locked
issue related with update in deployed images RRS feed

  • Question

  • 1  ) Domain mycom.local
    DC
    wsus 
    mdt

    2)domain production.local 

    DC
    wsus 
    mdt



    created reference image here but not join domain .once refernce created moved the refernce image to the mdtproduction server in production.local 
    In deployment task timezone chnaged to another zone    .

    The problem is  after deploying pc shows " Some settings are managed by your organization "  and windows update is giving the message " your device at risk " .

    Windows is activated 


    here is the cs.ini 

    [Settings] 
    Priority=Default

    [Default] 
    _SMSTSORGNAME=mycom
    UserDataLocation=NONE 
    ComputerBackupLocation=NETWORK 
    DoCapture=YES 
    OSInstall=Y 
    AdminPassword=P@ssw0rd 
    TimeZoneName=Pacific Standard Time 
    JoinWorkgroup=WORKGROUP 
    HideShell=NO   
    FinishAction=SHUTDOWN 
    ApplyGPOPack=NO 
    DoNotCreateExtraPartitions=YES   
    WSUSServer=http:/MYCOMWSUS.mycom.local:8530 

    PrepareWinRE=NO
    BackupShare=\\mycommdt\MDTLab$ 
    BackupDir=Captures 
    BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim

    SkipAdminPassword=YES 
    SkipProductKey=YES 
    SkipComputerName=YES 
    SkipDomainMembership=YES 
    SkipUserData=YES 
    SkipLocaleSelection=YES 
    SkipTaskSequence=NO 
    SkipTimeZone=YES 
    SkipApplications=YES 
    SkipBitLocker=YES 
    SkipSummary=YES 
    SkipRoles=YES 
    SkipCapture=NO 
    SkipFinalSummary=YES 
    EventService=http://mycommdt:9800

    Thanks

    Thursday, October 5, 2017 5:17 PM

All replies

  • Could you clarify a few things for me as I am having a bit of trouble following your process?

    • Is your image in the production environment being joined to the domain or are you applying registry modifications during OSD as it would explain the message why some settings are being managed by your organization. The same logic applies to Windows Update as you are using WSUS (please note that my experience with pure WSUS is very limited, usually my customers either use ConfigMgr or a 3rd party deployment solution).
    • Is the CS.ini posted above being used in the reference image or in the production image? I am asking because some of the settings seem to be more fitting for build and capture and less for OS deployment.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Thursday, October 5, 2017 7:14 PM
  • We can start at the top

    Is the Workstation joined to the domain?

    Is the domain the correct one?

    Is WSUS configured on the machine?

    Is the WSUS server the machine pointing to reachable?

    Did you do a gpupdate /force to try and pull new gpo?

    check rsop and see what settings are applied

    Thursday, October 5, 2017 7:32 PM
  • Hi,

    Q .Is your image in the production environment being joined to the domain

    A :No 

    2 . or are you applying registry modifications during OSD as it would explain the message why some settings are being managed by your organization.

    A : Registry setting during osd   is only for hideshell  .

    Q . the same logic applies to Windows Update as you are using WSUS (please note that my experience with pure WSUS is very limited, usually my customers either use ConfigMgr or a 3rd party deployment solution).

    You mean  ConfigMgr  or 3rd party deployment solutions for  windows patches ? 

    Q .Is the CS.ini posted above being used in the reference image or in the production image

    yes for refernce image 

    Thanks

    Thursday, October 5, 2017 8:14 PM
  • Hi,

    Is the Workstation joined to the domain?

    No 

    Is the domain the correct one?

    Is WSUS configured on the machine?

    No 

    Thanks 

    Thursday, October 5, 2017 8:15 PM
  • Okay, I am still a bit at a loss as to what you are trying to accomplish: are you using the production environment to build a reference image or are you simply installing a system in workgroup mode?

    Sorry that I have to ask again, but it is a bit hard to follow. :)


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Thursday, October 5, 2017 8:19 PM
  • Hi,

    There are two mdt server (mycommdt.mycom.local) . One is in my test domain (say mycom.local ) . I am building reference image there .

    (Here test domain and test mdt role ends )

    ---------------------------------------------------------------------------------------------------------------

    Here production domain and production mdt role starts )

    Then I move the above mentioned reference image to the second mdt server  which is  in my real domain (say myproductionmdt.myproduction.local)  . From this mdt server I am deploying 

    Please note that domain is different (myproduction.local) )

    In my production I am manually  joining  pc's   to the domain .

    The error message   " Some settings are managed by your organization " I am getting before I am joining to the domain .Meaning there is no GPO pushed yet from my real domain . 

    Hope It is clear now .Sorry for the inconvenience 

    Thanks

    Thursday, October 5, 2017 8:36 PM
  • Hi Anton ,

    Do i need to verify  or missing something 

    Thanks

    Friday, October 6, 2017 10:19 AM
  • Hi,

    The issue was  

    WUServer was set  to http:/MYCOMWSUS.mycom.local:8530 
    WUStatusServer  was set  http:/MYCOMWSUS.mycom.local:8530 

    and UseWUServer was set to 1 .

    setting cs.ini parameters value  will update the registry also .

    Is there a way to remove during task sequence 

    Thanks 


    • Edited by supportsib Thursday, October 12, 2017 6:08 AM change
    Thursday, October 12, 2017 6:00 AM