Remove From My Forums

windows 10 2019 permission issues

Question
0

Sign in to vote

we were using sccm to deploy windows 10 1607, everything was going great

then the 8th gen intel chips came out and we needed to move to 2019 ltsc

just switching out the wim file in my existing 1607 task sequence was enough to get the image to install and the drivers to apply

all works perfectly when logging in as an admin

now the problem

when a domain user logs in they cannot access any application that was installed in the task sequence or any apps added after by an admin and it doesn't seem to apply the GPO's. If I add this user to the local admin everything works again

what step am I missing? this process has worked for years with our 1607 ltsb version

any help would be appreciated

Thursday, August 22, 2019 1:45 PM

Answers

0

Sign in to vote
the issue is related to the gpp internet explorer setting

if I make a gpp policy for ie without setting anything just the defaults

my domain users can't use any apps if I remove that small gpp setting then domain users can utilize the system again

I openend another post on the windows 10 forum but have no response yet
- Marked as answer by damac77 Friday, August 23, 2019 4:00 PM
Friday, August 23, 2019 4:00 PM

All replies

0

Sign in to vote
Could you post the task Sequence steps and post the smsts.log. There will be an error in the log to determine why local admin is not being added to the machine.

SCCM Admin
- Edited by Levi111 Thursday, August 22, 2019 2:43 PM
Thursday, August 22, 2019 2:40 PM
0

Sign in to vote

Thursday, August 22, 2019 2:43 PM
0

Sign in to vote

I have the same task sequence without the bitlocker and it does the same thing

Thursday, August 22, 2019 2:43 PM
0

Sign in to vote
Apply Windows Settings is the step where local admin is configured. How do you have the account configured?

SCCM Admin
- Edited by Levi111 Thursday, August 22, 2019 2:53 PM
Thursday, August 22, 2019 2:53 PM
0

Sign in to vote

Thursday, August 22, 2019 2:57 PM
0

Sign in to vote
that looks good to me. Did you find the steps in the smsts.log referencing this step.

Also, if you are having issues with GPO's. You will need to run a gpresult on the client to see which gpo's the client is not applying.

SCCM Admin
- Proposed as answer by Levi111 Thursday, August 22, 2019 3:31 PM
Thursday, August 22, 2019 3:08 PM
0

Sign in to vote

going to take it back to the basics and start over and try and figure out where this weirdness is coming from

Thursday, August 22, 2019 3:28 PM
0

Sign in to vote

Hi,

1.Please review the smsts.log and setuperr.log, setupact.log in the hidden folder C:\$WINDOWS.~BT\Sources\Panther to see if there is any clue.
2.Please check if your keyboard layout is configured correctly.
3.Please help check the User Access Control (UAC) settings.

Thanks for your time.

Best regards,
Simon Ren
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Friday, August 23, 2019 7:54 AM
0

Sign in to vote
the issue is related to the gpp internet explorer setting

if I make a gpp policy for ie without setting anything just the defaults

my domain users can't use any apps if I remove that small gpp setting then domain users can utilize the system again

I openend another post on the windows 10 forum but have no response yet
- Marked as answer by damac77 Friday, August 23, 2019 4:00 PM
Friday, August 23, 2019 4:00 PM
0

Sign in to vote

Hi,

Thanks for your sharing. This may help the users who have similar issue. Thank you!

Thanks and regards,
Simon
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, August 26, 2019 2:41 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

windows 10 2019 permission issues

Question

Answers

All replies