Final Configuration for MDT Lite Touch, now with Autologon support

Some times you want to execute a script after the MDT Task Sequence is completed, for example to cleanup any setup leftovers or to configure a user for autologon (something that MDT by default prevents).

This script will clean out any leftover C:\MININT or C:\_SMSTaskSequence folders, enable (optional) autologon with another user account, and then do a proper final reboot…

Note: For the script to work, you need to set SkipFinalSummary=YES and make sure the FinishAction variable is not set in CustomSettings.ini.

Download from:
https://github.com/DeploymentResearch/DRFiles/tree/master/Scripts/FinalConfigurationForMDT

The Final Configuration Utility for MDT 2013 in action.

Add the script to Deployment Workbench

Adding the script is quite straightforward, just add it as an application and then call the app as your last action in the Task Sequence. In this example my MDT server is named MDT01, and my deployment share is named MDT production. For these steps I assume you have downloaded the files from GitHub and extracted it to C:\Setup\Final Configuration for MDT.

Files downloaded from GitHub
  1. Using the Deployment Workbench, in the MDT Production node, select the Applications node, and create a folder named ViaMonstra.
  2. Expand the Applications node, right-click the ViaMonstra folder, and select New Application, Use the following settings for the New Application Wizard.
    1. Application with source files
    2. Publisher:
    3. Application name: Final Configuration for MDT
    4. Version:
    5. Language:
    6. Source Directory: C:\Setup\Final Configuration for MDT
    7. Specify the name of the directory that should be created: Final Configuration for MDT
    8. Command Line: cscript.exe Invoke-FinalConfiguration.wsf
    9. Working directory:
The application added to the Deployment Workbench.

Configure the task sequence to use the script

After the application is added you simply add the application as your last action in the Task Sequence. In this example I'm adding the script to my Windows 8.1 Enterprise x64 task sequence which I created in a folder (node) named Windows 8.1.

  1. Using the Deployment Workbench, in the MDT Production node, select the Task Sequences / Windows 8.1 node
  2. Right-click the Windows 8.1 Enterprise x64 task sequence, and select Properties.
  3. After the last action in the task sequence, add a new Install Application action with the following settings:
    1. Name: Final Configuration for MDT
    2. Install a Single Application: Final Configuration for MDT
  4. Click OK.
Application added to the task sequence

Optional configuration, enabling autologon for another user account

If you want to enable another user for autologon, simply uncomment lines 113-120 in the FinalConfig.hta file, and change the user/domain and password. If you want to logon with a local user, set domain to "." Here is an example for a normal domain account.

StatusArea.InnerHTML=StatusArea.InnerHTML & "<BR>" & "Enable autologon for another user account."
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon", 1, "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonCount", 999, "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName", "Johan", "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName", "VIAMONSTRA", "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword", "P@ssw0rd", "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceAutoLogon", 1, "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD", 1, "REG_DWORD"

Happy Deployment! / Johan

About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
87 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Huzaifa Abbas
Huzaifa Abbas
4 months ago

Hi Johan,
Thank you for creating this amazing guide. I really appreciate your work. I have done all of the above-mentioned steps 1:1 but am unable to get this script running on the latest windows 22H2. Can you please share a video or guide me on what I am doing wrong here?
Thanks in advance

Andrei Stephan
Andrei Stephan
7 months ago

Hi,

The tool works great even though it errors out. For some reason it detects FinishAction as configured (though I don't have it as a step in the TS nor in the config.ini file) and of course it errors out rc = 1. However, with the exception of not rebooting the client, it cleans up everything so job completed!

Andrei Stephan
Andrei Stephan
3 months ago

I imagine it was the Invoke-FinalConfiguration.wsf that was changed right? I replaced it and there's no change.

Andrei Stephan
Andrei Stephan
3 months ago

Sorry for the late replay, I wanted to post back right then but the site crashed and then I forgot about it.

FinalConfig.png
Andrei Stephan
Andrei Stephan
3 months ago

Hey, unfortunately not, I don't have a social media presence.

Andrei Stephan
Andrei Stephan
1 month ago

Hey,

I checked your new version and now it works, error free!

Thank you.

Rob van de Ven
Rob van de Ven
10 months ago

Great tool, it would be great if you could look into the 22H2 support because .HTA are opened by MSHTA.exe and rendered by HSHTML and MS has no support for it anymore.

Mike Brewer
1 year ago

does this script only with reference images that were previously syspreped or can you do a bare metal install if Windows via MDT?

Mike Brewer
11 months ago

Great, I'm having a difficult time getting it to run on either. It just errors out with a generic error.

Mike Brewer
1 year ago

I can get this to run on Windows 10 21H2, using MDT 2013. I get the following errors.

<![LOG[Application Final Configuration DMPFGUACPTRFfor MDT 2013 returned an unexpected return code: 1]LOG]!><time="12:06:23.000+000" date="09-13-2022" component="ZTIApplications" context="" type="3" thread="" file="ZTIApplications">

FuxMak
FuxMak
1 year ago

Great addition to my MDT collection, no doubt about that. However, I'd like to know if you experimented with parameters yet? I want to assign the username, optional domain and password in my TS and let your tool do the autologon magic "dynamically".
EDIT: Does your script need the LTICleanup Autologon section commented out or doesn't it care at all

Last edited 1 year ago by FuxMak
Adam Wifi
Adam Wifi
1 year ago

I am failing to understand where the config.hta comes to play and where it should be placed. I am trying to get the deployed machine to accept an auto logon for a local user, but there is no mention where the Config.hta should be place?

rebrec
rebrec
2 years ago

Thanks for this great article and the application package that suite perfectly my needs.
For your information, when setting FinishAction=REBOOT, MDT will cleanup and restart the computer in parallel of the execution of your script, leading to a non working autologon (most of the time).
To make it work, I have added specifically in my TS a Set task sequence variable action with FinishAction=<EMPTY>.
Maybe you could had some information about this scpeficic usecase.
Thanks again!

jake heilbroun
jake heilbroun
1 year ago

Hello Johan,
I have a question regarding MDT vbs scripts, I made a shortcut to mdt via a desktop icon and whenever I run a task sequence the computer always reboots. How do I stop this from happening?

Flemming
Flemming
2 years ago

Why is it necessary to set SKIPFINALSUMMARY to "YES". Can the script not run with SKIPFINALSUMMARY set to "NO" ? why you made the check from this setting ?

xulei lu
xulei lu
2 years ago

Hi john
I encountered some problems. I added a command under new computer only—->validate to clear the original information of the disk. diskpart.exe select disk 0 clean exit looks like this, and everything goes well. But after entering the system, I found that I lost my ip address, the applications were not executed, and the MIMINT folder appeared on the D drive. Do you know what the problem is?

Mohamad Berjawi
Mohamad Berjawi
2 years ago

i have used that script and it works successfully, i have upgraded windows 7 to windows 10 with mdt and added that script as the last task. but i am having an error message after each restart saying "cannot find the script c:\minint\scripts\litetouch.wsf"
i make sure that the customsettings.ini under the deployment share has the value for skipfinalsummary is set to yes.
am i missing something here, any ideas how to solve that please.

Jeremy Saunders
3 years ago

Hey Johan,
Great scripts and process. I found that the return code from "Configure-FinalConfig.wsf" is not working correctly and leaving an error. iZTIRetValue must equal 0 or 1, but not as a string. You can also use Success or Failure as you know. But using "0" or "1" as a string does not exit with valid return codes.
Cheers, Jeremy

Kim Underbjerg Sønderriis
Kim Underbjerg Sønderriis
3 years ago

Hey Johan Great Script! I have tried to enable Autologon for a workgroup TS by using your script but it doesn't seem to work :-/ During the TS a have a PS script which creates the local user. I have installed your script like told above and edited the HTA file with my infos for the local user. The user get created and your script is started but I can see in the LOG file ut writes "ZTI ERROR – Non-zero return code by Configure-FinalConfig". I can't figure out where I have made a mistake :-/ Can you give me… Read more »

dary
dary
3 years ago

Hi Johan,
regarding automatic login for another user account.

How should I proceed on the script?
where should I put your lines of text in the script?

Admin
Admin
8 years ago

Hi Anry,

Don't know about that one, please email me the bdd.log and I can take a quick look

/ Johan

Admin
Admin
8 years ago

Hi Cindy,

The only thing that comes to mind is the timeout, try increasing it in the HTA.

Change line 80 to iTimerID = window.setInterval("Configuration",45000)

/ Johan

anry
anry
8 years ago

Windows 7 image finishes successfully with only 1 error in EventViewer from the Final Config script.

ZTI ERROR – Non-zero return code by Configure-FinalConfig, rc = 0

Would can be the reason?

SkipFinalSummary=YES is set

ssoun
ssoun
8 years ago

Hello Johan,

Great script!!! It is working great on our Windows 7 and Windows 8.1 deployments but fails on only laptops. Can you enlighten me on what I am doing wrong?

Thank you,

Cindy

Admin
Admin
8 years ago

No, the LTI cleanup process runs after the task sequences is finished, that's why should use this HTA instead. And please stop using batch files, use PowerShell or VBScript.

/ Johan

motnahp00
motnahp00
8 years ago

Can I add a batch script that runs at the end of the task sequence so I can achieve autologon?

Admin
Admin
8 years ago

The whole point of the HTA is to run after the task sequence completes. E.g. there is no task sequence object.

If you want to pass task seqeuence parameters to the HTA, do what I do in the script for the domain value. E.g. have the vbscript that runs during the task sequence read the variables, and pass them as arguments to the HTA.

/ Johan

jsevans
jsevans
8 years ago

Hello Johan, For my Windows 8.1 LTI deploy on a Surface Pro 3, I tweaked the FinalConfig.hta file in an attempt to use dynamic admin username (OSDJoinAccount) and password (OSDJoinPassword) to populate the registry with Autologon info. Logic is that I would obtain these TS properties by including the following in the FinalConfig.hta file: Set TSEnv = CreateObject("Microsoft.SMS.TSEnvironment")sAdminAccountPassword = TSEnv("OSDJoinPassword")sAdminAccount = TSEnv("OSDJoinAccount") But it fails with an "ActiveX component can't create object: Microsoft.SMS.TSenvironment" error. So I thought maybe its caused by cscript.exe running as 64-bit process in a 32-bit environment…so I updated my "Final Configuration for 2013" command line to:… Read more »

Admin
Admin
8 years ago

If you cannot use the built-in logon dialog box (that sets the userdomain, userid, and userpassword variables), you need to pop-up a dialog box (HTA or VBScript), or modify the default wizard to ask for additional user info, and set those as custom variables.

Then you need modify the final configuration to read to variables and use them. As an example you can see how the VBScripts reads the domain variable and passes it over to the HTA.

/ Johan

saxknicks
saxknicks
8 years ago

So i am interested in the prompt for username/password for the auto login section of the hta. but I am unsure of how to go about that. could you help me out with that?

Admin
Admin
8 years ago

You can have the vbscript pass those variables to the HTA (as arguments), like I do with the domain value.

/ Johan

jsevans
jsevans
8 years ago

Johan, As always…thanks for all the tips/tricks and advice. Your Final Configuration script works great for scenarios where we are okay with hardcoding username and password (e.g. testing in DEV environment) but in our government department, we have many installers so we need dynamic DefaultUserName and DefaultPassword. In my Windows 7 (MDT 2010) TS, I used a VBScript that wrote the autologon data based on the installers username and password provided in the "User Credentials" wizard. I create the "Microsoft.SMS.TSEnvironment" object and then set the variables : sAdminAccountPassword = oSccmTSE("OSDJoinPassword") and sAdminAccount = oSccmTSE("OSDJoinAccount"). So when I try use the… Read more »

Admin
Admin
8 years ago

Hard to say, and btw, you don't need to update the boot images when changing a task sequence.

Mail me the log files and I can take a quick look (contact info on the abut page).

/ Johan

call911
call911
8 years ago

I have followed all the steps, added SkipFinalSummary=YES to my Deployment Share Rules, added the steps to the Task Sequence, rebuilt the boot images, and I can't get this to work. Everything images as needed, but then just sits at the desktop of the newly imaged computer. I don't see any popups. What could I be missing?

Harter
Harter
8 years ago

I have the excact same problem as "femilovechild" from 7/17/2014:

ZTI ERROR – Non-zero return code by Configure-FinalConfig, rc = 0
Event 41002 sent: ZTI ERROR – Non-zero return code by Configure-FinalConfig, rc = 0 Configure-FinalConfig

As far as I could see you have answered offline. Could You please provide me the same answer. Thanks

Admin
Admin
8 years ago

Sorry, don't know, haven't tried

/ Johan

jewen
jewen
8 years ago

I was wondering if there is a way to reduce the amountnumber of autologons down 3. I like the feature and used to do something similar using the unattend.xml file before I met MDT. Just for info I tried adjusting the 999 value to 3. To test I just created a custom task sequence and ran the litetouch.vbs script from an already built win 8-1 vm which did have the FinalConfig set as the last task. This however didn't seem to make a difference. I am probably missing something really easy. Many thanks on your generous contribution, I like many… Read more »

Admin
Admin
8 years ago

Sure, you can prompt for variables, that then are written to the registry by the script.

/ Johan

mstarace
mstarace
8 years ago

Great work! It there any way that this can be tweaked to have it prompt you for default username and default password each time before it reboots and logs the person in?

Thanks!

Admin
Admin
9 years ago

Haven't tried in SCCM, but you could try using this script: http://www.windows-noob.com/forums/index.php?/topic/2804-setting-up-autologin-at-the-end-of-sccm-osd/

/ Johan

dcaldwell
dcaldwell
9 years ago

Until recently, we used SCCM TS to Build and capture our reference image. During deployment TS using SCCM, we would populate the previous noted Winlogon keys and then use the TS restart computer step to reboot and the computer would successfully autologin. Now we have built our reference image using MDT 2013, and imported into sccm to deploy. The same SCCM TS, and the autologin keys get reset on the last reboot and no autologin. What process is resetting the keys at the end of the SCCM TS? Any suggestions on getting this to work with SCCM? P.S> I've never… Read more »

Admin
Admin
9 years ago

You can absolutely modify the script to take parameters sent from MDT. If you want example, check the previous version of this HTA which took the domain parameter sent from MDT and used that in the HTA. https://deploymentresearch.com/Research/tabid/62/EntryId/17/Final-Configuration-for-MDT-2010-Lite-Touch.aspx

/ Johan

ajdirks
ajdirks
9 years ago

Thank you for this autologin config, it has helped tremendously.

I manage an environment where we have multiple AD accounts that autologin to computers using mandatory profiles. With this in mind, is it possible to have your script insert autologon reg keys depending on computer name, OU, or application package chosen from MDT wizard?

Thanks!!

Admin
Admin
9 years ago

Sorry, this example only works in MDT Lite Touch.

/ Johan

ajensen
ajensen
9 years ago

Can i use this in SCCM TS without MDT integration : If i copy files needed from MDT lib and make my own package.

If above Works which files is then needed?. ZTIUtility.vbs, LTICleanup.wsf..

/ Anders

Admin
Admin
9 years ago

Jurgen, works with both Windows 7 and Windows 8.1 (and Windows Server)

/ Johan

Admin
Admin
9 years ago

Hmm, I haven't tested the script on a workgroup machine, did you have the task sequence (or the script) create the local Student user with a blank password as well? Anyway, send me an email, and I can followup offline. You find the contact details in the About page.

/ Johan

femilovechild
femilovechild
9 years ago

Thanks for all the knowledge you have been impacting. I have a problem with the script on MDT 2013 deploying standalone laptops Windows 7. I get the following error in the log file;ZTI ERROR – Non-zero return code by Configure-FinalConfig, rc = 0Event 41002 sent: ZTI ERROR – Non-zero return code by Configure-FinalConfig, rc = 0 Configure-FinalConfigThe laptop does not do autologon even though I have uncommented the section to run the autologon script i.e; ' Enable autologon for another user account (comment out these lines) StatusArea.InnerHTML=StatusArea.InnerHTML & "" & "Enable autologon for another user account." oShell.RegWrite "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonAutoAdminLogon", 1,… Read more »

valkenaer
valkenaer
9 years ago

Hi Johan,

Is this script specifically written with Windows 8 in mind or will it also work with Windows 7?

Jurgen

Admin
Admin
9 years ago

To the default MDT log files locations: C:MININTSMSOSDOSDLOGS during deployment (in running Windows), and C:WindowsTempDeploymentLogs after a completed deployment.

/ Johan

Chris
Chris
9 years ago

Where are the log files being written to?

Admin
Admin
9 years ago

Yes, you should remove FinishAction=Reboot.

/ Johan

joebrug
joebrug
9 years ago

Should you remove FinishAction=Reboot from cs.ini if using this script?

Admin
Admin
9 years ago

You can set the default username, or clear the username info via registry/policies.

/ Johan

joebrug
joebrug
9 years ago

I join my domain during MDT. However, when MDT is completed and reboots (FinishAction=Reboot) the computer comes up with default username as the local administrator. I want the default login method to be to our domain. In fact, shouldn't we be disabling local administrator? Thanks!

Teknologist
Teknologist
9 years ago

That worked, thank you!


>