/build/static/layout/Breadcrumb_cap_w.png

Win 10 Enterprise Image and OneDrive

Good Afternoon,

We are creating a win 10 enterprise image and need the one drive to be included.  We created a base image. which is just a plain install of windows then syprepped.  We will control the rest of it with GPO. We are pushing out via Kace 2000.

We have ran into an issue. Local computer users can utilize One Drive, but when a domain user logs in to the computer they cannot utilize the OneDrive app.  When you search for it, OneDrive from the store comes up and says install app.   It's already installed, comes with windows.  We know it's not a GPO as we have a computer and user in an OU that is blocking all GPO's.  

Any help appreciated.

Thank You

0 Comments   [ + ] Show comments

Answers (2)

Posted by: SMal.tmcc 7 years ago
Red Belt
1
Do you use roaming profiles?

It can still be a GPO problem.  I have ran into where not all my gpo's were being applied (The one I noticed it fails to add domain groups to the local groups).  There is a new security feature in 10 that disables the hardened paths from connecting and this prevents access to the gpo's files.

ZrDg4y.png

I got it fixed by adding these lines to registry

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ 


https://www.google.com/search?q=win+10+hardened+paths&ie=utf-8&oe=utf-8



Comments:
  • are you copying a profile to default when you sysprep? - SMal.tmcc 7 years ago
    • We are using Audit Mode to sysprep. All we have in our unattend file is disabling the admin account, licence info, and creating a new admin account. - m698322h 7 years ago
    • What I ended up doing was I have a master that has never been sysprep'd. I use windows backup to create a full backup image to a second drive just prior to syspreping. You use boot dvd and do a repair to restore from that in minutes. I do a full OOBE sysprep and copy a master profile I setup to default and it stops weird quirks like this. - SMal.tmcc 7 years ago
      • That may work. I utilize VMware and snapshots for creating the images. My master has a snapshots prior to audit mode, between configs, and pre sysprepping. - m698322h 7 years ago
      • same principle. I am lucky and have a lab with 1 or 2 of all our production machines so I do not need to use vm's. I added one of my answer files as a 2nd answer. - SMal.tmcc 7 years ago
      • One question, do you have to utilize audit mode? - m698322h 7 years ago
      • no I set every thing up on that user make a backup and run sysprep /generalize /oobe /shutdown /unattend:xxxxx.xml - SMal.tmcc 7 years ago
Posted by: SMal.tmcc 7 years ago
Red Belt
1
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<Manufacturer>TMCC ITO</Manufacturer>
<Model>Admin Image</Model>
<SupportHours>8-5</SupportHours>
<SupportPhone>673-7800</SupportPhone>
<SupportURL>http://www.tmcc.edu/it/contact/</SupportURL>
</OEMInformation>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>net user administrator /active:yes</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TaskbarLinks>
<Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
<Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk</Link1>
</TaskbarLinks>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<CopyProfile>true</CopyProfile>
<ComputerName>*</ComputerName>
<ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43</ProductKey>
<EnableStartMenu>true</EnableStartMenu>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>VwBpAG4AZxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>5</LogonCount>
<Username>administrator</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>false</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>VwBpAG4AZABvAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>VwBpAG4AZABvAHcAcwAxADAAIQBExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
<PlainText>false</PlainText>
</Password>
<Description>IT backup</Description>
<DisplayName>2nduser</DisplayName>
<Name>2nduser</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<WindowsFeatures>
<ShowMediaCenter>false</ShowMediaCenter>
</WindowsFeatures>
<RegisteredOrganization>TMCC</RegisteredOrganization>
<RegisteredOwner>Staff</RegisteredOwner>
<DesktopOptimization>
<GoToDesktopOnSignIn>true</GoToDesktopOnSignIn>
<ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
</DesktopOptimization>
<EnableStartMenu>true</EnableStartMenu>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-us</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/win10x64source/sources/install.wim#Windows 10 Enterprise Technical Preview" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ