locked
Apply GPO Pack Offline Media Does Not Apply RRS feed

  • Question

  • Hey All - 

    I've got an issue with MDT 2012 that when I boot to the MDT server and run my task sequence from the server, the GPO Pack applies just fine. However, when I create media the task sequence runs and claims it applies successfully, but nothing shows up in the local policy editor. If I run the command locally out of the task sequence, then the pack applies just fine. 

    Anyone had issues with this?

    TIA - 

    Chris

    Wednesday, August 14, 2013 12:56 PM

Answers

  • Hey All - 

    I've got an issue with MDT 2012 that when I boot to the MDT server and run my task sequence from the server, the GPO Pack applies just fine. However, when I create media the task sequence runs and claims it applies successfully, but nothing shows up in the local policy editor. If I run the command locally out of the task sequence, then the pack applies just fine. 

    Anyone had issues with this?

    TIA - 

    Chris

    We adding the following to the ZTIApplyGPOPack.wsf script.

    '// Remove read only Attrib. from LocalSecurityDB.sdb

    LSDB = "Attrib -R " & oUtility.LocalRootPath & "\" & sGPOPackPath & "\LocalSecurityDB.sdb /S"

    oShell.Run LSDB,0

    • Marked as answer by RC Chris Friday, August 16, 2013 5:04 PM
    Wednesday, August 14, 2013 4:31 PM

All replies

  • Hey All - 

    I've got an issue with MDT 2012 that when I boot to the MDT server and run my task sequence from the server, the GPO Pack applies just fine. However, when I create media the task sequence runs and claims it applies successfully, but nothing shows up in the local policy editor. If I run the command locally out of the task sequence, then the pack applies just fine. 

    Anyone had issues with this?

    TIA - 

    Chris

    We adding the following to the ZTIApplyGPOPack.wsf script.

    '// Remove read only Attrib. from LocalSecurityDB.sdb

    LSDB = "Attrib -R " & oUtility.LocalRootPath & "\" & sGPOPackPath & "\LocalSecurityDB.sdb /S"

    oShell.Run LSDB,0

    • Marked as answer by RC Chris Friday, August 16, 2013 5:04 PM
    Wednesday, August 14, 2013 4:31 PM
  • Works like a charm now.. 

    Thanks

    Friday, August 16, 2013 5:04 PM
  • Hi, i am trying to update the ZTIApplyGPOPack.wsf script according to your advice but i can't get it to work, can you assist, maybe with the whole script including your addition? Or tell me where to add it?

    Thursday, November 14, 2013 2:06 PM
  • I’m having a problem as described in the above link with offline media.   Do you know where the edit should be placed in the WSF file?

    • We adding the following to the ZTIApplyGPOPack.wsf script.

    '// Remove read only Attrib. from LocalSecurityDB.sdb

    LSDB = "Attrib -R " & oUtility.LocalRootPath & "\" & sGPOPackPath & "\LocalSecurityDB.sdb /S"

    oShell.Run LSDB,0

    This is the wsf file… but I ‘m not sure exactly where to place it:

    <job id="ZTIApplyGPOPack">

                    <script language="VBScript" src="ZTIUtility.vbs"/>

                    <script language="VBScript">

    ' // ***************************************************************************

    ' //

    ' // Copyright (c) Microsoft Corporation.  All rights reserved.

    ' //

    ' // Microsoft Deployment Toolkit Solution Accelerator

    ' //

    ' // File:      ZTIApplyGPOPack.wsf

    ' //

    ' // Version:   6.2.5019.0

    ' //

    ' // Purpose:   Install GPO Pack created using Security Configuration Manager (SCM)

    ' //

    ' // Usage:     cscript.exe [//nologo] ZTIApplyGPOPack.wsf [/debug:true]

    ' //

    ' // ***************************************************************************

    Option Explicit

    RunNewInstance

    '//----------------------------------------------------------------------------

    '//  Global Constants

    '//----------------------------------------------------------------------------

    ' No constants are required

    '//----------------------------------------------------------------------------

    '//  Main Class

    '//----------------------------------------------------------------------------

    Class ZTIApplyGPOPack

                    '//------------------------------------------------------------------------

                    '//  Class variable declarations

                    '//------------------------------------------------------------------------

                    Public iRetVal

                    '//------------------------------------------------------------------------

                    '//  Constructor to initialize needed global objects

                    '//------------------------------------------------------------------------

                    Private Sub Class_Initialize

                   

                    End Sub

                   

                   

                    '//----------------------------------------------------------------------------

                    '//  Main routine

                    '//----------------------------------------------------------------------------

                    Function Main

                   

                                    Dim sGPOPackPath

                                    Dim sGPOPackFullPath

                                    Dim sOSVersion

                                    Dim sOS

                                    Dim bStandard

                                    iRetVal = 0

                                    '//----------------------------------------------------------------------------

                                    '// If ApplyGPOPack = NO then do not apply GPO

                                    '//----------------------------------------------------------------------------

                                    if  UCASE(oEnvironment.Item("ApplyGPOPack")) = "NO" then

                                                    oLogging.CreateEntry "ApplyGPOPack set to NO, exiting function.", LogTypeInfo

                                                    iRetVal = 0

                                                    exit function

                                    End if

                                   

                                    '//----------------------------------------------------------------------------

                                    '// Determine GPO Pack Path

                                    '//----------------------------------------------------------------------------

                                    If len(oEnvironment.Item("GPOPackPath")) > 0 then

                                                    '// Path has been set via environment variable

                                                    '// This is a relevant path from the Deployment Share .\Templates\GPOPacks folder

                                                    sGPOPackPath = oEnvironment.Item("GPOPackPath")

                                                    oLogging.CreateEntry "USing GPO Pack Path Specified in variable GPOPackPath: " & oEnvironment.Item("GPOPackPath"), LogTypeInfo

                                                    bStandard = False

                                    Else

                                                    '// Generate path automatically based on OS type using default MDT GPO Packs

                                                    sOSVersion = oEnvironment.Item("OSCurrentVersion")

                                                    If (Left(sOSVersion,3) = "6.3") and oEnvironment.Item("IsServerOS") then

                                                                    sOS = "WS2012R2"

                                                                    oLogging.CreateEntry "Using Default Windows Server 2012 R2 GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.2") and (oEnvironment.Item("IsServerOS")) then

                                                                    sOS = "WS2012RTM"

                                                                    oLogging.CreateEntry "Using Default Windows Server 2012 RTM GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.2") and Not(oEnvironment.Item("IsServerOS")) then

                                                                    sOS = "Win8RTM"

                                                                    oLogging.CreateEntry "Using Default Windows 8 RTM GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.1") and oEnvironment.Item("IsServerOS") then

                                                                    sOS = "WS2008R2SP1"

                                                                    oLogging.CreateEntry "Using Default Windows 2008 R2 SP1 GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.1") and Not(oEnvironment.Item("IsServerOS")) then

                                                                    sOS = "Win7SP1"

                                                                    oLogging.CreateEntry "Using Default Windows 7 SP1 GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.0") and oEnvironment.Item("IsServerOS") then

                                                                    sOS = "WS2008SP2"

                                                                    oLogging.CreateEntry "Using Default Windows 2008 SP2 GPO Pack", LogTypeInfo

                                                    ElseIf (Left(sOSVersion,3) = "6.0") and Not(oEnvironment.Item("IsServerOS")) then

                                                                    sOS = "WinVistaSP2"

                                                                    oLogging.CreateEntry "Using Default Windows Vista SP2 GPO Pack", LogTypeInfo

                                                    Else

                                                                    '// Version matching default GPO Pack not found

                                                                    oLogging.CreateEntry "Default MDT GPO Pack not supplied for this operating system.", LogTypeInfo

                                                                    Main = Success

                                                                    Exit Function

                                                    End If

                                                    sGPOPackPath = sOS & "-MDTGPOPack"

                                                    oLogging.CreateEntry "Using GPO Pack Path " & sGPOPackPath, LogTypeInfo

                                                    bStandard = true

                                    End if

                                   

                                    '//----------------------------------------------------------------------------

                                    '// Apply GPO Pack

                                    '//----------------------------------------------------------------------------

                                   

                                    '// Check if path is valid

                                    sGPOPackFullPath = oEnvironment.Item("DeployRoot")  & "\Templates\GPOPacks\" & sGPOPackPath

                                    If Not(oFSO.FolderExists(sGPOPackFullPath)) then

                                                    If bStandard then

                                                                    oLogging.CreateEntry "Default MDT GPO Pack not present for this operating system.", LogTypeInfo

                                                                    Main = Success

                                                    Else

                                                                    oLogging.CreateEntry "The GPO Pack Path - " & sGPOPackFullPath & " is not valid. The GPO was not applied.", LogTypeError

                                                                    Main = 10701

                                                    End if

                                                    Exit Function

                                    End if

                                   

                                    '// Copy files to MININT folder

                                    oLogging.CreateEntry "Copying GPO Pack files to: " & oUtility.LocalRootPath & "\" & sGPOPackPath, LogTypeInfo

                                    oFSO.CopyFolder sGPOPackFullPath, oUtility.LocalRootPath & "\" & sGPOPackPath, True

                                   

                                    '// Run GPO Pack script

                                    iRetVal = oUtility.RunWithHeartbeat("cmd /c cscript.exe """ & oUtility.LocalRootPath & "\" & sGPOPackPath & "\GPOPack.wsf"" /Path:""" & oUtility.LocalRootPath & "\" & sGPOPackPath & """ /silent")

                   

                                    Main = iRetVal

                    End Function

    End Class

                    </script>

    </job>

    Wednesday, June 4, 2014 3:23 PM
  • I was not able to solve the issue by editing the ZTIApplyGPOPack.wsf file... so I gave up and sovled the problem this way:

    • I created an SCCM package out of the GPOPack
    • I then created a bat file called ApplyLocalSec.bat: 

    md c:\maintenance\LocalSecurity

    xcopy *.* c:\maintenance\LocalSecurity /E /y

    Attrib -R c:\maintenance\LocalSecurity\EY-2012R2-MemberSrv-GPOPack\LocalSecurityDB.sdb /S

    cscript c:\maintenance\localsecurity\EY-2012R2-MemberSrv-GPOPack\GPOPack.wsf /path:c:\maintenance\localsecurity\EY-2012R2-MemberSrv-GPOPack\ /silent

    • I then created a section in the Task Sequence to apply the local policy differently based on Online build or Offline Build:

    • Condition for OFFLINE BUILD: IF tasksequence variable _SMSTSMediaType equals FullMedia
    • Condition for Over the Network Build:  IF tasksequence variable _SMSTSMediaType NOT equals FullMedia

    Friday, June 6, 2014 6:33 PM
  • Hi, i am trying to update the ZTIApplyGPOPack.wsf script according to your advice but i can't get it to work, can you assist, maybe with the whole script including your addition? Or tell me where to add it?

    You need to add the code snippet in between "'// Copy files to MININT folder" and "'// Run GPO Pack script" and I also had to declare "LSDB" as a variable at the top of the script - Just add "Dim LSDB" after the last variable.

    The relevant bits of code should look like the sample below:

    Function Main

    Dim sGPOPackPath
    Dim sGPOPackFullPath
    Dim sOSVersion
    Dim sOS
    Dim bStandard
    Dim LSDB

    '// Copy files to MININT folder
    oLogging.CreateEntry "Copying GPO Pack files to: " & oUtility.LocalRootPath & "\" & sGPOPackPath, LogTypeInfo
    oFSO.CopyFolder sGPOPackFullPath, oUtility.LocalRootPath & "\" & sGPOPackPath, True

    '// Remove read only Attrib. from LocalSecurityDB.sdb
    LSDB = "Attrib -R " & oUtility.LocalRootPath & "\" & sGPOPackPath & "\LocalSecurityDB.sdb /S"
    oShell.Run LSDB,0

    '// Run GPO Pack script
    iRetVal = oUtility.RunWithHeartbeat("cmd /c cscript.exe """ & oUtility.LocalRootPath & "\" & sGPOPackPath & "\GPOPack.wsf"" /Path:""" & oUtility.LocalRootPath & "\" & sGPOPackPath & """ /silent")



    Jonathan Conway | My blog: Conway's IT Blog | Twitter: jonconwayuk | Linkedin: Jonathan Conway

    MCITP: Enterprise Administrator on Windows Server 2008/Enterprise Desktop Administrator on Windows 7 • MCP • MCSE 2003 • MCTS SCCM 2007 | 2012, Windows 7 Config & Deploying • VCP

    Thursday, August 28, 2014 1:05 PM