none
about WDS and MDT RRS feed

  • Question

  • Hello.

    i am deploying WDS and MDT in my env. with w2k8.

    1. i want to give Help Desk guys permission to approve machines in WDS but they have 'access denied' when viewing list of waiting clients. i already gave them permision for approving (permision to OU...)

    2. if i want to make approving proces more automatic what should i do? not to wait for approve?

    3. i do not have UUID tab when creating computer object in AD - on all screens in forums and blogs i see that there is 'next>' button on first screen when creating computere but in my AD (w2k3) i can not see it.

    thx in advance for any tips.


    Voytas
    Wednesday, September 8, 2010 4:01 PM

Answers

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    To answer your questions one by one:

     

    1.     i want to give Help Desk guys permission to approve machines in WDS but they have 'access denied' when viewing list of waiting clients. i already gave them permision for approving (permision to OU...)

     

    As I know, there are two most common causes of this issue:

     

    l   You do not have the correct permissions in AD DS for the computer. You must delegate the appropriate user rights for Help Desk. To approve a pending computer, in AD DS, you must grant rights to the Windows Deployment Services server’s account (WDSSERVER$) to create computer account objects for the containers and OUs where the approved pending computers will be created. Please take the following steps to grant permissions to approve a pending computer:

     

    1)      Open Active Directory Users and Computers.

    2)      Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control.

    3)      On the first screen of the wizard, click Next.

    4)      Change the object type to include computers.

    5)      Add the computer object of the Windows Deployment Services server, and then click Next.

    6)      Select Create a Custom task to delegate.

    7)      Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next.

    8)      In the Permissions box, select the Write all Properties check box, and click Finish.

     

    Reference:

     

    Required Permissions

     

    l   The computer name is invalid. For example, the name might be too long, or it might contain characters that are not valid.

     

    2.     if i want to make approving proces more automatic what should i do? not to wait for approve?

     

    In order to ignore the approval from the administrator, you may prestage clients computers in AD DS, or disable the pending functionality.

     

    3.     i do not have UUID tab when creating computer object in AD - on all screens in forums and blogs i see that there is 'next>' button on first screen when creating computere but in my AD (w2k3) i can not see it.

     

    As I understand your scenario, the WDS server is installed on Windows Server 2008, the AD is installed on Windows Server 2003, you want to prestage the computer in AD but the GUID/UUID window doesn’t appear. I would like to provide the following methods:

     

    Method 1: Install ADDS in Windows Server 2008 and prestage computers from Windows Server 2008.

    Method 2: Install Windows Deployment Services role on Windows Server 2003, then you should be able to see the next window during prestage.

    Method 3: Update the Active Directory Users and Computers on your workstation.

     

    1)      You need the following files from your server and they have to be the same architecture, so if your workstation is x64, then so does the server.

     

    %systemroot%\system32\imadmui.dll

    %systemroot%\system32\en-US\imadmui.dll.mui

     

    2)      Copy those files from WDS server to the same location on your workstation.

    3)      Register the dll using the following command as an administrator (remember UAC):regsvr32 imadmui.dll

     

    Method 4: Prestage computers using WDSUTIL command.

     

    More reference:

     

    How to prestage a computer

     

    Prestage client computers

     

    BTW, I noticed that you are using MDT. I would recommend you to post in MDT forums for support as well.

     

    Best Regards

    Dale Qiao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, September 9, 2010 8:01 AM
    Moderator

All replies

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    To answer your questions one by one:

     

    1.     i want to give Help Desk guys permission to approve machines in WDS but they have 'access denied' when viewing list of waiting clients. i already gave them permision for approving (permision to OU...)

     

    As I know, there are two most common causes of this issue:

     

    l   You do not have the correct permissions in AD DS for the computer. You must delegate the appropriate user rights for Help Desk. To approve a pending computer, in AD DS, you must grant rights to the Windows Deployment Services server’s account (WDSSERVER$) to create computer account objects for the containers and OUs where the approved pending computers will be created. Please take the following steps to grant permissions to approve a pending computer:

     

    1)      Open Active Directory Users and Computers.

    2)      Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control.

    3)      On the first screen of the wizard, click Next.

    4)      Change the object type to include computers.

    5)      Add the computer object of the Windows Deployment Services server, and then click Next.

    6)      Select Create a Custom task to delegate.

    7)      Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next.

    8)      In the Permissions box, select the Write all Properties check box, and click Finish.

     

    Reference:

     

    Required Permissions

     

    l   The computer name is invalid. For example, the name might be too long, or it might contain characters that are not valid.

     

    2.     if i want to make approving proces more automatic what should i do? not to wait for approve?

     

    In order to ignore the approval from the administrator, you may prestage clients computers in AD DS, or disable the pending functionality.

     

    3.     i do not have UUID tab when creating computer object in AD - on all screens in forums and blogs i see that there is 'next>' button on first screen when creating computere but in my AD (w2k3) i can not see it.

     

    As I understand your scenario, the WDS server is installed on Windows Server 2008, the AD is installed on Windows Server 2003, you want to prestage the computer in AD but the GUID/UUID window doesn’t appear. I would like to provide the following methods:

     

    Method 1: Install ADDS in Windows Server 2008 and prestage computers from Windows Server 2008.

    Method 2: Install Windows Deployment Services role on Windows Server 2003, then you should be able to see the next window during prestage.

    Method 3: Update the Active Directory Users and Computers on your workstation.

     

    1)      You need the following files from your server and they have to be the same architecture, so if your workstation is x64, then so does the server.

     

    %systemroot%\system32\imadmui.dll

    %systemroot%\system32\en-US\imadmui.dll.mui

     

    2)      Copy those files from WDS server to the same location on your workstation.

    3)      Register the dll using the following command as an administrator (remember UAC):regsvr32 imadmui.dll

     

    Method 4: Prestage computers using WDSUTIL command.

     

    More reference:

     

    How to prestage a computer

     

    Prestage client computers

     

    BTW, I noticed that you are using MDT. I would recommend you to post in MDT forums for support as well.

     

    Best Regards

    Dale Qiao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, September 9, 2010 8:01 AM
    Moderator
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
    BTW,  we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Dale Qiao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, September 16, 2010 1:12 AM
    Moderator
  • hey,

     

    thx for answers.

    i have a question according first one. permission for wds server has been given but you mentioned that Help Desk shoud have proper permission to have access to view pending computers. can you be more specific?

    all information you provided is great. thx

     

    thx in advace.


    Voytas
    Thursday, September 16, 2010 10:49 AM
  • I mean the Help Desk guys should be the Domain administrator of the domain that contains the Windows Deployment Services server so that he can approve the computers in WDS.

    Best Regards

    Dale Qiao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Friday, September 17, 2010 8:47 AM
    Moderator
  • i think that giving Domain Administrator to Help Desk is not good - they have then access to all domain -not good.
    Voytas
    Tuesday, September 28, 2010 7:21 AM
  • Please grant read/write permissions on the C:RemoteInstall\MGMT folder, also give permissions to the OU and see how it works.

    Best Regards

    Dale Qiao

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, October 7, 2010 8:32 AM
    Moderator