K2000 Post install tasks stop after Domain Join because of Acceptable Use Policy

I am new to KACE and imaging in general. The issue I am running into is during the post install tasks and how KACE is adding a Reset UAC task at the end which is requiring one more reboot after I run my domain join task. This causes a reboot after a user logs in to finish the pose install tasks. Does anyone else have this issue?

0 Comments   [ + ] Show comments

Answers (4)

Posted by: Channeler 1 year ago
Red Belt

The appliance has two built in tasks:

-Capture and Disable UAC (it runs after all your post install tasks are done)

This is the first post install task, it will remember the current state of the UAC and disable it.

-Restore UAC

This will restore UAC back to it's original state.

So... this should have no issues with a Domain Join Task...

Now... if you are joining to a domain too soon, your GPO policies may disrupt the deployment...



If you are using a Domain Join task, I recommend to use the Reboot checkmark.

What you need to do is add more (+1) count to the autologon value in your Image's Answer File (unattend.xml).


  • Ok so my last post job is Join Domain and I have the right amount of auto logins right now and it makes no difference because as soon as it joins the domain and reboots it will never get past our Acceptable use policy notification. - rypalcovic 1 year ago
Posted by: SMal.tmcc 1 year ago
Red Belt

You need to look at the arrangement of your post task to stop that.
You can also create a last task to set the machines autologin count to one/two and then force a reboot taking care of that.

Note: I am using custom deployments so I have some special tasks you do not need

For Academics:

I join the domain using the post task 5 and then force update so the GPOs are current. I then reset the count and refreeze. 

Post 7 :

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v refreeze /d "c:\windows\w2d\refreeze.bat"

This lets the kcleanup run, reboot and run the final command.  The batch file calls an exe on a domain share that only IT techs and a special user in the batch has access to.

For the admin images we do them in shop, we do not auto join the domain because we give them generic names and stack them ready to deploy.  I set the autologon as administrator with 2 counts left. They get deployed to the field , the tech starts them up and renames the machine on the first boot and joins the domain on the second.  The third boot the tech logs in and migrates can configures the machine for the user.

Posted by: SMal.tmcc 1 year ago
Red Belt

If you want to kill the Acceptable Use Policy only, Either create an additional task or add these reg pokes to tasks after the join task to temporally counter the policy the domain is pushing. The domain will just put them back after if you are using GPO to set.  But that takes two boots, the first tell the machine what to do and the second boot does it.  If you have too many tasks with reboots it will turn back on so you may do it more then once

Posted by: rypalcovic 1 year ago
Yellow Belt

Ok, So a simple fix after messing around a bit. By the way thanks for all the feedback. So I fixed my issue by simply unchecking the reboot checkbox on my Domain Join job. What this does is allowed KACE to run those last two clean up jobs and they have a reboot set already and my machine finishes all task without having to touch it.  I don't know if this will help anyone out but it was that simple for me.


Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ