MDT 2013 Sysprep and Capture With Local Security Policies Issue RRS feed

  • Question

  • Does anyone know of a way to use lite-touch to sysprep and capture a virtual machine that has been locked down through local GPO on a specific user profile for kiosk purpose when I run lite-touch and test the image all setting are gone.

    Thursday, March 23, 2017 2:26 AM

All replies

  • GPOs are assigned to SIDs (both machine and user).  Sysprep changes the SIDs by design.  The GPOs still exist but they now are referencing SIDs that no longer exist. (You can see the SIDs the GPO is applying to by looking at the gpt.ini file in C:\Windows\System32\GroupPolicy).  There is no way to keep Sysprep from changing SIDs. 

    You will have to find a way to apply the LGPO during the imaging process of the new systems.  If you can find the new SIDs, you could edit the gpt.ini file and them run gpupdate /force


    you could try something like this:

    Thursday, March 23, 2017 9:11 PM