/build/static/layout/Breadcrumb_cap_w.png

Help with Local Accounts Creation in Unattend File

Greetings,

I am creating an image for a Dell 9030AIO and want to see if someone with some more experience could help me with proofing my unattend file.
I am using the Windows System Image Manager and this Kace link to build my unattend:
https://support.software.dell.com/k2000-systems-deployment-appliance/kb/154057

I'm installing WIn7x64 Sp1 and on completion of the image, I would like the computer to autologin to a local account that I create. Whether it's easier to create the account in the image as I build it, or, create the account in the unattend I don't know yet. I sure would appreciate advice on that. But I digress...

On my first attempt, I created the local account in my unattend, it autologged in once and then I couldn't log in anymore, as it said the password was incorrect, so it was a wasted image.

On my second attempt, I created the local account as I built the image, excluded the local account creation from my unattend, but I must've messed up the unattend as it went into the OOBE. I created a new admin account when prompted, and on reboot, I had an Adminstrator account, the local admin account I created in the image, and the new admin account.

My third attempt is back to my original and this is where I'm stopping to ask for some help. I have the unattend file available if someone can lend some help.

Thanks,

-- Ray

1 Comment   [ + ] Show comment
  • Ray,

    We use unattended xml to setup our local admin account and auto login about 7 times. I can provide an example of our unattend.xml if you would like? - jboling 9 years ago

Answers (3)

Posted by: SMal.tmcc 9 years ago
Red Belt
2
You can use a generic password in the unattended file and then change it as a post task if you think the special character is your problem.  I have an ! as a special character in my answer file, I use the waik and set the plaintext to false.  Since you are using Kace there is a wizard they supply also for this.  the link is on the k2000 tools page.

</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<PlainText>false</PlainText>
<Value>VwBpAG4AZABvAHcAcAHMAcwB3AG8AcgBkAA==</Value>
</Password>
<DisplayName>F15Master</DisplayName>
<Name>F15Master</Name>
<Group>Administrators</Group>
</LocalAccount>
</LocalAccounts>
<AdministratorPassword>
<PlainText>false</PlainText>
<Value>VwZABvAHcAcG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
</AdministratorPassword>
</UserAccounts>
<RegisteredOrganization>tmcc</RegisteredOrganization>
<RegisteredOwner>staff</RegisteredOwner>
<AutoLogon>
<Password>
<Value>VwBpAG4AZABvAHcAcAHMAcwB3AG8AcgBkAA==</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>3</LogonCount>
<Username>F15Master</Username>
</AutoLogon>
</component>


http://www.itninja.com/blog/view/sysprep-creator-wizard

to change it as a post task use:

net user username newpassword
Posted by: rskwire 9 years ago
Blue Belt
0
Update:

I kept having trouble with creating the unattend in WAIK differentiating between Adminstrator account (built-in) and my own company admin account, we will call MyCompanyAdmin.

Part of the trouble I was having was that our admin password contains special characters and it took some digging to figure this out. I learned a little about XML but basically an ampersand in plain text needs to be indicated in XML so that the unattend file doesn't interpret an XML command and then get a parsing error from the '&' symbol.

Ex: My&password becomes My&amp;password

My latest attempt was:

Install Win7
Enter Audit mode
Software installs, updates, configs
Create MyCompanyAdmin account
Set Administrator account to login 5 times.
Set Windows activation
Set domain login with special domain account with only domain addition permissions. No special characters, just uppercase, lowercase, and numbers for a username and password.
Run sysprep executor.

Aftermath:

The computer is not joined to the domain. (Working on a Kace post-installation script in the meantime.)
MyCompanyAdmin account exists and is not longer locked, disabled, or password FUBAR.
Windows is activated
Administrator account is still enabled. Perhaps I have to play with some more reboots to see if after the indicated 5 logins from the sysprep creator,  it automatically disables.

Kicker:

After all my updates were run up to running sysprep, the machine comes up with 8 more updates available.

Sonofa...
Posted by: rileyz 9 years ago
Red Belt
0
Are you using a deployment system? I would create the account in a reusable manner like a task sequence or something like that, that means you can reuse it later. Having it in the image means if you need to redo it, you need to make the image again. I guess if your using an unattend, then that would be ok, but not ideal.

Anyway I guess you would have read this
https://support.microsoft.com/en-us/kb/324737

Do you know about the count it?
https://support.microsoft.com/en-us/kb/221477



On my first attempt, I created the local account in my unattend, it autologged in once and then I couldn't log in anymore, as it said the password was incorrect, so it was a wasted image.

If you still have the image, try and login manually and find out why its not working, it should be a simple fix.




Since you are testing, you should consider working on a VM just to get the image right etc, you can worry about drivers for Dell whatever later when you have the base image sorted. 

Speaking of drivers, you do that as a separate operation/later on the sequence. Think of deployment like building blocks, you want to design it in a way that you manage it and reuse bit later if you need to update sutff.

I come from a SCCM background, here is a example. If I needed to update that later, what I would do is duplicate the sequence, then chop and change it to my requirements. Hopefully, you understand why I wouldn't put the autologon user account part in the unattended now.

Hope this helps, everyone will have different way of doing things, ask about and decide whats right for you. As they say, there is more than one way to skin a cat.


Comments:
  • Sorry, we are using the K2000 for imaging. I've taken over from the previous individual, who is no longer here, so there is learning and applying taking place at the same time. A lot of two steps forward, one step back.

    My goal is to create an image that when deployed:
    1. Creates our local IT admin acct.
    2. Disables the built-in Administrator account (default, I know)
    3. Activates Windows (I have that working)
    4. Joins to domain (work in progress)

    I'm not worried about the local credentials changing anytime soon, but while I was able to create the local admin account in the unattend, it wouldn't take my password. That said, we have special characters in our password; is there a limitation in the XML for those characters? If so, is there a work-around for that?

    Thank you, - rskwire 9 years ago
    • Have you considered using Group Policy to add the account?

      I'll leave it to the other KACE ppl help you out since you have that appliance. - rileyz 9 years ago
      • We have, but I'd rather use sysprep to build our local admin account directly into the image.

        I'm new to this, and others may prefer to use GPO for local account creation and such, but this is the environment I'm used to working in, and want to be able to at least maintain that which we have working. - rskwire 9 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ