Jump to content

Server 2012 First LogonCommands


Recommended Posts

Hi all,

I'm attempting to install Server 2012 on a "headless" HP mediasmart home server via bootable USB flash drive.

I'm testing my .ISO in a VM to make sure it works.

With my autounattended.xml file, the OS installs perfectly without user interaction.

Hower, my First LogonCommands are not working properly.

Since this is headless....IE no video, I'll need to access the server via RDP when it's installed.

I'm trying to enable RDP, but its not working.

Though, I've sucessfully enabled RDP (in the VM) by running the same registry adds that I have in the .xml file.

I've also tried using the full path to CMD> C:\Windows\System32\cmd.exe /c ....etc

Any thoughts?

Thanks in advances

autounattend.xml

Link to comment
Share on other sites


Can you try running them from the setupcomplete.cmd stage instead of first logon stage. Easier to use setupcomplete.cmd for 'system' or machine-wide settings and keep the first logon scripts for 'per user' settings.

http://technet.microsoft.com/en-us/library/hh825167.aspx

The reason why is that"Commands in the Setupcomplete.cmd file are executed with local system privilege." while your 'first logon' commands run with your users token (which may or may not be elevated).

http://technet.microsoft.com/en-us/library/cc766314%28v=ws.10%29.aspx

Edited by MrJinje
Link to comment
Share on other sites

MrJinje,

I've been trying to figure out the process of SetupComplete.cmd.

Is there a specific place I put the file in the .ISO image where it gets copied to C:\Windows\Setup\Scripts\SetupComplete.cmd?

Or do I use FirstLogonCommands to mak the directory, and copy the file...from say a network share?

Link to comment
Share on other sites

  • 4 weeks later...

Here is how I ended up creating my first logon command via my unattend.xml. I still do the HKLM stuff via the setupcomplete.cmd, but for HKCU, this is the only way to go.

Note that to open powershell and retain synchronicity from FirstLogonCommands, I used "cmd /c start /wait".

            <FirstLogonCommands>                <SynchronousCommand wcm:action="add">                    <CommandLine>cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Setup\Scripts\FirstLogon.ps1</CommandLine>                    <Description>First Logon</Description>                    <Order>1</Order>                </SynchronousCommand>            </FirstLogonCommands>

You can probably throw in some other powershell options as well, like -sta or

cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -nologo -noninteractive -WindowStyle Hidden -command "& {C:\Windows\Setup\Scripts\FirstLogon.ps1}"
Edited by MrJinje
Link to comment
Share on other sites

MrJinje

When windows first Installs the ExecutionPolicy is Restricted

I don't know how you are getting around that during an Unattend?

I've been playing with something like this from a cmd prompt

powershell -command "Set-ExecutionPolicy RemoteSigned"

powershell -command "Get-ExecutionPolicy"

RemoteSigned

Link to comment
Share on other sites

Actually, I use a .reg from SetupComplete.cmd, but same effect.

regedit /s %~dp0Set-ExecutionPolicy.regstart /wait %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe %~dp0Kicker.ps1
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]"ExecutionPolicy"="RemoteSigned"

and have this inside the kicker.ps1 which is running under 'local system' privilege because it is called from SetupComplete.cmd.

Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fSingleSessionPerUser" -Value 0

I've been playing with something like this from a cmd prompt

powershell -command "Set-ExecutionPolicy RemoteSigned"

@max, if it doesn't work, throw a 'start /wait' around it as powershell takes a second to load and we need to wait before calling the next line. Maybe that was why I went with the .reg cause it processed it quicker. (or reg.exe)

start /wait powershell -command "Set-ExecutionPolicy RemoteSigned"
Edited by MrJinje
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...