Is it possible to configure the post-imaging phase of OSD to use an account other than the local Administrator?
After the image has been deployed, the device is restarted a number of times as it completes the deployment process. On each reboot, the device automatically logs in to the OS using the local Administrator account. This becomes a problem after the first reboot if the device is joined to a domain that has a group policy that disables the local Administrator account. On the second boot, the process hits a snag when Administrator can no longer log in. If Administrator can’t log in, the process cannot complete.
This error can be circumvented if there is the ability to designate an alternate user that can carry out the post-imaging phases of OSD. There are reasons why group policy disables the local Administrator account, and modifying this is not a feasible possibility.
it took me a while since had to deep look into litetouch vbscript files.
I see (litetouch.wsf) it is always looking for Local Administrator account for its internal tasks, so honestly I am not sure it is possible.
May you join the domain after the OS deployment is completed ?
You complete keeping machine in workgroup, then with a “client setting” you send a fixlet to join the domain (or a custom .bat started at next boot with runonce…)…just proposing possible alternatives…
If I am understanding this correctly, I worked around this by putting the device in a “staging” OU. This staging OU would not set the policy to disable the admin and also disables the legal notice (also interferes with the OS imaging). We then had a post process VBS script that would move it to the correct OU that is executed on the system by the build technician. The build technician phase was already something that was required, so it was not an issue on the site we were at.
Basically this comes down to if doing what you are asking is supported in MDT. If you have seen examples what you are asking being done in MDT, then I am very sure that it can be done with IEM as it is basically using MDT to build and deploy.