Avoiding Legal Notice that breaks MDT autologon.
There is a known issue when you're setting Legal Notice text and caption in GPO and when deploying in MDT, the Legal Notice is popping up during auto logon. I fix it by saving JoinDomain to another variable SavedJoinDomain and join to domain before the last step in the task sequence.
Here are the steps
Add a new custom property to your customsettings.ini
Properties=MyCustomProperty, SavedJoinDomainModify Scripts\ZTIDomainJoin.wsf by commenting out those two lines:
oLogging.CreateEntry "Initiating a reboot.", LogTypeInfo
oEnvironment.Item("LTISuspend") = ""
' oEnvironment.Item("SMSTSRetryRequested") = "true"
' oEnvironment.Item("SMSTSRebootRequested") = "true"Create a new temporary task sequence and ovewrite TS.XML from CONTROL\<Your TS ID> with TS.XML attached to this post
Copy "Save JoinDomain" group and paste it to your TS before Preinstall\Configure
Copy "Restore JoinDomain" group and paste it to your TS before State Restore\Recover From Domian. See attahced picture.
In the following "Recover From Domian" step make sure it's Auto Recover
Make sure there are no following reboots after this step
You can delete temporary task sequence now
Comments
- Anonymous
March 28, 2011
Will this avoid the restart after joining domain is successful? - Anonymous
April 20, 2012
Solved my problem.. Thanks for the solution - Anonymous
July 05, 2012
Works in MDT2010 and MDT2012. Thanks for the solution. - Anonymous
August 02, 2012
I ran this, and it did bypass the security screen. But now it no longer joins to the domain, just the workgroup. - Anonymous
January 11, 2013
Works in MDT2010 and MDT2012. Thanks for the solution. - Anonymous
January 21, 2013
This seems to be the right fix for me. But seems to keep me from deploying drivers. Any sugesstion? Maybe it`s something somewhere in my customsettings.ini: Thanks in advance.[Settings]Priority=DefaultProperties=MyCustomProperty, SavedJoinDomain[Default]_SMSTSORGNAME=My CompanyOSInstall=YSkipAppsOnUpgrade=NOSkipApplications=NODeploymentType=NEWCOMPUTERMandatoryApplications001={d19949c3-d445-4b3c-949f-18f56e787bdb}MandatoryApplications002={acbf2498-3581-4430-81a0-7d1f4e588915}SkipComputerName=NOSkipAdminPassword=YESSkipProductKey=YESSkipDomainMembership=NOSkipUserData=YESUserDataLocation=AUTOSkipLocaleSelection=YESDoNotCreateExtraPartition=YESSkipTaskSequence=NOTaskSequenceID=WIN7-FR-001SkipTimeZone=YESSkipApplications=YESSkipBitLocker=YESSkipSummary=YESSkipBDDWelcome=YESSkipCapture=YESSkipAdminAccounts=NOSkipFinalSummary=NOTimeZone=005TimeZoneName=Eastern Standard TimeJoinDomain=MydomainDomainAdmin=myuserDomainAdminDomain=MydomainDomainAdminPassword=Mypassword - Anonymous
March 13, 2013
ACCEOTech, it sounds like your problem might be in the Task Sequence.. CS.ini looks fine.. - Anonymous
March 13, 2013
the1rickster, if you are using Virtual machines, Please make sure:Edit --> Virtual network editor --> click "Host-only Type" --> DO NOT TICK "user local DHCP to distribute IP address to VMs - Anonymous
March 20, 2013
With regards to step 7. Make sure there are no following reboots after this step.What happens if there are?This solution works great until I enable the Windows Updates before and after the Install Applications task.For each successful reboot there after I need the legal notice to be avoided.Is this possible? - Anonymous
June 12, 2014
Logonexpert works perfectly for bypassing logon notice www.logonexpert.com/.../options.html - Anonymous
June 27, 2014
Taho, I went your route because of the possibility of the machine restarting after it's joined to the domain with Alex's process.With LogonExpert, I have a TS the installs it, then copies over my preconfigured logon.ini file. The last TS is to uninstall the software before I capture it. - Anonymous
October 07, 2014
This worked great !!! THANK YOU..... The only thing I had to modify was in the CS the last veritable. I noticed that the newly deployed OS was sitting logged into the admin's account. I added FinalAction=Reboot that took care of it now i have deployed imaged fulling joined sitting at the CRTL+ALT+Delete Log On - Again what a time saver AWESOME - Anonymous
October 07, 2014
let me make one correction it was FinishAction=REBOOT not Final - forgive me please - - Anonymous
January 13, 2015
This works great. Just confirmed this process works with MDT 2013. - Anonymous
February 19, 2015
Hello, AlexSemi.Great post. Thanks. Work perfect.But can't understand, what is the reason of executing steps 3-5?Why just doing step 2 does not bring the desired result?Thanks. - Anonymous
March 02, 2015
great work, but I have one issue, sometimes, a machine joins the Domain successfully but then cannot be found in the AD, then after 10 minutes or so, there is an authentication error when trying to log in at Ctrl Alt Del Screen, ( as I said, it is not always like that) any Idea.. thanks - Anonymous
May 06, 2015
Hi, I've just solved my problem with MDT breaking after legal notice text / logon message.There is a very simple way to delay the legal message based upon the presence of C:_SMSTaskSequence.If you are using the GPO for "Interactive logon: Message text for users attempting to log on" and "Interactive logon: Message title for users attempting to log on" it's simple: DON'T!!!!!Instead of using the Interactive Logon Policy items, create registry items for the below..."SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemlegalnoticetext""SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemlegalnoticecaption"You can then apply "Item Level Targeting" on these and only apply is folder C:_SMSTaskSequence does NOT exist.It's as simple as adding a new "File Match" item and then right click on it, go to "Item Options", then choose "Is Not". Then change "Match Type" to "Folder" and enter "C:_SMSTaskSequence" in the "Path".Bob's your uncle, MDT delayed Legal Notice Text which will apply after the MDT has finished (folder disappears)