Running MDT from a non-domain machine RRS feed

  • Question

  • Our deployment methods could use a lot of improvement.  Because our sysadmins have SCCM guarded so tightly, I have been experimenting with MDT in a lab environment on some virtuals on my machine to come up with some improvements to our methods. I haven't joined the MDT machine to the domain because for now I'm trying to keep it pure and independent of any crazy group policies that might cause issues. 

    Where I find myself getting stuck at is when I need to authenticate the reference machine to the deployment share.  After automation failed, I removed all username and password references so I could manually input credentials.  I realize I'm stuck at what to enter for "Domain." 

    I have tried workgroup, the machine name, 'localdomain' and nothing.  I'm hoping there's something simple I can put here and not have to resort to putting MDT on the domain. 

    EDIT:  I wanted to mention that I can ping MDT from a command prompt on the reference machine.
    • Edited by Conine Wednesday, October 18, 2017 3:58 PM
    Wednesday, October 18, 2017 3:48 PM

All replies

  • use localhost\
    Thursday, October 19, 2017 2:22 AM
  • Domain property typically doesn't have any meaning in a workgroup environment. I routinely use "contoso.local" in my home lab, and that value isn't being used anywhere else.

    Invalid credentials is just a generic error message MDT displays when there are issues connecting to your deployment share - could be a permission issue. Have you taken a look at your BDD.log? It might shed some light as to what is going on. How are you connecting to your deployment share? Via IP or hostname?


    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Thursday, October 19, 2017 8:31 AM
  • Thanks for responding.

    I have not checked my BDD.log, honestly I didn't know that was a thing... and I've read quite a bit on here.  That will be good to know in the future.

    I am connecting VIA hostname, although I have tried IP as well.

    But I also wanted to let you know that I eventually gave up, connected my reference machine to the domain, made the appropriate changes, and everything worked perfectly

    I have found there are some serious problems when trying to connect workgroup machines on Windows 10.  Even at my house to set up simple network shares and printing between computers is so much of a headache compared to on a domain.  It feels like even after you make all of the necessary shares and set the permissions, there's something lurking beneath the surface preventing connections.  Good for security (I guess) but a bit of a damper on productivity.  As is usually the case.

    Monday, October 23, 2017 6:43 PM
  • I have spent YEARS figuring out how to make Windows workgroup networking work reliably.  I figured out a way to do it using a customized version of Master Browser, which requires SMB1, which is a hacker honeypot.  My Network Explorer (a.k.a. Network Neighborhood) was rock-solid and always showed EVERY computer on my workgroup network.  BUT, I was constantly looking for a way to do away with SMB1 so that I wasn't susceptible to the various ransomware threats (e.g., EternalBlue, WannaCry, etc.).

    The solution to my problem was to disable SMB1 and enable either SMB2 or SMB3.  However, my research showed that if I did change to SMB2 or SMB3 that I wouldn't be able to see the ALL of my network workgroup computers in Network Explorer (the reasons for this are many and varied).  What I needed was some way of being able to see all of my Windows 7 and Windows 10 network workgroup computers in BOTH Windows 7 and Windows 10 Network Explorer.

    I found the answer to this problem a few days ago on the FreeNAS (iX Systems) Forum!  Thanks to a user named Stilez I was able to completely disable my customized Master Browser solution and upgrade to SMB2 on all my Windows 7 and Windows 10 machines.  No more SMB1 security honeypot.  Best of all I was able to see all of them in Network Explorer!  I can't tell you how amazing this was!  Here's the link:

    Enjoy your new, RELIABLE workgroup networking!

    Tuesday, July 30, 2019 8:50 PM