MDT Task Sequencing: Where are my unattend.xml Local User Accounts?Written by Andy
I have been digging deeper and deeper into the functionality and relationships between ConfigMgr Task Sequencing, the unattend.xml/unattend.txt files and the MDT Scripts to better understand how these all come together – as opposed to just referring to all of it as ‘Witchcraft’.
A simple task, you might think, would be to automate the creation of additional local user accounts during an integrated MDT task sequence, so you could imagine my frustration when it seemed that the Local Accounts portion of the unattend.xml file I was pushing down with my ‘Apply Operating System Image’ step was being ignored completely.
It transpires, that the MDT “ZTIConfigure.wsf” script was working against my efforts and removing my customisations related to Local User Accounts, and we can see why within the script;
I can immediately understand the need to remove any AutoLogon and Run-Once entries, as we do not really want anything interfering with the Task Sequence steps – however the action of removing any local account entries perplexes me and I cannot think of any reason why this has been stipulated.
I commented out the offending lines in the ZTIConfigure.wsf, as shown above, saved my changes, updated the MDT Toolkit Files package on my DP’s and re-ran my task sequence – et voila; additional user accounts!
I investigated and contemplated other solutions prior to this, such as using task sequence ‘Run Command Line’ steps with the relevant ‘NET USER / LOCALGROUP’ commands, however I was not so keen on having the desired account password in plain text. Another suggestion was to use a masked Collection Variable containing the password and referencing this variable during the task sequence – however this would not be practical in environments which have multiple OSD collections.
Latest from Andy
- ConfigMgr 2012 SP1 with MDT 2012 Update 1, UDI Task Sequence and Bitlocker Error 6767
- ConfigMgr 101: Patience dear boy… SMS_SERVER_BOOTSTRAP
- ConfigMGr MPControl.log: Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
- ATI Catalyst Drivers Installation
- ConfigMgr 2012: 64bit file system redirection bites again…