• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
hdbrandon06

Server 2012 First LogonCommands

9 posts in this topic

Hi all,

I'm attempting to install Server 2012 on a "headless" HP mediasmart home server via bootable USB flash drive.

I'm testing my .ISO in a VM to make sure it works.

With my autounattended.xml file, the OS installs perfectly without user interaction.

Hower, my First LogonCommands are not working properly.

Since this is headless....IE no video, I'll need to access the server via RDP when it's installed.

I'm trying to enable RDP, but its not working.

Though, I've sucessfully enabled RDP (in the VM) by running the same registry adds that I have in the .xml file.

I've also tried using the full path to CMD> C:\Windows\System32\cmd.exe /c ....etc

Any thoughts?

Thanks in advances

autounattend.xml

0

Share this post


Link to post
Share on other sites

Can you try running them from the setupcomplete.cmd stage instead of first logon stage. Easier to use setupcomplete.cmd for 'system' or machine-wide settings and keep the first logon scripts for 'per user' settings.

http://technet.microsoft.com/en-us/library/hh825167.aspx

The reason why is that"Commands in the Setupcomplete.cmd file are executed with local system privilege." while your 'first logon' commands run with your users token (which may or may not be elevated).

http://technet.microsoft.com/en-us/library/cc766314%28v=ws.10%29.aspx

Edited by MrJinje
0

Share this post


Link to post
Share on other sites

Sounds good,

But is the setupcomplete.cmd script in the Server2012 ISO somewhere?

I'm seeing that it's called from C:\Windows\Setup\Scripts\SetupComplete.cmd

Extracting the files now do to a search.

0

Share this post


Link to post
Share on other sites

MrJinje,

I've been trying to figure out the process of SetupComplete.cmd.

Is there a specific place I put the file in the .ISO image where it gets copied to C:\Windows\Setup\Scripts\SetupComplete.cmd?

Or do I use FirstLogonCommands to mak the directory, and copy the file...from say a network share?

0

Share this post


Link to post
Share on other sites

Here is how I ended up creating my first logon command via my unattend.xml. I still do the HKLM stuff via the setupcomplete.cmd, but for HKCU, this is the only way to go.

Note that to open powershell and retain synchronicity from FirstLogonCommands, I used "cmd /c start /wait".

            <FirstLogonCommands>                <SynchronousCommand wcm:action="add">                    <CommandLine>cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Setup\Scripts\FirstLogon.ps1</CommandLine>                    <Description>First Logon</Description>                    <Order>1</Order>                </SynchronousCommand>            </FirstLogonCommands>

You can probably throw in some other powershell options as well, like -sta or

cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -nologo -noninteractive -WindowStyle Hidden -command "& {C:\Windows\Setup\Scripts\FirstLogon.ps1}"
Edited by MrJinje
0

Share this post


Link to post
Share on other sites

MrJinje

When windows first Installs the ExecutionPolicy is Restricted

I don't know how you are getting around that during an Unattend?

I've been playing with something like this from a cmd prompt

powershell -command "Set-ExecutionPolicy RemoteSigned"

powershell -command "Get-ExecutionPolicy"

RemoteSigned

0

Share this post


Link to post
Share on other sites

Actually, I use a .reg from SetupComplete.cmd, but same effect.

regedit /s %~dp0Set-ExecutionPolicy.regstart /wait %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe %~dp0Kicker.ps1
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]"ExecutionPolicy"="RemoteSigned"

and have this inside the kicker.ps1 which is running under 'local system' privilege because it is called from SetupComplete.cmd.

Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fSingleSessionPerUser" -Value 0

I've been playing with something like this from a cmd prompt

powershell -command "Set-ExecutionPolicy RemoteSigned"

@max, if it doesn't work, throw a 'start /wait' around it as powershell takes a second to load and we need to wait before calling the next line. Maybe that was why I went with the .reg cause it processed it quicker. (or reg.exe)

start /wait powershell -command "Set-ExecutionPolicy RemoteSigned"
Edited by MrJinje
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.