Greetings

I am working on a new Windows 7 image for our organization. My image is pretty much ready to go, other than one issue. For some reason, the local administrator account does not get disabled by sysprep. What I am wanting is to have a different account used for local administrator. I have configured my unattend file to create this account, which works fine. When the sysprep is finished, and the computer reboots, everything seems okay. Windows prompts for a computer name as designed, and then I get prompted to login with default (which I can’t) or other account. I select other, enter in the credentials for my local account that sysprep created, and everything is good.

The strange thing is if I disjoin the system from the domain (after joining), and reboot, the system automatically logs in as the local administrator without prompting. It just sails right on in.

My method of creating the image is performing the ctrl shift f3 at the initial Welcome screen after a fresh install of Windows. While in Audit mode, I perform any updates, install my apps, etc.I have noticed this in my unattend file that could be the culprit:

<AutoLogon>
                <Password>
                    <Value>XXX</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>5</LogonCount>
                <Username>Administrator</Username>
            </AutoLogon>

I am unsure if this is required for performing the sysprep and then is supposed to removed after sysprep is finished. If not, would removing this entry prevent the autologin into the administrator account, as well as allow sysprep to disable the administrator account as it is supposed to?

Thanks for any input.

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
you will need a few components to shut down the local admin

<settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Path>net user administrator /active:no</Path>
                    <Order>1</Order>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>

    <settings pass="oobeSystem">
       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <PlainText>true</PlainText>
                            <Value>password</Value>
                        </Password>
                        <DisplayName>2nduser</DisplayName>
                        <Name>2nduser</Name>
                        <Group>Administrators</Group>
                    </LocalAccount>
                </LocalAccounts>
                 </UserAccounts>
            <AutoLogon>
                <Password>
                    <Value>password</Value>
                    <PlainText>true</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>5</LogonCount>
                <Username>2nduser</Username>
            </AutoLogon>
        </component>
    </settings>
Answered 11/17/2014 by: SMal.tmcc
Red Belt

  • Just to clarify, should I leave in the AutoLogon component I mentioned and put in the components you have listed?
    • not sure if you use the kbox (not tagged) or not but if you are you will need a couple of reboots for the tasks to process properly. What I do when I join the machine to the domain is to poke the autologin keys to reflect a domain user and when all is finished I have a section to delete the autologon keys all together.

      my joindomain tasks reboots after joining then continues other post tasks, these lines are in that task script.
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d acaddomain /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d domainuser /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d domainuserspassword /f

      then when all is done I do this:

      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 0 /f

      reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v defaultpassword /f
      • CRAP IT RAN IT ALL TOGETHER!!!!!
Please log in to comment
0
not sure if you use the kbox (not tagged) or not but if you are you will need a couple of reboots for the tasks to process properly.  What I do when I join the machine to the domain is to poke the autologin keys to reflect a domain user and when all is finished I have a section to delete the autologon keys all together.

my joindomain tasks reboots after joining then continues other post tasks, these lines are in that task script.
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d acaddomain  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d domainuser  /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d domainuserspassword /f

then when all is done I do this:

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 0 /f

reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v defaultpassword /f
Answered 11/17/2014 by: SMal.tmcc
Red Belt

  • For this case, we are not using kbox. Just a simple ghost image
    • then you do not really need autologin unless some scripts you have run after post sysprep.
      • just create your secondary admin and disable the primary administrator account.
  • Just to reiterate, I am creating the image using the audit mode method (ctrl shift f3 at the initial Welcome screen). I believe you are logged in as administrator when you are in this mode. Once you reseal, sysprep is supposed to automatically disable the administrator account. My unattend file creates my secondary admin. I am going to try just remove this entry in my unattend unless someone has a better idea. I was simply following the IT Bros sysprep guide, so possibly this got added by mistake.

    <AutoLogon>
    <Password>
    <Value>XXX</Value>
    <PlainText>false</PlainText>
    </Password>
    <Enabled>true</Enabled>
    <LogonCount>5</LogonCount>
    <Username>Administrator</Username>
    </AutoLogon>
    • yea audit mode is a little different from generalizing it. that should do it, after cast your image go into the registry and just check the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and see what the keys for autologon are set at. That will answer the question.
Please log in to comment
Answer this question or Comment on this question for clarity