I have successfully imaged a PC using the scripted installation on the K2000. My question is, how would I go about enabling the local admin account in Windows 7, delete the account that was created to do the install, and create a local limited account? 

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

4

put these commands in your post tasks.

start /wait net user administrator /active:yes
start /wait net user administrator Pa$$word

 

start /wait net user 2ndUserName /delete

 

start /wait net user NewUser Password /add /fullname:"first last"

start /wait net user NewUser /active:yes

start /wait net localgroup groupname newuser /add

http://support.microsoft.com/kb/251394

http://technet.microsoft.com/en-us/library/cc725622(v=ws.10).aspx

 

Answered 11/05/2012 by: SMal.tmcc
Red Belt

  • Perfect. Also, what is the commands to make NewUser set to "User cannot change password" and Password never expires" options?
  • /passwordchg:{yes | no}
    Specifies whether users can change their own password. The default is yes.
    /expires:{date | never}
    Causes the account to expire if date is set. The never option sets no time limit on the account. An expiration date is in the form mm/dd/yy or dd/mm/yy, depending on the country code. Months can be a number, spelled out, or abbreviated with three letters. Year can be two or four numbers. Use slashes (/) with no spaces to separate parts of the date.

    start /wait net user NewUser Password /add /fullname:"first last" /expires:never /passwordchg:no
  • The option for "User cannot change password" works. The other " Password never expires" option is not checked. I have exactly what you posted here.

    start /wait net user NewUser Password /add /fullname:"first last" /expires:never /passwordchg:no
  • oops by bad, that /expires is for the account not the password you can create a second user with these 2 lines. by default the user will be a member of "users"

    start /wait net user NewUser Password /add /fullname:"first last" /expires:never /passwordchg:no /active
    start /wait wmic useraccount where Name='NewUser' set PasswordExpires=False
  • That worked perfectly... One more thing... I would like on another setup, to do all the following we have done so far, but the new user we created, how would I go about making it to auto login on Windows 7 x64-bit?
  • start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 2 /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d 2ndUserName /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Pa$$w0rd /f

    the auto login count is how many times it will autologin with these crdentials. If you want it to do it forever leave that line out. When the count reaches zero it deletes the defaultpassword keyset.
    if you want it to autologin to a domain account you need to add
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d domain /f
  • This works great when I manually run it... Would I need to add it as a shell script or bat script in the k2000?
  • Sorry not shell script as it is for Mac OSX... When I run it in the scripted install it does not work. So I'm wondering if it needs to login the new account first, then autologin forever?

    Right now, it comes up to select administrator or the account I created. I select it then it logs in.
  • I have a post bat script for windows with these commands, you can also put the command in your answer file to autologin for scripted installs.
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <OOBE>
    <HideEULAPage>true</HideEULAPage>
    <NetworkLocation>Work</NetworkLocation>
    <ProtectYourPC>3</ProtectYourPC>
    </OOBE>
    <UserAccounts>
    <LocalAccounts>
    <LocalAccount wcm:action="add">
    <Password>
    <PlainText>false</PlainText>
    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxZAA=</Value>
    </Password>
    <DisplayName>F12Master</DisplayName>
    <Name>F12Master</Name>
    </LocalAccount>
    </LocalAccounts>
    <AdministratorPassword>
    <PlainText>false</PlainText>
    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHcAbwByAGQA</Value>
    </AdministratorPassword>
    </UserAccounts>
    <RegisteredOrganization>tmcc</RegisteredOrganization>
    <RegisteredOwner>staff</RegisteredOwner>
    <AutoLogon>
    <Password>
    <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxZAA=</Value>
    <PlainText>false</PlainText>
    </Password>
    <Enabled>true</Enabled>
    <Username>F12Master</Username>
    </AutoLogon>
    </component>

    here is my post image task for one of my acad images

    net start w32time

    %SystemRoot%\system32\w32tm /config /update /manualpeerlist:tmccacad.tmcc.edu /syncfromflags:manual

    start /wait net user administrator /active:yes
    start /wait net localgroup administrators f12master /add
    Start /wait net user administrator password

    start /wait cscript.exe -b c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer password

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 2 /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d tmccacad /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d installer /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d password /f

    start /wait reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Enviroment" /v LSFORCEHOST /d ms-vdf.tmccacad.tmcc.edu /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v Userinit /d "C:\Windows\system32\KUsrInit.exe," /f

    del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log1 /f /q /a:hs

    del C:\Users\Default\AppData\Local\Microsoft\Windows\*.log2 /f /q /a:hs

    del C:\Users\Default\AppData\Local\Microsoft\Windows\*.blf /f /q /a:hs

    del C:\Users\Default\AppData\Local\Microsoft\Windows\*.regtrans-ms /f /q /a:hs

    del C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\*.* /f /q

    del c:\users\default\downloads\*.* /f /q /s

    "C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ospprearm.exe"

    start /wait cscript %SystemRoot%\System32\slmgr.vbs -ATO

    start /wait cscript "c:\program files\microsoft office\office14\ospp.vbs" /act

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v ipv6kill /d "reg.exe add \"HKLM\SYSTEM\CurrentControlSet\services\Tcpip6\Parameters\" /v DisabledComponents /t REG_DWORD /d 4294967295 /f"

    cmd /c md "%allusersprofile%\Dell\KACE" & cmd /c move /y "%systemdrive%\KACE\k2000_deployment_info.conf" "%allusersprofile%\Dell\KACE\k2000_deployment_info.conf"

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v kclean /d "c:\kcleanup.exe"
  • We are not using Sysprep, therefore no answer file.
  • got thinking about your problem and realized what is wrong, windows 7 knows administrator is local but not the 2nduser so try this line with the .\ in front of the user name
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d .\2ndUserName /f
  • Seems like we're on the right track... However, it still isn't working correctly...

    I checked and made sure the registry keys were added and the only ones that appear to be added was:

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d .\SSCC /f

    The other two doesn't appear to be set.

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d password /f


    The one to set the AutoAdminLogon was set to 0 and I didn't even see the one at all for default password.
  • edit this and remove your password, will run another test on my machine, is yours in the domain or workgroup?
  • I read online somewhere about doing the password in "" empty double quotes. Should I do that or remove the password all together?

    Also, what about the command:

    start /wait net user SSCC password /add /fullname:"SSCC" /expires:never /passwordchg:no /active

    Should I remove the password there too?

    These are on a workgroup. I really appreciate all your help. You've helped me out a lot!
    • sorry just meant from the post, did not know if you cared if your pw was displayed
  • nah, its fine... just for a workgroup environment anyways.
Please log in to comment

Answers

2

ok did more testing and 64 bit requires more options

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d sscc /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d sscc /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v ForceAutoLogon /d 1 /f

start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DisableCAD /t REG_DWORD /d 1 /f

Answered 11/16/2012 by: SMal.tmcc
Red Belt

  • Well, the script works great when I manually run it... I have setup a BAT script in the k2000 as a post install to run the following:

    start /wait net user SSCC sscc /add /fullname:"SSCC" /expires:never /passwordchg:no /active
    start /wait wmic useraccount where Name='SSCC' set PasswordExpires=False
    start /wait net user SSCC /active:yes
    start /wait net localgroup groupname SSCC /add
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d SSCC /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d sscc /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v ForceAutoLogon /d 1 /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DisableCAD /t REG_DWORD /d 1 /f
  • maybe it is not running, what other post tasks do you have? also look on the scripted machine and does a directory c:\kace still exist?
  • C:\KACE folder still exists...

    I have several applications installing as post install tasks in the following order:

    Mozilla Firefox
    Java 7 update 9
    Adobe Flash
    Adobe Flash Plugin
    Adobe Reader
    Office 2010 x64
    KBOX Agent
    (THEN THE SETUPCOMPLETE.BAT file runs
    Restart
  • are all the apps getting installed? is the c:\kace directory still there?
  • Yes, all the apps are installed. Yes, the directory still exists.
  • If the c:\kace still exists means the post install did not finish due to the chain breaking, either by restart or just not returniing from a sub batch file to the main file.

    I suspect office is restarting breaking the chain. Is the agent installed?

    If you look at the c:\kace directory you will see the batch file kace creates to run all the post tasks from the applications subdirectory.

    Try moving the steps around in your post installs and put whatever is doing the restart last.
  • I have tried moving the tasks around and the autologin still doesn't work. I don't know... if I manually run it, it works fine. This is confusing. Happy Thanksgiving! I'll be returning to work this coming Monday.
  • Alright, so I pulled off all the tasks and left just the post install task that is running the autologin script... Looks like I have found part of the problem. The account we created when we setup the scripted deployment was named 'kaceadmin'. It autologins fine, but by then the script has already ran to delete and create the other users. I'm going to work with it some more and see what I can do, but wanted to give you an update for now...
  • I have found a fix... Here's what I did!

    I setup two bat scripts to run back to back. The first one I named delete setup account and here is what I wrote.

    start /wait reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
    start /wait reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d SSCC /f
    start /wait reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d sscc /f
    start /wait reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v ForceAutoLogon /d 1 /f
    start /wait reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DisableCAD /t REG_DWORD /d 1 /f
    start /wait net user kaceadmin /delete

    The second has:

    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d SSCC /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d sscc /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v ForceAutoLogon /d 1 /f
    start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DisableCAD /t REG_DWORD /d 1 /f

    One with the "delete" command and the second with the "add" command and now it is working perfectly! Thank you for all your help!!!! I greatly appreciate it!
    • This has been working fine up until the 3.6 update on the K2000. I haven't changed anything. Any suggestions?
  • been on vacation, glad you worked the order out. I do same thing with my answer file and post scripts, have a self destructing user.
  • So, I am now working on a Windows 7 32-Bit machine deployment... The above mentioned works well for Windows 7 x64, but not for x86.

    Could you assist me in auto login for 32-bit? I greatly appreciate all your help!
Please log in to comment
Answer this question or Comment on this question for clarity