I have created the Task Sequence for Windows 7 x64 using MDT 2010. Have added the step "Restart Computer" before the domain joining (using script) under State Restore. My client environment has a tool which will give change local administrator Password daily. When i run this task sequence, the autologon is not working for the 3rd restart. I have to put in the local daily password manually using the Tool. Any idea why its not working during the third logon. It kills me for long time.
I tried by disabled the 3rd Restart, the image is completed but the machine is not joined to Domain. :(
I tried by moving the Post-Applycleanup to the end, but still i stops and waiting for the password during 3rd logon.
Let me know if you want any log files.
Is your tool for changing the local administrator password updating the registry so on the next reboot it has the right account information to automatically login with? Assuming you are only updating the password, then you'd just need to update HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword so that on the next reboot, it works as expected.
Note that when the Task Sequence completes, as part of the cleanup it will remove the automatic login registry values.
What tool are you using to update the password? It really only needs to be updated for that one last reboot to help the Task Sequence finish. As I said, the Task Sequence will delete the keys at the end (so that autologon is disabled) and the machine will then be 'normal use'.
The other option is to move the tool that's changing the password to the end so that the reboots work, it updates the password, then the Task Sequence finishes, removes the autologon keys, and shuts down (depending on your FinishAction).
Its internal Tool which will scramble the daily password for the local administrator. In this testing, Domain Joining is happening after the 3rd restart? i cant find out why its taking the password from the tool. May i know which step will clear the autologon? i tried even comments the Autologon registry in LiteTouch.wsf and LTICleanup.wsf but no luck.
Only way to figure out why the domain join is having issues is to look at the log (C:\Windows\Debug\NetSetup.log).
If the third reboot is the last and you have nothing to install / configure after that reboot, instead of doing the third reboot in the Task Sequence, maybe try setting FinishAction=REBOOT in your CustomSettings.ini. This would allow the Task Sequence to finish cleanly, remove the autologon registry entries, and also do the third reboot that should join the domain. It should leave the machine at the logon screen and ready to use.
- Proposed as answer by DCtheGeekMicrosoft employee, Editor Wednesday, August 07, 2013 12:06 AM
The accepted solution for such a scenario is to delay it's action until the last step. In the case of a GPO, exclude until the task sequence ends.
If this is an internal tool, then talk to the clients senior tech's and let them know the issue.
it sounds like you have a GPO that is removing the autologon settings. This is pretty standard, as I've encountered it before. Two solutions I've used in the past:
1)stage the newly deployed computers in a designated OU that does not have any GPOs applied
2) inject a registry key or file to act as a "deployment flag". Then set the GPO to filter out any machines where the key/file is present.