Jump to content


Recommended Posts

Howdy hoo!

 

Here's what I'm working with:

 

SCCM 1511

Windows 7->Windows 10 In Place, Zero Touch Task Sequence.

Cisco ISE for network authentication.

 

For "normal" Windows 10 builds, thumb drive/PXE builds for bare metal, I have a lovely little batch file that does:

 

copy CERT1.cer X:\OhioBWC-CA.cer /y
copy CERT2.PFX x:\BWCCert.pfx /y
copy Ethernet.xml x:\Ethernet.xml
copy InstallCertsSilently.vbs x:\InstallCertsSilently.vbs
copy InstallCerts.bat x:\InstallCerts.bat
cmd /c cscript.exe InstallCertsSilently.vbs
cmd /c Powershell.exe Sleep 15
cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Local Area Connection"
cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Ethernet"
cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Ethernet0"
cmd /c Powershell.exe Sleep 5
cmd /c Ipconfig /release
cmd /c Powershell.exe Sleep 5
cmd /c Ipconfig /renew
cmd /c Powershell.exe Sleep 5
cmd /c ipconfig /renew

 

Which, through the magic of love, gives me full ISE access, and authenticates the WinPE environment. I've modified my unattend.xml to do something similar, dropping the certs and XML in the WinPE side of the house:

 

 

net start dot3svc
sc config dot3svc start= auto
C:\windows\system32\certutil.exe -addstore root C:\windows\temp\CERT1.cer
c:\windows\system32\certutil.exe -f -p SUPERAWESOMEPASSWORDGOTEAMAMERICA! -importpfx c:\windows\temp\CERT2.pfx
Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Local Area Connection"
Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Ethernet"
Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Ethernet 0"
REG ADD HKLM\System\CurrentControlSet\services\RasMan\PPP\EAP\13 /t REG_DWORD /v NoRevocationCheck /d 1 /f
Which works, so the full Windows OS has access to the network too.
In ZTI, however... I'm not sure how to do a "prestart" command. I'm using the MDT Boot image, and I'm unsure of how to "force" something to run before the Task Sequence itself even begins; I basically need to do all the "first" steps, the WinPE stuff, as soon as the box drops into WinPE, from the full session of Windows (starts in Windows, turns off Bitlocker, reboots, USMT, etc).
How do I do this?

 

It doesn't look like any of the "normal" things want to work when it's a ZTI; I've tried tsconfig.ini, and I know the winpeshi.ini gets eaten when I make a boot disk. The tsconfig.ini stuff from here: https://sccmdiet.wordpress.com/tag/tsconfig-ini/works, but it doesn't work in ZTI/no "user interaction".

 

I *KNOW* I'm missing something really stupid, but I've never had to do this yet :)

 

Thanks!

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.