matt dee Posted November 21, 2017 Report post Posted November 21, 2017 (edited) Hi, I'm trying to build an OSD Task Sequence that will deliver a customised Server 2016 installation. This is not be domain joined and will be deployed into customer environments. During the Task Sequence I'm creating up a local user account via powershell (new-localuser cmdlt) that the customer will use to interact with the applications on the VM. A backed up Local policy is then copied across to lock the account down. A part of this local down is the removal of the WinX menus accessible via right clicking the desktop. Seeing as there doesn't appear to be a Policy setting for this the only way I can see to do this is to either delete the WinX folders or set the folder attributes to hidden. This isn't possible until the user has logged on and at that point the folders are created. I can force a login with the local user credentials within the task sequence using the following: $cred = New-Object System.Management.Automation.PSCredential -ArgumentList $User,$pwd Start-Process cmd /c -WindowStyle Hidden -Credential $cred -ErrorAction SilentlyContinue above - the $user and $pwd are the new local user details Problem is the script is executed on the local machine as the System account - and from what I read this account does not permit impersonation thus it fails. I've tried to create a task sequence variable LocalAdmin with the value %_SMSTSMachineName%\Administrator ands used this as credentials to run a command line which in turn runs the powershell script. powershell.exe -File NewLocalUser.ps1 ExecutionPolicy Bypass SMSTS.log is reporting the following: Start-Process : This command cannot be run due to the error: Access is denied. InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) At C:\_SMSTaskSequence\Packages\XX90009B\AddLocalUser.ps1:8 char:1 InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) + Start-Process cmd /c -WindowStyle Hidden -Credential $cred -ErrorActi ... InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) + CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProces InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) sCommand InstallSoftware 21/11/2017 17:56:46 1840 (0x0730) It seems like the Run Cmd Line step in the TS isn't executing using the %LocalAdmin% TS variable - or its not passing correctly? I am seeing "failed to get the linked token information. It may not be available, Error 1312" for the command line in the SMSTS log. Any suggestions welcomed. Thanks Edited November 21, 2017 by matt dee updated Quote Share this post Link to post Share on other sites More sharing options...
