I thought the imaging of a vDisk via Microsoft Deployment Toolkit and BIS-F is a no-brainer. Unfortunately I was wrong and spend some hours until I got a fully automated setup . So when is the right moment to start BIS-F and seal the image? We can not tigger it during the task sequence otherwise the vDisk would be broken because:
– The auto-login is still enabled
– The deployment share drive is still connected
– MININT directory on C:\ etc.
With the available information my plan was to write a script (last action in the TS) which should do the following things:
1.Change Auto-Login to my MDT Build Service Account
2.Add a RunOnce Key to trigger a custom script
Action of the custom script:
2.Remove Password (cleartext) of Service Account
3.Run BIS-F to start the sealing
Result: This was not working at all. The autologin for my build account was never applied to the registry. Whats going on?
The problem with MDT and running BIS-F is the following -> As soon a TS finishes the last step is always to run the cleanup script “LTICleanup.wsf” which is disabling the auto-login. You can not change this behavior.
Snippet of the LTICleanup.wsf:
Because I am not only deploying my Golden Images with MDT I did not want to edit the LTICleanup.wsf which would break my other machines from a sucesfull deployment. I was asking arround for a solution and Martin Therkelsen gave me a hint that I should have a look at the “Final Configuration for MDT 2013” from Johan Arwidmark. This was exactly I was looking for. Shout-Out to Johan. Thanks for providing the script 🙂 There is also an older blog post from Eric Haavarstein who encountered the same problem. I slightly modified his version and put some more explanations whats going on under the hood of MDT.
With the help of the Final Configuration for MDT we can apply the default “LTICleanup.wsf” script AND we can run additional commands which is not possible with MDT out of the box. When you download the sources from Johans website you will find a “FinalConfig.hta” file which we need to edit for our needs. Replace the code starting in line 112.
REM --- Disable the Auto Service Logon ---
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d "0" /t REG_DWORD /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f
REM --- Run BISF ---
PUSHD "%ProgramFiles(x86)%\Base Image Script Framework (BIS-F)"
Create the Application in MDT
If you are following Johans instructions to create the application in your MDT workbench he will suggest you to choose “Application with source files”. I don’t let MDT manage my folder structure because I simply just don’t like the structure (eveything is in the root directory) and have my own conecpt for that. Thats why I always create the applications “without source files” which gives me more control about the final location.
Johans Way – “C:\Hydration\Applications\Final Configuration 2013”
My Way – “C:\Hydration\Applications\Scripts\Final Configuration 2013″
If you are going to choose Johans way everything will work fine but as soon you go for a custom application directory this will break the Final Configuration script because it can’t find it’s way to default script directory where the “LTICleanup.wsf” is located.
Too solve this issue you need to edit the “Configure-FinalConfig.wsf” script and modify the source directory (Line 2).
Install command and Working Directory
Integrate into Task Sequence
Make sure the final action of the task sequence is NOT resulting in a reboot or shutdown of the system. This will break the Final Configuration script.
OSDComputername = XA-02
TaskSequenceID = WRK-001
SkipDomainMembership = YES
SkipComputerName = YES
SkipTaskSequence = YES
SkipFinalSummary = YES
How does it look in action?