locked
Capturing a machine with a mandatory profile account RRS feed

  • Question

  • Ok, here goes my question.

    I've followed the steps to create and deploy a Windows 10 installation to a Microsoft Surface 4 Pro using MDT.

    https://technet.microsoft.com/en-us/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt?f=255&MSPPError=-2147217396

    https://technet.microsoft.com/en-us/itpro/windows/manage/mandatory-user-profile?f=255&MSPPError=-2147217396

    I have successfully deployed an image, captured an image and installed applications using MDT LiteTouch, booted off of a USB.

    Part of my configuration for these MS Surface's are to utilize a local Mandatory profiles (basically pointing the local path to the folder in C:\Users)

    All of this worked like a charm. I had almost no issues. The Surface Drivers all installed, Win 10 LTSB 2016 works great, my mandatory profile does what its supposed to, and everything is great.

    EXCEPT:

    I don't want to have to manually create a mandatory profile on each device. I want to utilize MDT to capture the image complete with the working mandatory profile, and deploy it to other Surface's.

    What I am finding is that MDT utilizes Sysprep -- there goes my mandatory profile -- So now I am back to square one.

    Any suggestions or ideas?

    ----

    Windows 10 Enterprise LTSB 1607
    MDT 2013 Update 2
    Surface's are not on the DOMAIN.

    Thursday, December 1, 2016 7:34 PM

Answers

  • Windows 10 Enterprise LTSB 1607
    MDT 2013 Update 2
    Surface's are not on the DOMAIN.

    First off, Surface has an *explicit* policy regargind LTSB, please be aware of it:
    https://technet.microsoft.com/en-us/itpro/surface/ltsb-for-surface

    Secondly, I have never heard of "Mandatory Profiles" before, however in my defense, I don't use roaming profiles either.

    Why go into detail about the setup of the machine on Surface, when the crux of the problem is "Mandatory Profiles" on sysprep machines? THe MDT forum might not be the best place to answer this question. But this article appears to address some aspects you might be interested in: https://support.microsoft.com/en-us/kb/973289


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    • Proposed as answer by Keith GarnerMVP Friday, December 2, 2016 8:29 PM
    • Marked as answer by xerxes2985 Friday, July 21, 2017 7:22 PM
    Friday, December 2, 2016 8:29 PM

All replies

  • Windows 10 Enterprise LTSB 1607
    MDT 2013 Update 2
    Surface's are not on the DOMAIN.

    First off, Surface has an *explicit* policy regargind LTSB, please be aware of it:
    https://technet.microsoft.com/en-us/itpro/surface/ltsb-for-surface

    Secondly, I have never heard of "Mandatory Profiles" before, however in my defense, I don't use roaming profiles either.

    Why go into detail about the setup of the machine on Surface, when the crux of the problem is "Mandatory Profiles" on sysprep machines? THe MDT forum might not be the best place to answer this question. But this article appears to address some aspects you might be interested in: https://support.microsoft.com/en-us/kb/973289


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    • Proposed as answer by Keith GarnerMVP Friday, December 2, 2016 8:29 PM
    • Marked as answer by xerxes2985 Friday, July 21, 2017 7:22 PM
    Friday, December 2, 2016 8:29 PM
  • I was hoping there was a way to just capture an image in MDT without sysprep. Sysprep removes my "Mandatory Profile" I have created. This adds time to have to manually create this on each Surface I have.

    To give you a quick idea of mandatory profiles (that link (kb/973289) explains customizing the default profile, which is part of the process)

    A mandatory profile is a "locked" profile. Any data/customization etc. is deleted upon logoff. This is similar to a Guest profile, except that the profile is not deleted and recreated upon logoff/logon. Also, using a mandatory profile allows you to give the user more control than a guest profile, but still provides the same functions of a "clean profile".

    The reason I am using the LTSB version, is the CBB version with all its feature updates and such breaks the start menu while using a Mandatory Profile.

    If there is a way to just capture an "as-is" image with MDT that is what I am looking for. If that is in no way possible, please let me know.

    Monday, December 5, 2016 4:40 PM
  • ?????

    Yes it's possible to capture an image without going through SysPrep within MDT, just remove the LTISysprep step from the task sequence.  HOWEVER: non-syspreped images are also wholly unsupported by Microsoft.


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Monday, December 5, 2016 5:38 PM
  • Do you have any information as to the reason why MS doesn't support non-syspreped images?
    Monday, December 5, 2016 6:55 PM