Posts Tagged ‘MDT’

MDT: Force users to supply an OSD computer name (MININT)

Written by Ingmar Verheij on December 19th, 2013. Posted in MDT

Machine that are deployed via Microsoft Deployment Toolkit (MDT) are provided with  a computer name that’s provided during installation. By default this is a generated computer name similar to “MININT-79S84T2”.

Since the GUI of MDT is quite slow – and won’t show an hourglass –  I noticed people tend to click [Next] twice on the previous screen. As a result they automatically accept the generated computer name instead of providing their own. It’s more friendly to block the [Next] button on the Computer Details screen so users are force to provide a proper computer name.

Windows Deployment Wizard - Computer Details - MININT-79S84T2Windows Deployment Wizard - Computer Details - !Invullen

MDT: Select operating system based on computer name

Written by Ingmar Verheij on December 19th, 2013. Posted in MDT

Windows VersionsBy default a single operating system is linked to a task sequences in Microsoft Deployment Toolkit (MDT). This means that if you have different operating systems you need to built (and maintain) a task sequence for each operating system.

A customer has different client types and wants to use a single task sequence to deploy different images. For this purpose a custom task is added that selects an operating system based on the prefix of the provided computer’s name.

MDT: Set default domain in LiteTouch

Written by Ingmar Verheij on December 19th, 2013. Posted in MDT

When a machine boots Microsoft Deployment Toolkit (MDT) LiteTouch via Windows PE it requires credentials to connect to the deployment share. By default the user name, password an domain are required fields. In most environment the domain is equal for most users, making it user friendly to configure a default domain.

User Credentials - DefaultUser Credentials - DOMAIN

MDT: Secure the Deployment Share

Written by Ingmar Verheij on December 19th, 2013. Posted in MDT

With a default installation of Microsoft Deployment Toolkit (MDT) the Deployment Share is not secure. All users are allowed to read / write which makes it vulnerable to unauthorized access and possibly exposes access to (installation) passwords.

The default permissions on a folder are:

  • Administrators – Full Control
  • CREATOR OWNER – Full Control
  • SYSTEM – Full Control
  • Users – Read & Execute + Create file / write data + Create Folders / append data

MDT: Filter task sequences on Active Directory group membership

Written by Ingmar Verheij on December 19th, 2013. Posted in MDT

DirectionsBy default task sequences in Microsoft Deployment Toolkit (MDT) are available for all users, there is no access control list (ACL). This means that you can’t filter certain task sequences for a group of users, while you might not want all users to execute all task sequences.

For instance I don’t want all users to run an unattended setup, I only want them to deploy a captured image (MDT can inject model specific drivers, so no harm done). However, the more advanced users Angry smile should be able to run all task sequences, including the unattended installations.

 

Windows Deployment Wizard - Task Sequence - Deploy onlyWindows Deployment Wizard - Task Sequence - All

Donate