes with them.  In this case it carried the read only attribute down with the "Localsecuritydb.sdb" file.  During the Apply GPO pack process, MDT writes to this file in order to apply the settings in your backup to the local computer.  Since it was read only it was failing.  There were no errors present in the log file, just no changes to the policy.

    I was able to work around this by modifying the GPOPack.wsf, by adding remove attribute command after it copies the needed files locally.

    Thanks for the support provided in this issue.

    • Marked as answer by Lambicmxr Tuesday, July 17, 2012 2:15 PM
    Tuesday, July 17, 2012 2:15 PM
  • There is hope!  Would you mind going into a little more detail as far as removing the attributes?

    David Cobb Windows IT Pro

    Tuesday, July 17, 2012 5:40 PM
  • Sure,

    In the GPOpack folder that you plan to deploy, locate the GPOPack.wsf file.  In the configureLocalPolicy subroutine section look for the following section:

    IF objFSO.FileExists(strInfPath) Then

    If you are deploying XP or Server 2003: Go to the section that says:

    If (strOS = "XP") or (strOS = "WS03") Then

    above the Call objShell.Run("SECEDIT.EXE /configure /db " & chr(34) & _ line add the following:

    Call objShell.Run("Attrib -R *.* /S /D"

    this will remove the attributes from the copied files.

    If you are deploying windows 7 or server 2008 look for the following command:

    Else

    Call objShell.Run("SECEDIT.EXE /configure /db " & chr(34) & _ line

    and add the same line:

    Call objShell.Run("Attrib -R *.* /S /D"

    once you have made these changes to your deployment and media shares recreate your media .ISO file and give it a try.  Good luck!

    Wednesday, July 18, 2012 12:25 PM