Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Server 2012 First LogonCommands


  • Please log in to reply
8 replies to this topic

#1
hdbrandon06

hdbrandon06
  • Members
  • 3 posts
  • OS:Server 2012
  • Country: Country Flag

Hi all,

 

I'm attempting to install Server 2012 on a "headless" HP mediasmart home server via bootable USB flash drive.

I'm testing my .ISO in a VM to make sure it works.

 

With my autounattended.xml file, the OS installs perfectly without user interaction.

Hower, my First LogonCommands are not working properly.

 

Since this is headless....IE no video, I'll need to access the server via RDP when it's installed.

I'm trying to enable RDP, but its not working.

 

Though, I've sucessfully enabled RDP (in the VM) by running the same registry adds that I have in the .xml file.

I've also tried using the full path to CMD> C:\Windows\System32\cmd.exe /c ....etc

 

Any thoughts?

Thanks in advances

 

 

 

Attached Files




How to remove advertisement from MSFN

#2
MrJinje

MrJinje

    Tool™ Developer

  • Developers
  • 1,031 posts
  • OS:none specified
  • Country: Country Flag

Can you try running them from the setupcomplete.cmd stage instead of first logon stage.  Easier to use setupcomplete.cmd for 'system' or machine-wide settings and keep the first logon scripts for 'per user' settings.

 

http://technet.micro...y/hh825167.aspx

 

The reason why is that"Commands in the Setupcomplete.cmd file are executed with local system privilege."  while your 'first logon' commands run with your users token (which may or may not be elevated).

 

http://technet.micro...4(v=ws.10).aspx


Edited by MrJinje, 31 August 2013 - 11:57 AM.


#3
hdbrandon06

hdbrandon06
  • Members
  • 3 posts
  • OS:Server 2012
  • Country: Country Flag

Sounds good,

 

But is the setupcomplete.cmd script in the Server2012 ISO somewhere?

I'm seeing that it's called from C:\Windows\Setup\Scripts\SetupComplete.cmd

 

Extracting the files now do to a search.



#4
hdbrandon06

hdbrandon06
  • Members
  • 3 posts
  • OS:Server 2012
  • Country: Country Flag

MrJinje,

 

I've been trying to figure out the process of SetupComplete.cmd.

 

Is there a specific place I put the file in the .ISO image where it gets copied to C:\Windows\Setup\Scripts\SetupComplete.cmd?

 

Or do I use FirstLogonCommands to mak the directory, and copy the file...from say a network share?



#5
MrJinje

MrJinje

    Tool™ Developer

  • Developers
  • 1,031 posts
  • OS:none specified
  • Country: Country Flag

I add the $OEM$ folder structure inside the 'sources' folder on the DVD or USB.  That way it gets copied to the correct location during install.

 

http://www.msfn.org/...63-oem-folders/

 

http://technet.micro...228(WS.10).aspx

 

DVDRoot\Sources\$OEM$\$$\Setup\Scripts



#6
MrJinje

MrJinje

    Tool™ Developer

  • Developers
  • 1,031 posts
  • OS:none specified
  • Country: Country Flag

Here is how I ended up creating my first logon command via my unattend.xml.  I still do the HKLM stuff via the setupcomplete.cmd, but for HKCU, this is the only way to go.

 

Note that to open powershell and retain synchronicity from FirstLogonCommands, I used "cmd /c start /wait".   

            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Setup\Scripts\FirstLogon.ps1</CommandLine>
                    <Description>First Logon</Description>
                    <Order>1</Order>
                </SynchronousCommand>
            </FirstLogonCommands>

You can probably throw in some other powershell options as well, like -sta or

cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -nologo -noninteractive -WindowStyle Hidden -command "& {C:\Windows\Setup\Scripts\FirstLogon.ps1}"

Edited by MrJinje, 29 September 2013 - 12:31 PM.


#7
maxXPsoft

maxXPsoft

    MSFN Master

  • Developers
  • 2,879 posts
  • OS:Windows 7 x64
  • Country: Country Flag

MrJinje

 

When windows first Installs the ExecutionPolicy is Restricted

I don't know how you are getting around that during an Unattend?

 

I've been playing with something like this from a cmd prompt

powershell -command "Set-ExecutionPolicy RemoteSigned"

 

powershell -command "Get-ExecutionPolicy"

RemoteSigned



#8
MrJinje

MrJinje

    Tool™ Developer

  • Developers
  • 1,031 posts
  • OS:none specified
  • Country: Country Flag

Actually,  I use a .reg from SetupComplete.cmd, but same effect.

regedit /s %~dp0Set-ExecutionPolicy.reg
start /wait %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe %~dp0Kicker.ps1
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"ExecutionPolicy"="RemoteSigned"

and have this inside the kicker.ps1 which is running under 'local system' privilege because it is called from SetupComplete.cmd.

Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fSingleSessionPerUser" -Value 0

 

    I've been playing with something like this from a cmd prompt

    powershell -command "Set-ExecutionPolicy RemoteSigned"

@max, if it doesn't work, throw a 'start /wait' around it as powershell takes a second to load and we need to wait before calling the next line.  Maybe that was why I went with the .reg cause it processed it quicker.  (or reg.exe)

start /wait powershell -command "Set-ExecutionPolicy RemoteSigned"

Edited by MrJinje, 07 October 2013 - 06:14 AM.


#9
maxXPsoft

maxXPsoft

    MSFN Master

  • Developers
  • 2,879 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Looks like Microsoft-Windows-TerminalServices-LocalSessionManager fDenyTSConnections only applies to Server

But those 2 settings are set to a 1 in Windows 7 and 8.1


Edited by maxXPsoft, 07 October 2013 - 08:01 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users



How to remove advertisement from MSFN