Jump to content

Running batch file in FirstLogonCommand

jfmartel
 Share

Recommended Posts

jfmartel

jfmartel

Posted
Posted

Hello, is there a way to temporary disable the UAC from popping authorization.

I am running an unattended batch file on my first logon (Im logging with a domain account, that has local administrator rights).

That batch files performs stuff like importing registry tweak and other stuff and need admin rights (even if Im logged with an admin account)

If it's impossible, is there another way to do that?

Thanks

Link to comment
Share on other sites

jfmartel

jfmartel

Posted
  • Author
Posted

Ok here is my unattended file

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
	<servicing></servicing>
	<settings pass="specialize">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<ComputerName>TEST</ComputerName>
			<RegisteredOrganization>%MACHINEDOMAIN%</RegisteredOrganization>
			<RegisteredOwner>John Doe</RegisteredOwner>
			<TimeZone>US Eastern Standard Time</TimeZone>
			<StartPanelOff>false</StartPanelOff>
			<ProductKey></ProductKey>
		</component>
		<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<Identification>
				<Credentials>
					<Domain>domaine</Domain>
					<Password>admin</Password>
					<Username>Administrator</Username>
				</Credentials>
				<JoinDomain>Domain</JoinDomain>
				<UnsecureJoin>false</UnsecureJoin>
				<DebugJoin>false</DebugJoin>
			</Identification>
		</component>
		<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<SystemLocale>fr-CA</SystemLocale>
			<UILanguage>fr-CA</UILanguage>
			<UILanguageFallback>fr-FR</UILanguageFallback>
			<UserLocale>fr-CA</UserLocale>
			<InputLocale>0c0c:00001009</InputLocale>
		</component>
		<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<StartPages>
				<StartPage wcm:action="add">
					<StartPageKey>FSE</StartPageKey>
					<StartPageUrl>www.google.ca</StartPageUrl>
				</StartPage>
			</StartPages>
		</component>
		<component name="Security-Malware-Windows-Defender" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DisableAntiSpyware>true</DisableAntiSpyware>
		</component>
	</settings>
	<settings pass="oobeSystem">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<OOBE>
				<HideEULAPage>true</HideEULAPage>
				<SkipMachineOOBE>true</SkipMachineOOBE>
				<SkipUserOOBE>true</SkipUserOOBE>
				<NetworkLocation>Work</NetworkLocation>
				<ProtectYourPC>1</ProtectYourPC>
			</OOBE>
			<UserAccounts>
				<AdministratorPassword>
					<Value></Value>
					<PlainText>false</PlainText>
				</AdministratorPassword>
			</UserAccounts>
			<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
			<TimeZone>Eastern Standard Time</TimeZone>
			<AutoLogon>
				<Password>
					<Value>Value>
					<PlainText>false</PlainText>
				</Password>
				<Domain>domaine</Domain>
				<Enabled>true</Enabled>
				<LogonCount>1</LogonCount>
				<Username>WDS_Autologon</Username>
			</AutoLogon>
			<FirstLogonCommands>
				<SynchronousCommand wcm:action="add">
					<Order>10</Order>
					<CommandLine>\\server.domain.dom\REMINST\Addons\Script\cleanup.cmd</CommandLine>
					<Description>Registry tweak</Description>
				</SynchronousCommand>
			</FirstLogonCommands>
		</component>
	</settings>
	<settings pass="offlineServicing">
		<component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DriverPaths>
				<PathAndCredentials wcm:action="add" wcm:keyValue="1">
					<Credentials>
						<Domain>domaine.dom</Domain>
						<Password>admin</Password>
						<Username>administrator</Username>
					</Credentials>
					<Path>\\server.domain.dom\REMINST\Drivers\Net</Path>
				</PathAndCredentials>
			</DriverPaths>
		</component>
	</settings>
	<cpi:offlineImage cpi:source="wim:d:/vista_business.wim#Windows Vista BUSINESS" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

This is what's inside my batch file

set _AppPath=\\server.domaine.dom\REMINST\Addons
Set _defaultuser=%PUBLIC%\..\Default

REG LOAD HKLM\User "%_defaultuser%\NTUSER.DAT"
regedit /s "%_AppPath%\Registry\regtweaks.reg"
REG UNLOAD HKLM\User

shutdown.exe -r -f -t 40 -c "Windows Vista will reboot"

Link to comment
Share on other sites
FireGeier

FireGeier

Posted
Posted (edited)

Hello jfmartel!

To disable UAC during setup insert the following synchronus command into specialize pass:

cmd /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

To enable UAC again use:

cmd /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

Note:

If you execute this last command from within a batch you don't need the cmd /c at the beginning. But to disable UAC during specialize pass without using a batch the introducing cmd /c is a must!

Regards,

Martin

BTW, for an other way look here.

Edited by FireGeier
Link to comment
Share on other sites
jfmartel

jfmartel

Posted
  • Author
Posted (edited)

Hi, thanks for this quick reply.

If I leave the credentials blank, what will be use?

Do I have to enter the local admin credentials or the domain account (which is admin of the computer)

EDIT: I left the credentials blank and it worked pretty well! THANKS A LOT! This made my day :D

Edited by jfmartel
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...