none
Adding Local Admin in Unattend.xml is failing RRS feed

  • Question

  • I am trying to add a new local administrator account via the unattend.xml file but I keep getting an error.  When I leave the unattend.xml with the default settings it loads the OS fine, I just don't have my local administrator.  I am using MDT on Windows Server 2016.  The following is my unattend.xml file and a screenshot of the error:

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
      <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
          <ImageInstall>
            <OSImage>
              <WillShowUI>OnError</WillShowUI>
              <InstallTo>
                <DiskID>0</DiskID>
                <PartitionID>1</PartitionID>
              </InstallTo>
              <InstallFrom>
                <Path>.\Operating Systems\Windows 10 Pro x64\Sources\install.wim</Path>
                <MetaData>
                  <Key>/IMAGE/INDEX</Key>
                  <Value>1</Value>
                </MetaData>
              </InstallFrom>
            </OSImage>
          </ImageInstall>
          <ComplianceCheck>
            <DisplayReport>OnError</DisplayReport>
          </ComplianceCheck>
          <UserData>
            <AcceptEula>true</AcceptEula>
            <ProductKey>
              <Key></Key>
            </ProductKey>
          </UserData>
        </component>
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <SetupUILanguage>
            <UILanguage>en-US</UILanguage>
          </SetupUILanguage>
          <InputLocale>0409:00000409</InputLocale>
          <SystemLocale>en-US</SystemLocale>
          <UILanguage>en-US</UILanguage>
          <UserLocale>en-US</UserLocale>
        </component>
      </settings>
      <settings pass="generalize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
        </component>
      </settings>
      <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
          <Identification>
            <Credentials>
              <Username></Username>
              <Domain></Domain>
              <Password></Password>
            </Credentials>
            <JoinDomain></JoinDomain>
            <JoinWorkgroup></JoinWorkgroup>
            <MachineObjectOU></MachineObjectOU>
          </Identification>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
          <ComputerName></ComputerName>
          <ProductKey></ProductKey>
          <RegisteredOrganization>Company</RegisteredOrganization>
          <RegisteredOwner>Company</RegisteredOwner>
          <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
          <TimeZone>Pacific Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <Home_Page>10.1.2.8</Home_Page>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
              <Description>EnableAdmin</Description>
              <Order>1</Order>
              <Path>cmd /c net user Administrator /active:yes</Path>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
              <Description>UnfilterAdministratorToken</Description>
              <Order>2</Order>
              <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
              <Description>disable user account page</Description>
              <Order>3</Order>
              <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
              <Description>disable async RunOnce</Description>
              <Order>4</Order>
              <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer /v AsyncRunOnce /t REG_DWORD /d 0 /f</Path>
            </RunSynchronousCommand>
          </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <InputLocale>0409:00000409</InputLocale>
          <SystemLocale>en-US</SystemLocale>
          <UILanguage>en-US</UILanguage>
          <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <TapiConfigured>0</TapiConfigured>
          <TapiUnattendLocation>
            <AreaCode>""</AreaCode>
            <CountryOrRegion>1</CountryOrRegion>
            <LongDistanceAccess>9</LongDistanceAccess>
            <OutsideAccess>9</OutsideAccess>
            <PulseOrToneDialing>1</PulseOrToneDialing>
            <DisableCallWaiting>""</DisableCallWaiting>
            <InternationalCarrierCode>""</InternationalCarrierCode>
            <LongDistanceCarrierCode>""</LongDistanceCarrierCode>
            <Name>Default</Name>
          </TapiUnattendLocation>
        </component>
        <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <DisableSR>1</DisableSR>
        </component>
      </settings>
      <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
          <UserAccounts>
            <AdministratorPassword>
              <Value></Value>
              <PlainText>true</PlainText>
            </AdministratorPassword>
            <LocalAccounts>
               <LocalAccount wcm:action="add">
                  <Password>
                     <Value>securepassword</Value>
                     <PlainText>false</PlainText>
                  </Password>
                  <Description>localadminaccount</Description>
                  <DisplayName>myadminacct</DisplayName>
                  <Group>Administrators</Group>
                  <Name>MyAdmin</Name>
               </LocalAccount>
            </LocalAccounts>
          </UserAccounts>
          <AutoLogon>
            <Enabled>true</Enabled>
            <Username>Administrator</Username>
            <Domain>.</Domain>
            <Password>
              <Value></Value>
              <PlainText>true</PlainText>
            </Password>
            <LogonCount>999</LogonCount>
          </AutoLogon>
          <Display>
            <ColorDepth></ColorDepth>
            <HorizontalResolution></HorizontalResolution>
            <RefreshRate></RefreshRate>
            <VerticalResolution></VerticalResolution>
          </Display>
          <FirstLogonCommands>
            <SynchronousCommand wcm:action="add">
              <CommandLine>wscript.exe %SystemDrive%\LTIBootstrap.vbs</CommandLine>
              <Description>Lite Touch new OS</Description>
              <Order>1</Order>
            </SynchronousCommand>
          </FirstLogonCommands>
          <OOBE>
            <HideEULAPage>true</HideEULAPage>
            <NetworkLocation>Work</NetworkLocation>
            <ProtectYourPC>1</ProtectYourPC>
            <HideLocalAccountScreen>true</HideLocalAccountScreen>
            <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
            <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
          </OOBE>
          <RegisteredOrganization>Company</RegisteredOrganization>
          <RegisteredOwner>Company</RegisteredOwner>
          <TimeZone></TimeZone>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <InputLocale>0409:00000409</InputLocale>
          <SystemLocale>en-US</SystemLocale>
          <UILanguage>en-US</UILanguage>
          <UserLocale>en-US</UserLocale>
        </component>
      </settings>
      <settings pass="offlineServicing">
        <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <DriverPaths>
            <PathAndCredentials wcm:keyValue="1" wcm:action="add">
              <Path>\Drivers</Path>
            </PathAndCredentials>
          </DriverPaths>
        </component>
      </settings>
    </unattend>

    

    Friday, August 2, 2019 6:08 PM

All replies

  • There is RunSynchronousCommand entry for enabling the local Administrator Account 

                    <RunSynchronousCommand wcm:action="add">
                        <Description>EnableAdmin</Description>
                        <Order>1</Order>
                        <Path>cmd /c net user Administrator /active:yes</Path>
                    </RunSynchronousCommand>

    If you wish to add new account, Try to put the command line in Task Sequence> Just before restore users groups phase at the end of TS. 

    Monday, August 5, 2019 9:42 AM