gotenks98 Posted August 28, 2012 Share Posted August 28, 2012 I posted this on neowin but got no answer. I thought I might try here since there are more people who know more about MDT on this site.I am needing assistance with 2 things for newly deployed systems. One is for windows 7 and the other is for windows 8. For the first issue I wanted to know how can you update the trusted root certificates in a wim file? We recently had a change to our wifi network and the add trust cert is not there by default. So I want to ensure that it is from now on for all future installs. My second issue is with windows 8 and MDT 2012. The files for our MDT share are located on a NAS server. In windows 8 there was something done to the security which prevents you from connecting to the NAS server unless I run this command from power shell. Set-SmbClientConfiguration -RequireSecuritySignature $true from powershell, Once I do that it can connect just fine. The problem is if I am doing a new deployment from scratch the install goes ok until first bootup. At that point unless I do that command the rest of the deployment can not proceed. So what I am requesting is a way to turn that security setting off in deployment or have a way that it will run at first bootup using the task sequence. Link to comment Share on other sites More sharing options...
allen2 Posted August 28, 2012 Share Posted August 28, 2012 Certificate deployment should be done through GPO to ensure the deployment of the certificate and that it will be added back in case of removal. Of course this is only for an Active directory environment. Link to comment Share on other sites More sharing options...
gotenks98 Posted August 28, 2012 Author Share Posted August 28, 2012 Certificate deployment should be done through GPO to ensure the deployment of the certificate and that it will be added back in case of removal. Of course this is only for an Active directory environment.Unfortunately these are standalone workstations that are not going to be on AD so using GPO is not an option. The issue is the certs is needed for the wifi only. Link to comment Share on other sites More sharing options...
allen2 Posted August 28, 2012 Share Posted August 28, 2012 Then adding the certificate with a batch using certmgr.exe using runonce key might be your only solution. Link to comment Share on other sites More sharing options...
cluberti Posted August 29, 2012 Share Posted August 29, 2012 For your 1st question, certutil works and is designed for something like this assuming you have the certificate to install:http://blogs.msdn.com/b/steverac/archive/2009/07/09/adding-certificates-to-the-local-certificates-store-and-setting-local-policy-using-a-command-line-system-center-updates-publisher-example.aspxFor the 2nd issue, it sounds like your NAS doesn't understand or isn't configured to accept secure SMB signing on SMB connections. You might want to see if your NAS actually supports this and see if it can be enabled. Otherwise, you need to set this in WinPE 4.x (or use WinPE 3.x and the WAIK in MDT instead to deploy Win8 - it's slower, but it doesn't have this enabled by default). Note that your Win8 installs are going to have a problem with the NAS too unless you run this there or set the RequireSecureNegotiate value to 0 in the LanmanWorkstation service parameters too, so fixing the NAS is probably the best first step, if it can be done. Link to comment Share on other sites More sharing options...
MrJinje Posted August 29, 2012 Share Posted August 29, 2012 (edited) This is how I import my self signed cert to trusted root.certutil -addstore -f -enterprise -user root C:\pathto\mycert.cer Edited September 2, 2012 by MrJinje Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now