Win 10 Enterprise Image and OneDrive
Good Afternoon,
We are creating a win 10 enterprise image and need the one drive to be included. We created a base image. which is just a plain install of windows then syprepped. We will control the rest of it with GPO. We are pushing out via Kace 2000.
We have ran into an issue. Local computer users can utilize One Drive, but when a domain user logs in to the computer they cannot utilize the OneDrive app. When you search for it, OneDrive from the store comes up and says install app. It's already installed, comes with windows. We know it's not a GPO as we have a computer and user in an OU that is blocking all GPO's.
Any help appreciated.
Thank You
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
SMal.tmcc
8 years ago
Do you use roaming profiles?
It can still be a GPO problem. I have ran into where not all my gpo's were being applied (The one I noticed it fails to add domain groups to the local groups). There is a new security feature in 10 that disables the hardened paths from connecting and this prevents access to the gpo's files.
I got it fixed by adding these lines to registry
It can still be a GPO problem. I have ran into where not all my gpo's were being applied (The one I noticed it fails to add domain groups to the local groups). There is a new security feature in 10 that disables the hardened paths from connecting and this prevents access to the gpo's files.
I got it fixed by adding these lines to registry
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZreg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ
https://www.google.com/search?q=win+10+hardened+paths&ie=utf-8&oe=utf-8
Comments:
-
are you copying a profile to default when you sysprep? - SMal.tmcc 8 years ago
-
We are using Audit Mode to sysprep. All we have in our unattend file is disabling the admin account, licence info, and creating a new admin account. - m698322h 8 years ago
-
What I ended up doing was I have a master that has never been sysprep'd. I use windows backup to create a full backup image to a second drive just prior to syspreping. You use boot dvd and do a repair to restore from that in minutes. I do a full OOBE sysprep and copy a master profile I setup to default and it stops weird quirks like this. - SMal.tmcc 8 years ago
-
That may work. I utilize VMware and snapshots for creating the images. My master has a snapshots prior to audit mode, between configs, and pre sysprepping. - m698322h 8 years ago
-
same principle. I am lucky and have a lab with 1 or 2 of all our production machines so I do not need to use vm's. I added one of my answer files as a 2nd answer. - SMal.tmcc 8 years ago
-
One question, do you have to utilize audit mode? - m698322h 8 years ago
-
no I set every thing up on that user make a backup and run sysprep /generalize /oobe /shutdown /unattend:xxxxx.xml - SMal.tmcc 8 years ago
Posted by:
SMal.tmcc
8 years ago
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<Manufacturer>TMCC ITO</Manufacturer>
<Model>Admin Image</Model>
<SupportHours>8-5</SupportHours>
<SupportPhone>673-7800</SupportPhone>
<SupportURL>http://www.tmcc.edu/it/contact/</SupportURL>
</OEMInformation>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>net user administrator /active:yes</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TaskbarLinks>
<Link0>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</Link0>
<Link1>%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk</Link1>
</TaskbarLinks>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<CopyProfile>true</CopyProfile>
<ComputerName>*</ComputerName>
<ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43</ProductKey>
<EnableStartMenu>true</EnableStartMenu>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>VwBpAG4AZxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>5</LogonCount>
<Username>administrator</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>false</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>VwBpAG4AZABvAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>VwBpAG4AZABvAHcAcwAxADAAIQBExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
<PlainText>false</PlainText>
</Password>
<Description>IT backup</Description>
<DisplayName>2nduser</DisplayName>
<Name>2nduser</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<WindowsFeatures>
<ShowMediaCenter>false</ShowMediaCenter>
</WindowsFeatures>
<RegisteredOrganization>TMCC</RegisteredOrganization>
<RegisteredOwner>Staff</RegisteredOwner>
<DesktopOptimization>
<GoToDesktopOnSignIn>true</GoToDesktopOnSignIn>
<ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
</DesktopOptimization>
<EnableStartMenu>true</EnableStartMenu>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-us</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/win10x64source/sources/install.wim#Windows 10 Enterprise Technical Preview" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
