none
Not applying changes to ntuser.dat during "State Restore" phase of OSD process and cannot disable local administrator auto logon after Recover From Domain step RRS feed

  • Question

  • Hello, dear colleagues.

    I have a problem with configuring default user profile settings during OSD process with MDT 2012 Update 1 by adding registry keys in ntuser.dat.

    I've read this article: Incorrect locale setting when you deploy a Windows 7 image by using SCCM 2007, MDT 2010, or MDT 2012

    and add Run Powershell Script (also tried batch files and vbscript in Run Command Line) in appropriate Task Sequence:

    # This settings applied successfully
    Rename-Item C:\Windows\Media Media_OLD
    reg add HKLM\software\TEST /v TEST /t REG_DWORD /d 1
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableStartupSound /t REG_DWORD /d 1 /f
    
    # This settings applied during OSD (State Restore), but restored after "Recover From Domain" and "Restart Computer" in previous state  
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /f
    
    # This settings did not apply at all
    REG LOAD HKU\NTUSER "C:\Users\Default\NTUSER.DAT"
    REG IMPORT %DeployRoot%\Scripts\ntuser.reg
    REG UNLOAD HKU\NTUSER

    Here is ntuser.reg:

    Windows Registry Editor Version 5.00
    
    [HKEY_USERS\ntuser\Software\Adobe\CommonFiles\Usage\Reader 11]
    "OptIn"=dword:00000000
    
    [HKEY_USERS\ntuser\Software\Microsoft\Internet Explorer\MAO Settings]
    "AddonLoadTimeThreshold"=dword:00002710
    
    [HKEY_USERS\ntuser\Software\Adobe\Acrobat Reader\11.0\AdobeViewer]
    "TrustedMode"=dword:00000000
    "EULA"=dword:00000001
    
    [HKEY_USERS\ntuser\Software\Adobe\Acrobat Reader\11.0\Privileged]
    "bProtectedMode"=dword:00000000
    
    [HKEY_USERS\ntuser\Control Panel\Desktop]
    "FontSmoothing"="2"
    "FontSmoothingGamma"=dword:00000000
    "FontSmoothingOrientation"=dword:00000001
    "FontSmoothingType"=dword:00000002
    
    [HKEY_USERS\ntuser\Control Panel\Accessibility\ToggleKeys]
    "Flags"="34"
    
    [HKEY_USERS\ntuser\Control Panel\Accessibility\StickyKeys]
    "Flags"="2"
    
    [HKEY_USERS\ntuser\Control Panel\Accessibility\Keyboard Response]
    "Last Valid Wait"=dword:00004e20
    "Last Valid Delay"=dword:00000000
    "Last Valid Repeat"=dword:00000000
    "Last BounceKey Setting"=dword:00000000
    "Flags"="98"
    "DelayBeforeAcceptance"="20000"
    "AutoRepeatRate"="0"
    "AutoRepeatDelay"="0"
    "BounceTime"="0"
    
    [HKEY_USERS\ntuser\Control Panel\Accessibility\MouseKeys]
    "Flags"="34"
    
    [HKEY_USERS\ntuser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "ListviewShadow"=dword:00000000
    
    [HKEY_USERS\ntuser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "TaskbarGlomLevel"=dword:00000002
    
    [HKEY_USERS\ntuser\Software\Microsoft\Office\14.0\Common\General]
    "ShownFirstRunOptin"=dword:00000001
    
    [HKEY_USERS\ntuser\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]
    "VisualFXSetting"=dword:00000002

    Tried to apply setting to ntuser.dat after OSD with powershell, previously mapped deployment share as network drive - works fine.

    Have someone met such a problem? 

    Thanks.





    • Edited by fapw Friday, February 20, 2015 3:12 PM
    Monday, February 16, 2015 10:51 AM

Answers

  • Find the problem with ntuser.dat. When I did it manually, I did not used environment variable %DeployRoot%. But in powershell I made mistake - missed $env: before variable. I added it and it worked. Here is right pieace of code:

    REG LOAD HKU\NTUSER "C:\Users\Default\NTUSER.DAT"
    REG IMPORT $env:DeployRoot\Scripts\ntuser.reg
    REG UNLOAD HKU\NTUSER

    Left to deal hot to disable local administrator auto logon?  

    Thanks.

    • Edited by fapw Monday, February 16, 2015 5:42 PM
    • Marked as answer by fapw Friday, February 20, 2015 3:09 PM
    Monday, February 16, 2015 3:19 PM
  • How to disable local administrator autologon after Recover From Domain step found here:

    Avoiding Legal Notice that breaks MDT autologon

    • Marked as answer by fapw Friday, February 20, 2015 3:09 PM
    • Edited by fapw Friday, February 20, 2015 3:10 PM
    Friday, February 20, 2015 3:09 PM

All replies

  • Find the problem with ntuser.dat. When I did it manually, I did not used environment variable %DeployRoot%. But in powershell I made mistake - missed $env: before variable. I added it and it worked. Here is right pieace of code:

    REG LOAD HKU\NTUSER "C:\Users\Default\NTUSER.DAT"
    REG IMPORT $env:DeployRoot\Scripts\ntuser.reg
    REG UNLOAD HKU\NTUSER

    Left to deal hot to disable local administrator auto logon?  

    Thanks.

    • Edited by fapw Monday, February 16, 2015 5:42 PM
    • Marked as answer by fapw Friday, February 20, 2015 3:09 PM
    Monday, February 16, 2015 3:19 PM
  • I made "Recover From Domain" the last step:

    Domain Join is successful, after that step workstation reboots and try to auto logon with local administrator. After manual logon with domain account MDT continue working and disable autologon. How to make workstation to disable autologon and change OSD process state to "Completed" before next logon, not after? 

    Thanks.

    Tuesday, February 17, 2015 2:32 PM
  • How to disable local administrator autologon after Recover From Domain step found here:

    Avoiding Legal Notice that breaks MDT autologon

    • Marked as answer by fapw Friday, February 20, 2015 3:09 PM
    • Edited by fapw Friday, February 20, 2015 3:10 PM
    Friday, February 20, 2015 3:09 PM