SCCM - Where to put the create user step

command-line-interface user-accounts sccm-2012 task windows
17,121

Solution 1

For reference the local admin account can be enabled during the TS as well, see the screenshot below:

Task Sequence

Now, for your command: I suspect that the command can only be run under the Full OS (as opposed to WinPE. I noticed in your screenshot you don't restart into the Full OS at all. Any SCCM packages (this includes command line commands that act on the Full OS) will have to be installed after the SCCM client, and after the client is installed it will boot into the Full OS and continue the task sequence. This would of course be confirmed by your smsts.log file at the point of failure, but I'm fairly certain that's at least part of the problem.

What it appears you're doing now is adding the account to WinPE, and not to Windows. Bringing up an F8 Prompt during a TS and typing net user walkie /add for me gives the following:

The user or group account specified cannot be found.

The user was successfully created but could not be added to the USERS local group.

More help is available by typing NET HELPMSG 3774.

Now, that account was created, but I'm betting the command didn't return a 0 exit code, which is what SCCM thrives on (among another one that escapes me at the moment, which means success but reboot required). Any others not explicitly defined as success on the options tab of that step will error and cause the task sequence to stop, unless you define that step or group to continue on error.

Solution 2

So I've had the chance to deliberate this issue with a collegue of mine.
We both came to the same conclusion as the answer of @BigHomie.
The user couldn't be added as all steps in the Install Operating System group are executed in WinPE.

I thought it would work, because you can enable/disable the default admin, but apparently that is done by some hook in the setup.

We moved the creation of the user to the end of the TS, after setting up the SCCM client and after restoring the user data.

Task Sequence

Thank you all for your help. I really appreciate how fast you reacted, even though StackOverflow was down this morning.

PS: I also got the keyboard working. SCCM is finally taking my Unattend.xml :)

Share:
17,121

Related videos on Youtube

BlueCacti
Author by

BlueCacti

Updated on September 18, 2022

Comments

  • BlueCacti
    BlueCacti over 1 year

    I've implemented SCCM on our server and am now running task sequences to migrate from Windows XP to Win7.
    But we also need to be able to add a new local admin, because disable the default Administrator (with the built-in step).

    To add the new admin, I created a new group with two command line steps (each line below is a seperate step).

    net user LocalAdminUsername LocalAdminPassword /passwordchg:no /expires:never /add
net localgroup Administrators LocalAdminUsername /add

    In my test environment this worked perfectly.
    I added the group behind Apply Windows Settings and it would run perfectly.
    But for some reason it now longer does ...

    Task Sequence

    Any ideas?

    EDIT:
    Can someone explain what is needed to be able to perform this action?
    Is there some sort of remote execution policy needed, a firewall rules that needs to be opened, ... ?

    Thanks in advance!

    PS: As a sidenote, I also need some help setting the keyboard layout to nl-be (Belgium Period). I'm using an unattend.xml with these settings, but it doesn't seem to apply them.

    • Brad Bouchard
      Brad Bouchard almost 10 years
      I'd need to see the logs to tell you why it isn't working. If you've used CM Trace before you can open the log files in it and see items marked in different colors for various levels of errors, or even informational items that will tell you why it failed. Management Points have their logs here: %ProgramFiles%\SMS_CCM\Logs folder. All other computers have their logs here: %Windir%\System32\CCM\Logs folder or the %Windir%\SysWOW64\CCM\Logs. Have a look at those and then report back and I'll help you. Also, have you tried applying it after Device Drivers or Network Settings?
    • HopelessN00b
      HopelessN00b almost 10 years
      Easier solution is to use group policy to rename (and set a password on) the existing/default Administrator account, IMO.
    • BlueCacti
      BlueCacti almost 10 years
      @BradBouchard I've tried it after Windows Settings, after Network Settings. I first tested it with the default sequence of OS - Win - Network - Drivers, adding the user after Windows Settings
    • BlueCacti
      BlueCacti almost 10 years
      @HopelessN00bGeniusofnetwork I know working with a GPO would be easy, but I really want to find out why it no longer seems to work. It worked perfectly on my test environment.
    • Brad Bouchard
      Brad Bouchard almost 10 years
      @GroundZero if you can get me your log file I can put it in my CMTrace and see what's going on. I can't advise you if I don't know why it failed from the logs though.
    • Brad Bouchard
      Brad Bouchard almost 10 years
      Which ones are there? And, did you go to the log location for the MP not the workstation? Make sure it's the MP, and then reply with the names.
    • Brad Bouchard
      Brad Bouchard almost 10 years
      If you have smsts.log that's the one I'm looking for.
    • BlueCacti
      BlueCacti almost 10 years
      @BradBouchard I'll have to restart the TS to get it's logs, that's gonna take some time. I'm currently testing on a VM and I had set it back to it's snapshot before the TS. I'll give you the logs when the TS has ended, so that I'm sure you have the most recent logs. Thx for the help so far, I'll be able to check the client again in about 10-11 hours
    • Brad Bouchard
      Brad Bouchard almost 10 years
      No worries my friend... I'll be awaiting those logs so we can hopefully get you taken care of.
    • BlueCacti
      BlueCacti almost 10 years
      @BradBouchard I had a conversation with my collegue and changed my TS, it's working now. could update you sooner because of SO being down. I'll post it as an answer
    • Brad Bouchard
      Brad Bouchard almost 10 years
      Awesome, glad you got it figured out, and thanks for the answer.
  • BlueCacti
    BlueCacti almost 10 years
    We don't want to use the default admin. My collegues are quite paranoid from time to time and they prefer to use an alternative admin account. We can alway enable the superadmin if we need to. Thank you for your answer, didn't have the chance to read it because SO was down
  • MDMoore313
    MDMoore313 almost 10 years
    Glad to hear everything is on the up and up. Feel free to mark my answer as accepted if it gave you the answer you were looking for.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

where windows 10 the "task scheduler" store log file?
Command Line - Wait for a Process to Finish
How can I create an empty .html and .js file in windows command line?
How to create a perforce empty changelist from command line
its possible install telegram-cli in windows
How to validate windows domain credentials via the command line?
Delete Multiple Windows Accounts by using CMD
How do I recover files from a (deleted) temporary profile in Windows 10?
Windows 7 user account suddenly changed to a guest account
How to delete an administrator account (Windows 8)?