Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Deployment Issues Win 8 and Win 7


  • Please log in to reply
5 replies to this topic

#1
gotenks98

gotenks98

    Member

  • Member
  • PipPip
  • 162 posts
I posted this on neowin but got no answer. I thought I might try here since there are more people who know more about MDT on this site.

I am needing assistance with 2 things for newly deployed systems. One is for windows 7 and the other is for windows 8. For the first issue I wanted to know how can you update the trusted root certificates in a wim file? We recently had a change to our wifi network and the add trust cert is not there by default. So I want to ensure that it is from now on for all future installs.

My second issue is with windows 8 and MDT 2012. The files for our MDT share are located on a NAS server. In windows 8 there was something done to the security which prevents you from connecting to the NAS server unless I run this command from power shell. Set-SmbClientConfiguration -RequireSecuritySignature $true from powershell, Once I do that it can connect just fine. The problem is if I am doing a new deployment from scratch the install goes ok until first bootup. At that point unless I do that command the rest of the deployment can not proceed. So what I am requesting is a way to turn that security setting off in deployment or have a way that it will run at first bootup using the task sequence.


How to remove advertisement from MSFN

#2
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
Certificate deployment should be done through GPO to ensure the deployment of the certificate and that it will be added back in case of removal. Of course this is only for an Active directory environment.

#3
gotenks98

gotenks98

    Member

  • Member
  • PipPip
  • 162 posts

Certificate deployment should be done through GPO to ensure the deployment of the certificate and that it will be added back in case of removal. Of course this is only for an Active directory environment.

Unfortunately these are standalone workstations that are not going to be on AD so using GPO is not an option. The issue is the certs is needed for the wifi only.

#4
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
Then adding the certificate with a batch using certmgr.exe using runonce key might be your only solution.

#5
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,250 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag
For your 1st question, certutil works and is designed for something like this assuming you have the certificate to install:
http://blogs.msdn.co...er-example.aspx

For the 2nd issue, it sounds like your NAS doesn't understand or isn't configured to accept secure SMB signing on SMB connections. You might want to see if your NAS actually supports this and see if it can be enabled. Otherwise, you need to set this in WinPE 4.x (or use WinPE 3.x and the WAIK in MDT instead to deploy Win8 - it's slower, but it doesn't have this enabled by default). Note that your Win8 installs are going to have a problem with the NAS too unless you run this there or set the RequireSecureNegotiate value to 0 in the LanmanWorkstation service parameters too, so fixing the NAS is probably the best first step, if it can be done.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#6
MrJinje

MrJinje

    Toolâ„¢ Developer

  • Developer
  • 1,032 posts
  • OS:none specified
  • Country: Country Flag
This is how I import my self signed cert to trusted root.

certutil -addstore -f -enterprise -user root C:\pathto\mycert.cer

Edited by MrJinje, 02 September 2012 - 04:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN