locked
Regkeys in Image and / or after deployment RRS feed

  • Question

  • At the moment i log in Windows 7 Virutal machine installation in AUDIT mode. Configure Windows 7 and sysprep and capture with MDT2010 with task sequence. Then import image in MDT2010 deploymentshare and make a Task sequence which rolls out the image. Edit the unattend.xml on the third tab in task sequence and choose somewhere "copyprofile". Imort the litetouch in WDS and boot client with litetouch thru network. Deploy the Image and log in wilt new user. Many setttings or not right, although i have changes them in the Image in Virtual Machine.
    I thought to make a batchfile and after the deployment start the batchfile which is importing regkeys. All kind of problems arise like: the new user is a standard user so cannot import all keys. Some are local machine etc.

    The quetions i have is:
    What settings are copied with "copy profile" in the task sequence? Are the regkeys that i change in the image in audit mode like Disable UAC and disable Windows Update and disable other Local Machine and local USer settings, saved when i deploy the image and log in with a new user?

    Now i am looking at GPP and GPO's but i would like do the most work in the images and maybe with a batchfile

    Or must i do it otherwise then the above method...


    freddie
    Thursday, February 10, 2011 12:00 PM

Answers

  • Hi Freddie

    You could place a registry file in your scripts folder. Then add a run command line step in your task sequence and add the command

    regedit /s %SCRIPTROOT%\registryfix.reg

    You could then give the command run as administrator permissions. 

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    • Marked as answer by Keith GarnerMVP Wednesday, February 16, 2011 12:23 AM
    Tuesday, February 15, 2011 12:00 AM

All replies

  • I've found that any current user registry keys will get wiped out by sysprep, so I'd use gpedit.msc to modify system settings if using group policy isn't an option, and you can also use active setup registry keys to run commands for each new user, for example a current user registry key that isn't saved could be called using a reg import command, which is called in the active setup key.
    Monday, February 14, 2011 11:44 PM
  • Hi Freddie

    You could place a registry file in your scripts folder. Then add a run command line step in your task sequence and add the command

    regedit /s %SCRIPTROOT%\registryfix.reg

    You could then give the command run as administrator permissions. 

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    • Marked as answer by Keith GarnerMVP Wednesday, February 16, 2011 12:23 AM
    Tuesday, February 15, 2011 12:00 AM
  • Hi Freddie

    You could place a registry file in your scripts folder. Then add a run command line step in your task sequence and add the command

    regedit /s %SCRIPTROOT%\registryfix.reg

    You could then give the command run as administrator permissions. 

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.


    Thx Paul,

     

    I have just read that it is possible to run commands after deploying the image with MDT2010. I would like to dive into that. For example i run a lot of registry keys thru Group policy preferences now but i want to run the HKLM reg entries and some other settings automatically after deployment.

    Whcih scripts folder do you mean the one on the MDT deployment share? Can i add a line there to run a .cmd or .bat file as a administrator?

    Could you please tell me the exact steps to do that which setting in the task sequence and which command i put there?

     


    freddie
    Wednesday, February 16, 2011 7:01 PM
  • Hi Freddie

    You would add your bat file or registry file to your scripts folder within your deployment share. (this would be your %scriptroot%)

    It is possible to add a bat file to a task sequence, create your task sequence. Open the properties then look for the custom tasks node. Select that, then at the top of the TS window click add, then select general, run command line.

    Within the run command line step within command line type what you would normally type within a run command on an OS. Example: regedit /s %SCRIPTROOT%\registryfix.reg

    You will notice that there is a run this step as the following account checkbox. This would allow you to run the command as an administrator.

    -----------------------------------

    On a side note. I have added powershell to my builds. I now run any post build steps through powershell by using the steps I mentioned above. It makes things a lot easier.

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    • Proposed as answer by Paul_Iddon Thursday, February 17, 2011 10:47 AM
    Wednesday, February 16, 2011 8:53 PM
  • I have done what you said. Now making the image and test it tommorow, i am curious. I have made a batchfile which imports a few regkeys in the HKLM.
    This is what i have done:

    In the task sequence thats rolls out the image on the task sequence tab:

    Under "state Restore"- Custom tasks -

    add - general - commandline

    Commandline: cmd /c %scriptroot%\cmd_mdt2010.cmd

    Run this step as the following account (administrator and password).

    Unchecked the load the users profile (although i don't now what this is..)

    Hope this was good. The cmd_mdt2010 is in the deploymentshare\scripts folder. I have also build a menu in the command file which asks for a input from the user....

     

     


    freddie
    Thursday, February 17, 2011 8:46 AM
  • Hi Freddie

    Sounds about right...As long as that command worked fine when you tested it. By testing I mean you put it in a directory and tested it e.g

    cmd /c C:\test\cmd_mdt2010.cmd and run that from your run command on the start menu.

    The load user profile would just load the user profile onto the machine, which you would see in c:\users.  Its not required.

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    Thursday, February 17, 2011 10:46 AM
  • Paul,

     

    It seems to work, the question in the command file is asked and the reg files are imported, so thanks for your help!.

     

    One question though: when i deployed the image he is automatically logged in as administrator and so runs the .cmd. But when i restart he is again and after again a restart again logging in as administrator and keeps running the .cmd....
    When i log in as a different user then he is running the script again.

    How can i solve this to not keep logging in as a administrator in MDT2010?

     

     


    freddie
    Friday, February 18, 2011 8:27 AM
  • Hi,

    We have a couple of register values we need to set for our "special" enviroment. I put in a Run Command calling a .cmd file that in turn runs regedit and adds the .reg files to the register. It's basiclly Pauls answer, but since we have quite a few .regs needing to be added, we bundled it togheter like this.

    The .cmd is located in the script folder and is called from the Run Command with the line:

     "%SCRIPTROOT%\Post_Install\Post_installation.cmd"

    The "Post_installation.cmd" runs the .reg files with the following line:

    regedit.exe /s %~dp0Clear_last_logged_on_user.reg
    regedit.exe /s %~dp0turn_on_logonscreen_custom.reg

    The following line is needed to execute a .reg so it is added in your registry.

    regedit.exe /s %~dp0<add your .reg file>

    As shown above there is a couple of ways to do this, but I found this working great, I just call one .cmd, and if I need more regfiles added, I put them in the same folder, and adds new regedit /s %~dp0<add your .reg file> inside the .cmd. A bonus is that you don't need to run it as administrator or anything.

    I just thought I would add in on the topic if you need to add multiple values and doesn't want to create tons of entries in the Task Sequence, or like us want to separate the .reg files so you easily can remove, add or modify in more values

    //Lars

    Friday, February 18, 2011 1:03 PM
  • I have almost done the same thing now: made a .cmd file which has a few regedit.exe /s regfile.reg in it. The regfile are imported although i did not put in the dp0~and not the quotes around the reg items because i think this is only when you have spaces in the name?

     

    The batch runs but the automatically login as administrator i want to get out. This must be defined somewhere in MDT2010..The first start it logs in automatically and runs some things and comes with the script again. Then i login as a domain administrator and again mdt2010 does somethings and runs the script again. This is the last time it runs though the third time as another user MDT2010 is done...

     

     

     

     


    freddie
    Friday, February 18, 2011 1:39 PM
  • I have almost done the same thing now: made a .cmd file which has a few regedit.exe /s regfile.reg in it. The regfile are imported although i did not put in the dp0~and not the quotes around the reg items because i think this is only when you have spaces in the name?

     

    The batch runs but the automatically login as administrator i want to get out. This must be defined somewhere in MDT2010..The first start it logs in automatically and runs some things and comes with the script again. Then i login as a domain administrator and again mdt2010 does somethings and runs the script again. This is the last time it runs though the third time as another user MDT2010 is done...

     

     

     

     


    freddie

    Lars,

     

    I have one problem now,

    The command is running but MDT2010 is not finishing the deployment anymore. There is no finishing screne. I also noticed that the c:\minint folder is still there with 4 dll files in it. What can i do about it that mdt2010 finishing his deployment with the finishing screen because that does not sound good...

     


    freddie
    Monday, February 21, 2011 5:59 PM
  • Hi,

    I use Johan Arwidmarks excellent Final Configuration script to clean up everything after my Task Sequence has run it's course. It's the very last thing that runs and after it reboots the system, I know everything is done.

    http://www.deployvista.com/Blog/JohanArwidmark/tabid/78/EntryID/61/language/en-US/Default.aspx

    However, it still leaves the MiniNT folder, but with bdd.log, LiteTouch.log, however these files are cleaned and doesn't contain any sensitive information (like credentials).

     

    //Lars

    Tuesday, February 22, 2011 8:22 AM
  • But i can't find the log files for MDT on the client, then i could see what is goiing wrong? They are not in the minint and not in the windows\smsosd, temp\smsosd.
    That there are 4 .dll files in the MININT folder is not right, then he hasn't finished good?

     

    How must i implement that script in MDT?

     

     


    freddie
    Tuesday, February 22, 2011 8:46 AM
  • Freddie

    What are the dll files?

    You can find the your logs within..

    C:\Windows\Temp\DeploymentLogs

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    Tuesday, February 22, 2011 8:52 AM
  • Thx. I see the log files but which one to look at. If i look in the BDD.log i see that the deployment is successfully. Don't see maybe errors also not in the litetouch.log.

    The dll files in the MININT folder:
    ccmcore.dll
    ccmutillib.dll
    tscore.dll
    xprslib.dll

     

     


    freddie
    Tuesday, February 22, 2011 9:35 AM
  • Hi Freddie

    Have a look at this.Might help

    http://social.technet.microsoft.com/Forums/en-US/mdt/thread/8cb23237-2816-4ee1-9971-d0689f6eee1c

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
    Tuesday, February 22, 2011 10:30 AM
  • Hi Freddie

    Have a look at this.Might help

    http://social.technet.microsoft.com/Forums/en-US/mdt/thread/8cb23237-2816-4ee1-9971-d0689f6eee1c

    Thanks

    Paul


    Twitter: paul__iddon..... Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.

    Thx. Paul but this doesn't help me because the script.cmd that i am running is working, he does all the things that he must do..

     

     


    freddie
    Tuesday, February 22, 2011 11:08 AM