ConfigMgr OSD Lab–Add AutoLogon Account

I added a local admin account (Non-Domain) that autologon’s on to the computer after OSD purely to speed up my testing.  This way I don’t have to wait for First Logon, after OSD, it will reboot, then autologon as the account I’ve Created.

Make sure you add the SMSTSPostAction to reboot, so you don’t get that Group Policy Error the first time you try to logon. (As explained by Niall)

I’ve created a Task Sequence Variable at the start of the TS, that allows you to trigger the AutoLogon Group.  Simple Enable or Disable this step to have the Group run.
image

I then have a group which runs all of the commands individually.  You could easily put this into one batch file, I just like to do it this way, self documenting, and requires no content.  The group is set to run if the Task Sequence Variable “AutoLogon” = True

image

I then have 7 “Run Command line” Steps, creating the User and registry keys.

  1. Tweak – AutoLogon - Create Tony Stark Account
    1. net user /add TonyStark CapAmericaSt1nks! /Y
      image
  2. Tweak – AutoLogon - Tony's Password Never Expire
    1. wmic useraccount where "Name='TonyStark'" set PasswordExpires=false
      image
  3. Tweak – AutoLogon - Make Tony Admin
    1. net localgroup Administrators %computername%\TonyStark /add
      image
  4. Tweak - AutoLogon - Key DefaultUserName
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultUserName /T REG_SZ /D TonyStark /F
      image
  5. Tweak - AutoLogon - Key DefaultPassword
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultPassword /T REG_SZ /D CapAmericaSt1nks! /F
      image
  6. Tweak - AutoLogon - Key AutoAdminLogon
    1. REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V AutoAdminLogon /T REG_SZ /D 1 /F
      image
  7. Tweak - AutoLogon - Key DefaultDomainName
    1. cmd.exe /c REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultDomainName  /T REG_SZ /D %COMPUTERNAME% /F
      image
  8. Optional: Add two Steps to remove the Legal Notice Prompt (If you have it in your lab, GPO will probably put it back)
    1. REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticecaption /f
    2. REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v legalnoticetext /f

After TS finishes, it will reboot and start the logon process automatically.  Now you can start your testing.

imageimageimage

You can change this to fit your needs, use a domain account in your Lab, just change the steps, as you won’t need 1-3 to create the account, and change step 7 to the Domain Name (Contoso, ViaMonstra, etc) instead of %computername%

 

Please Note, this is sending the information in Clear Text, and will be available in logs, etc.  Probably fine for your lab, not a good idea for production. Smile  Please don’t say “Hey Boss, don’t worry about it, it’s totally cool, Gary does it!”

6 thoughts on “ConfigMgr OSD Lab–Add AutoLogon Account

  • Pingback: ConfigMgr Task Sequence Collection – GARYTOWN ConfigMgr Blog

  • October 27, 2017 at 2:06 pm
    Permalink

    Hello, I'm trying to get this working but my TS is not applying the Password registry step and not changing autoadminlogon to 1. I've validated in the SMSTS.log file that the steps are running as expected but they are missing when I login to the computer and check after it completes the TS. I've moved this step in the TS to almost the end, but still no luck. Any advice?

    Reply
    • October 27, 2017 at 3:15 pm
      Permalink

      Place a pause in your TS right after those steps and confirm they are added to the registry. If they are, then I'd guess GPO is changing it after OSD. If they aren't being added, it would seem like syntax. If you run the commands in elevated command prompt POST OSD, and reboot, does it work, or do the keys get wiped out again? Seems environmental.

      Reply
  • November 17, 2017 at 4:14 am
    Permalink

    During a baremetal OSD task sequence, is it possible to ask the engineer deploying the machine in fix AD OU to place the machine and then also actually placing the AD computer object into the OU?, or another way, to add the provisioned machine into an AD OU during the OSD

    Reply
    • November 17, 2017 at 4:05 pm
      Permalink

      Yes, this can be done via a powershell or HTA front end for the TS.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *