I am trying to master MDT deployment, which seems to be a very versatile tool.
The way I do it is:
- install windows 7 on a reference PC, change screen saver and background and internet time settings.
- run sysrep on the reference PC.
- use imagex to capture image.wim
- use MDT to create a deployment share and task sequence.
- create a bootable USB pen drive, PXE boot the new PC, and install.
After that, login as a local admin, join the domain (or .leave it in the WORKGROUP)
After reboot, I noticed that the things like: firewall settings, Windows update settings etc are greyed out (control panel -> windows update -> change settings). There is a text message saying: Some settings are managed by your system administrator.
Well, I am logged in as local administrator. So why things are greyed out? Any thoughts?
PS: half of my users MUST be local administrator on his own PC/laptop, due to the nature of their work. So I must make sure local admin can change settings on their own PC.
— to answer @WinOutreach4 questions —
- I run the GUI version of sysprep, so only 3 options are used: OOBE, generalise, shutdown after sysprep.
- I did not use audit mode to change anything.
- We use samba domain, not windows active directory domain, so I cannot try WDS. However one reason I am trying out MDT is because it is likely we will be moved to windows AD domain, so I can NIC book the PCs and launch the imaging process.
- I use MDT2012 to create deployment share, and use the LiteTouch_x64.iso to PE boot the PC, the install process will pick up the image etc from the deployment workbench PC. In order to save wasting many CD/DVDs, I created a bootable USB pen drive and copied the iso content in the pen drive.
Thanks for looking into this.
— end —
— to answer @WinOutreach4 questions —
- I don't think I have 'copyprofile' on. The screen saver and background is done through local group policy. I used the local administrator account to make these changes. Then the local group policy is saved as part of the image.
- I only create 1 local account to finish the installation of the reference PC. I will look into the audit mode.
- PS: In my reference image, I only have a few things customised: screensaver/background, a few registry settings, that's all. I don't install any applications during imaging. Application installation is done as part of Deployment Share creation – I add Applications, and they are included in the Deployment Sequence. I also inject device drivers at this stage. So if I watch my deployment process, the first part is image deployment, then there is a page with a list of applications for me to choose which ones to install. In this way, I can keep 1 master image for all types of machines, all types of users.
In future when I have a windows domain, I will probably leave the screensaver/background to group policy, hence the reference image will be very very simple to maintain. Applications installation can either be done as provided by MDT, or using group policy installation.
The unatend.xml is uploaded to: http://www.mediafire.com/?ad56zq06kxkqssv (I cannot find a place to upload it in serverfault)
again, thx for your time!
— end —
–Last Update: success–
Thanks to @WinOutreach4 (especially to you WinOutreach4 for taking out time testing) & MDT Guy, I got it working in the end!
3 things to do:
1) Add WillWipeDisk to unattend.xml
2) Add CopyProfile (=true) to unattend.xml
3) ApplyGPOPack=NO in the ini file
Thank you so much! I didn't see these settings in any of the tutorials/blogs/youtubes I went through, and you helped me out. Cannot thank you enough…
–end–
Best Answer
Good point on MDT's versatility, its the single most powerful systems deployment tool I have ever had the privlidge of working with, you're getting close, but a few pointers here.