This post has been superseded by an updated post found here: http://blogs.technet.com/deploymentguys/archive/2009/10/29/configuring-default-user-settings-full-update-for-windows-7-and-windows-server-2008-r2.aspx. Please update any links or favorites accordingly.
This post was contributed by Michael Murgolo a Senior Consultant with Microsoft Services, U.S. East Region.
Thanks for this. Default User profile is usually a hot point of debate. Group Policy Preferences is going to be fantastic.
I hope you don't mind a random question here, but I am having trouble finding an answer.
I just need to know what ports BDD uses or what program (xcopy, vbscript, etc.) to update Deployment Points over a network. Just need to make sure the firewall has the correct ports open so BDD can update the DP. I think it is just SMB (port 445)... Any help would be appreciated as I can't find any documentation...
I have to agree that managing settings becomes easier using GPO's, power config can be done three ways- unattend settings, run command, or GPO. At least with GP's they are easily managed or changed down the road.
But my newest challenge is Bitlocker- Help! I've been reading everything I can find on doing a task sequence and Bitlocker enabled. I know I'm missing something. I have TPM activated and I can't get it to work- I've tried to do tpm management and set a password. , but nothing I do ends up with Bitlocker enabled. The task sequence ends with an error.If I try to enable Bitlocker in Vista it gives me the hard drive isn't connfigured correctly even though the drives does actually get partitioned correctly.Do I need to edit a script and put the tpm startup password in there? What am I missing? I'll be deploying to new machines.
On another note, I've downloaded the WAIK 1.1, but was going to wait until the update to the Microsoft deployment toolkit is out, could you post online whwn that is available? Any issues with installing the newer waik now, prior to that update?
Also, I'm concerned about Vista SP1 and when that will be a finished product what with seeing the issues with some drivers. I eventually want to build my task sequences using media that has sp1 already in it adn wondering when that media will be available on the e-open site, any insight on that?
Great site Ben, you truly are a genius!
I just resently installed the Windows Deployment system, and I have two questions.
1. I have tried the SkipWelcomescreen option with no luck. Is there a way to not show the welcomescreen, (just set the locale and domain somewhere) and only ask for username and password ?
2. Is there a way of telling the system (by script or other means) to create the computer account in the same OU as the user running the installation ?
- keep up the excelent work ! -
BDD simply uses a VB copy command to update deployment points.
I tend to create the deployment point on the BDD server itself and then use another tool (DFS) to replicate the Deployment point to my sites. I find this easier to manage, espically when you have alot of sites to manage.
You can specify the TPMOwnerPassword
as a variable in the customsettings.ini file. You should not need to edit any scripts. Try adding the following line:
You should see some announcements soon regarding the availability of Vista SP1 and the MDT update.
First of all, great blog, thx for this.
During the past few days I have set up the Windows Deployment system, but now I have two questions that I guess shouldn't be placed here, but I can't figure out where the right place would be so please bear with me.
1. Is there a way to remove the welcomescreen.
I have tried The SkipBDDWelcome=YES option with no luck. Is there a way to skip the welcomescreen and just ask for username and password. (I would like to set the domain fixed also).
2. When the computer is joined to the domain I would like it to create the computer account in the same OU as the user running the installation ? Is there a way of telling the system to do this ?
The SkipBDDWelcome setting should work. You need to make sure that this is included in the bootstrap.ini file and that you update you boot images.
Creating the account in the same OU as the user may be a bit more diffcult. You would need to write a script to do this. I have written a couple of blogs on about how to move a computer to a staging OU during deployment, these may give you some ideas. I think this may require alot of work to get going :(.
I got it working, I had to remove the boot image compleatly from WDS and add it as a new one to get it updated.
In regards to the second challenge all I need to do is query for the users OU and use the result as the value for Organizational Unit.
Could you point me in the right direction as to exactly where the join domain function is executed ?
You simply need to populate the MachineObjectOU value in the customsettings.ini. MDT will then do the rest for you.
I have sevreal OU's for different departments.
Different Departments get different GP's that deploy all the software etc.
Therefore I need to manipulate the OU setting. Maybe I got it wrong but I belive I will not work to manipulate CS.ini during the install prosses.(after entering username and password) because it will not be reread by the installer prosess.
When is the OU setting actaly read from the CS.ini file ?
Ben- thanks for the info on the TPMOwnePassword=blah, but I'm still having issues. Here's the testing I've done. I cleared TPM, then saved bios settings, then set TPM to active. I then tried to deploy a captured reference image (apps installed) and enabling Bitlocker and using TPM only. I set the TPMOwnerpassword in the custon settings ini file. I gotthe dsame errors I had been getting - Unable to find BDEcfgHD.exe, RC=1. So then I decided to try eliminating the captured image part and deployed Vista using the out of box wim, well not to my surprise I did not get any errors in the task sequence, but again, when I looked at Bitlocker it was not enables and the message this drive is not configured for Bitlocker, adn then no way to get it going. The drive has a 2GB partion frmo the image process (that part does work) and the normal c OS drive. I really need to get this going so I can evaluate BitLocker. Another concern from my boss who isn't altogether sold on Vista to begin with. Any help or direction would be GREATLY appreciated asap.I've read everything I can find on BitLocker, even the BitLocker blog site, adn nothing.
The OU setting is read by the ZTI configure script.
Have you read the following blog about how rules work? It covers this topic.
You should not be capturing an image that has bitlocker enabled. You should only enable bitlocker when you deploy the image.
In order to use Bitlocker you need to have copied the bitlocker files to the tools folder in the distribution directory.
I have a problem using Capture Image,
I used the product Help and followed the below steps:
1.Create a deployment point that is configured to capture an image
2.Started the computer to be captured using LiteTouchPE_86.wim
3.Start the deployment wizard,
4.Chose to join to WORKGROUP not a domain
But specify whether to capture an image page doesn’t appear!!
What I missed to make this page appear to can capture an Image?