none
1703 Auto-logon with activated admin. RRS feed

  • Question

  • Since Win7, I've used the unattend to enable the Admin account. I've also used it to store an encrypted admin password, allowing the admin to sign on the max 999 times.

    Now, after the additional/optional Install Applications finishes, I get a white Summary screen (which I can't click on, the mouse isn't available, but I can Tab to Finish and it closes).
    The very next thing I see is the lock screen. I wait a moment and the pc reboots to the lock screen again. At that point, I click on the screen and am prompted to log in. The pc is on the domain but I have to type in the admin name and p/w.

    It fails to auto login. It did this going to Win10 initially....which was because of AD. Now, the pc is in a totally policy-free group. Someone previously posted here to add two Run Synchronous lines in Specialize, to turn off that annoying voice telling me she's Almost Done...which never completed without those two lines added. MS needs to get on board with a good process of upgrading MDT with all the additional tweaks needed to make this work.
    What's the best way to get the admin p/w activated and logged on in 1703? I already have it all working on 1607. When I manually type in 'machinename\administrator and p/w' it does log on, so the admin is activated and the p/w is stored in the unattend properly.

    Thanks

    Tuesday, September 5, 2017 2:29 PM

Answers

  • MDT removes auto logon as part of its cleanup process. Short of modifying MDT source files, you could use FinalConfig script from Johan Arwidmark: https://deploymentresearch.com/Research/Post/427/Final-Configuration-for-MDT-2013-Lite-Touch-now-with-Autologon-support

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Proposed as answer by Anton Romanyuk Tuesday, September 5, 2017 2:32 PM
    • Marked as answer by the1rickster Tuesday, September 5, 2017 4:28 PM
    Tuesday, September 5, 2017 2:32 PM
  • I would do all modifications via CustomSettings.ini. MDT then updates unattend.xml as it injects it into OS in winPE.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Tuesday, September 5, 2017 7:00 PM
    Tuesday, September 5, 2017 6:52 PM

All replies

  • MDT removes auto logon as part of its cleanup process. Short of modifying MDT source files, you could use FinalConfig script from Johan Arwidmark: https://deploymentresearch.com/Research/Post/427/Final-Configuration-for-MDT-2013-Lite-Touch-now-with-Autologon-support

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Proposed as answer by Anton Romanyuk Tuesday, September 5, 2017 2:32 PM
    • Marked as answer by the1rickster Tuesday, September 5, 2017 4:28 PM
    Tuesday, September 5, 2017 2:32 PM
  • I will add this file. Do I have to add the adminpassword="..." to the customsettings? I never had it before but some entries suggested that.
    Tuesday, September 5, 2017 2:50 PM
  • And the mystery continues...
    I want to auto-logon as administrator, as I've done with Win1607.
    The file from the link is to sign on as another account, from what I can tell.

    I still get prompted for a username/password.

    Tuesday, September 5, 2017 3:12 PM
  • Ok, I understand how to use this to auto-logon as administrator. I changed the user to admin and domain to "."

    From all the blogs and suggestions along the way, some said to modify the unattend...some said customsettings file (Adminpassword=...).

    Should I undo the unattend (7 OOBE System) settings and remove the admin & p/w, as well as remove it from the CS.INI? Or keep them for whatever reason...
    It sucks this is all so messy and complicated just for an upgrade of a working system.

    Tuesday, September 5, 2017 3:43 PM
  • I would do all modifications via CustomSettings.ini. MDT then updates unattend.xml as it injects it into OS in winPE.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Tuesday, September 5, 2017 7:00 PM
    Tuesday, September 5, 2017 6:52 PM
  • Thanks. I will mark this as answered but I am submitting a ticket to MS. I cannot get this pc to auto-login. The admin is activated (from the unattend) as well as the p/w is stored correctly. It just stops at the lock screen. When I sign on, I get to listen to that endless "Don't turn off your pc while we get updates ready."

    Are you activating the admin acct in the CS.INI along with stating the p/w?

    Tuesday, September 5, 2017 6:58 PM
  • Appreciated.

    Now, there are two different accounts you set up in CustomSettings:

    1. Local admin which MDT uses to auto login. For this configure following properties

    AdminPassword=Password
    SkipAdminPassword=YES

    2. Domain join account:

    DomainAdmin=
    DomainAdminDomain=
    EncodedDomainAdminPassword=
    JoinDomain=
    MachineObjectOU=

    (and you could probably add Skip domain / workgroup panel properties as well for good measure)


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Tuesday, September 5, 2017 7:38 PM
  • In my Rules... I just today added

    AdminPassword=password
    SkipAdminPassword=YES was already there

    I also have had in Rules existing:
    JoinDomain=domain.name.etc
    DomainAdmin= (user that can join pc's to the domain)
    DomainAdminDomain=domain.name.etc
    DomainAdminPassword= (password of the domain admin acct)
    MachineObjectOU=OU=(name of OU)

    FinishAction=Reboot

    I left Enable Admin in the unattend
    Added 2 lines in unattend to disable animation (the voice talking during setup)
    and I deleted in '7oobSystem' the first line which refers to C:\LTIBootstrap.vbs not being found

    Tuesday, September 5, 2017 7:51 PM
  • Hmm... since I can't reproduce your issue... If I were in your shoes, I would try running the task sequence with an unmodified unattend.xml to verify that it is not related to your changes. 

    Also, if you are running this on Hyper-V Gen 2 VM keep in mind that more often than not your connection is automatically switched over to an enhanced session which prompts you for credentials.


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Tuesday, September 5, 2017 8:19 PM
  • I don't use Gen-2 because I don't fully understand its meaning.
    If I leave the unattend unchanged, then I get two errors...one being that it can't find C:\LTIBootstrap.vbs file, the other is that voice setup telling me not to turn off the pc, forever.

    So I signed on manually, and there is the voice..."don't turn off your pc, it'll mess things up." "we're going as fast as we can, Promise!"

    This time the update finished, and I'm back at the lock screen.

     
    Tuesday, September 5, 2017 8:26 PM
  • I make a new TS and didn't modify the unattend at all. I made sure AdminPassword=xxx was in the Rules. It halts at the lock screen.
    Tuesday, September 5, 2017 8:44 PM
  • Thanks for all the help. After trying every single thing I found on the web, I believe the issue was with AD.
    When I first went to Win10 1607, I had to put a pc in one group with no policies, or the admin would fail to auto logon. Now, with Win10 1703, I have the pc in the same group, yet now it was failing.

    I asked AD if some policy was pausing a logon, for the user to decide perhaps if they wanted to use a local account or an MS online acct. They said no...asked me for a gpresult printout of the pc. Two hours later they said...we see nothing blocking you. The very next TS went right through to the desktop.

    Rather than look a gift......anyway, all I can say is, what a headache. It seems to be working fine now.
    Thanks again so very much for your time.

    Wednesday, September 6, 2017 10:53 PM
  • I'm having this issue also. It was working fine just recently and then all of a sudden just stopped. We have the AdminPassword in the CustomSettings.ini file, but it still doesn't work. Also, should the AdminPassword=Password look like Password or "Password"? I've tried it both ways and can't determine which was correct considering none of this is working at the moment.


    Britney

    Wednesday, September 13, 2017 4:38 PM
  • AdminPassword=Pa55w0rd is correct. As to why it fails to work for you - from my experience it could be caused by group policies which change default admin account's name and / or password. Not ruling out other possible causes though...


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Wednesday, September 13, 2017 4:54 PM
  • I had to remove the admin password in Customsettings because it was causing my 1607 and Win7 images not to log on as well. For some reason....after talking to my AD group, it just 'started working.' I won't ask...won't tempt fate, just glad.

    We have a group in AD that has no policies at all, but something still was failing for 1703. Looks good at this point. Agreed to take this up with AD.

    Wednesday, September 13, 2017 5:01 PM
  • Now while I can understand the AD part with GPO, this isn't the case for us. We don't auto-join the domain with MDT and even if we did, it goes to a group that doesn't get any policies until physically moved out of that group into it's assigned OU. I have a deployment going right now where the password is still in there, so when that is finished, if it doesn't work properly, I'll remove it and see how that turns out. 

    Britney

    Wednesday, September 13, 2017 5:41 PM
  • Also, our Deployment Share has several other Task Sequences with other OS's, and I just deployed one with 8.1 and the AutoLogon worked just fine with the AdminPassword in the CustomSettings.ini file. I just noticed it now.

    Britney

    Wednesday, September 13, 2017 6:14 PM