none
Does the 'Standard Client Upgrade Task Sequence' use the unattend.xml file? RRS feed

  • Question

  • When you create a new task sequence based off of the Upgrade Task Sequence template, an unattend.xml file is generated, and the tab 'OS Info' is there. However, I seem to recall hearing that the Windows 10 in place upgrade does not use the unattend.xml file.

    Can anyone confirm this? In particular I am having some trouble using this task sequence on our domain joined machines. Since the Administrator account is renamed and disabled, and its password is randomized, everything in the task sequence that needs to occur in the new Windows 10 installation (post upgrade) is not working, since the admin account is not able to login and finish the job.

    It seems like Autologin is set using a function found in LiteTouch.wsf

    Function PopulateAutoAdminLogon
    
    		Dim iRetVal, colUserAccounts, oAccount,bAutoAdminLogon,AdminAccount
    		On Error Resume Next
    		bAutoAdminLogon = oShell.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon")
    		On Error Goto 0
    		If bAutoAdminLogon = 0 then
    
    			'Determine Local Administrator Account
    			Set colUserAccounts = objWMI.ExecQuery("Select * From Win32_UserAccount where LocalAccount = TRUE")
    			For each oAccount in colUserAccounts
    				If Left(oAccount.SID, 6) = "S-1-5-" and Right(oAccount.SID, 4) = "-500" Then
    					AdminAccount = oAccount.Name
    				End iF
    			Next
    			iRetval = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon", 1, "REG_SZ")
    			iRetval = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonCount", 999, "REG_SZ")
    			iRetval = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName", AdminAccount, "REG_SZ")
    
    			iRetVal = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName", ".", "REG_SZ")
    
    			iRetval = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword", oEnvironment.Item("AdminPassword"), "REG_SZ")
    			TestAndLog iRetVal, "Updated registry with AutoLogon"
    			wscript.sleep 5000
    
    		Else
    		
    			PopulateAutoAdminLogon = Success
    			Exit Function
    			
    		End If
    
    		PopulateAutoAdminLogon = Success
    
    	End Function

    But can the rest of the unattend.xml file just be ignored?

    Wednesday, February 10, 2016 10:56 PM

Answers

  • Ok. I seem to have my answer. When HIDESHELL=NO, then a shortcut to LTIBootstrap is placed in the Startup folder in the Start menu, which requires a user to login to initiate the task sequence.

    When HIDESHELL=YES, then LTIBootstrap is placed in the registry (in RunOnce or AutoRun or something) and then the SYSTEM account kicks off LTIBootstrap=>LiteTouch and MDT continues without the need to login.

    I now have HIDESHELL=YES and all my upgrades finish up as expected with no user login needed.

    • Marked as answer by David Bloomer Friday, February 12, 2016 11:18 PM
    Friday, February 12, 2016 11:18 PM

All replies

  • Also, how does this command work?

    iRetval = oShell.RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword", oEnvironment.Item("AdminPassword"), "REG_SZ")

    How does MDT know what the current admin password is? What value does it put there? 

    Basically, how is the "AdminPassword" value determined? What sets it?


    Thursday, February 11, 2016 12:19 AM
  • MDT doesn't use the admin password for autologon when upgrading. Also unattend is not used.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Thursday, February 11, 2016 1:37 AM
    Moderator
  • MDT doesn't use the admin password for autologon when upgrading. Also unattend is not used.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Can you elaborate? So what mechanism is used to carry out the post upgrade steps in the Upgrade task sequence? Should I not have to worry about my disabled Admin account and LegalNotice banner getting in the way of my task sequence?
    Thursday, February 11, 2016 1:39 AM
  • Post install is supposed to run without having ever logged on.  From other posts I know that hasn't worked for you though.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Thursday, February 11, 2016 1:52 AM
    Moderator
  • Ok. I seem to have my answer. When HIDESHELL=NO, then a shortcut to LTIBootstrap is placed in the Startup folder in the Start menu, which requires a user to login to initiate the task sequence.

    When HIDESHELL=YES, then LTIBootstrap is placed in the registry (in RunOnce or AutoRun or something) and then the SYSTEM account kicks off LTIBootstrap=>LiteTouch and MDT continues without the need to login.

    I now have HIDESHELL=YES and all my upgrades finish up as expected with no user login needed.

    • Marked as answer by David Bloomer Friday, February 12, 2016 11:18 PM
    Friday, February 12, 2016 11:18 PM
  • Thank you David! That is really good information. 

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Friday, February 12, 2016 11:31 PM
    Moderator
  • Thanks, though it would be nice if someone from the MDT product team could verify my findings. After all, that SEEMS to be how it works, but I don't want to spread false information :)
    Friday, February 12, 2016 11:33 PM
  • At one point I was on the product team (not at MS anymore so...).  If you file this on connect it will get looked at.  Give enough detail to make it easy to reproduce and it is more likely to get fixed :)

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Saturday, February 13, 2016 2:45 AM
    Moderator