K2000 Post install tasks stop after Domain Join because of Acceptable Use Policy
I am new to KACE and imaging in general. The issue I am running into is during the post install tasks and how KACE is adding a Reset UAC task at the end which is requiring one more reboot after I run my domain join task. This causes a reboot after a user logs in to finish the pose install tasks. Does anyone else have this issue?
The appliance has two built in tasks:
-Capture and Disable UAC (it runs after all your post install tasks are done)
This is the first post install task, it will remember the current state of the UAC and disable it.
This will restore UAC back to it's original state.
So... this should have no issues with a Domain Join Task...
Now... if you are joining to a domain too soon, your GPO policies may disrupt the deployment...
If you are using a Domain Join task, I recommend to use the Reboot checkmark.
What you need to do is add more (+1) count to the autologon value in your Image's Answer File (unattend.xml).
You need to look at the arrangement of your post task to stop that.
You can also create a last task to set the machines autologin count to one/two and then force a reboot taking care of that.
Note: I am using custom deployments so I have some special tasks you do not need
I join the domain using the post task 5 and then force update so the GPOs are current. I then reset the count and refreeze.
Post 7 :
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v refreeze /d "c:\windows\w2d\refreeze.bat"
This lets the kcleanup run, reboot and run the final command. The batch file calls an exe on a domain share that only IT techs and a special user in the batch has access to.
For the admin images we do them in shop, we do not auto join the domain because we give them generic names and stack them ready to deploy. I set the autologon as administrator with 2 counts left. They get deployed to the field , the tech starts them up and renames the machine on the first boot and joins the domain on the second. The third boot the tech logs in and migrates can configures the machine for the user.
If you want to kill the Acceptable Use Policy only, Either create an additional task or add these reg pokes to tasks after the join task to temporally counter the policy the domain is pushing. The domain will just put them back after if you are using GPO to set. But that takes two boots, the first tell the machine what to do and the second boot does it. If you have too many tasks with reboots it will turn back on so you may do it more then once
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticecaption /f
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticetext /f
Ok, So a simple fix after messing around a bit. By the way thanks for all the feedback. So I fixed my issue by simply unchecking the reboot checkbox on my Domain Join job. What this does is allowed KACE to run those last two clean up jobs and they have a reboot set already and my machine finishes all task without having to touch it. I don't know if this will help anyone out but it was that simple for me.