By
Johan Arwidmark
/ December 2, 2015
You probably know that a bug in MDT versions since MDT 2013 Update 1 have way too high security permissions being set on the deployment share created via Deployment Workbench – Only administrators can access them. Here is a script that sets them to a working level. If needed, modify the script to fit your environment, for example, your build account is probably not the VIAMONSTRA\MDT_BA account 🙂
# Check for elevation
Write-Host "Checking for elevation"
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
Write-Warning "Aborting script..."
Break
}
# Configure NTFS Permissions for the MDT Build Lab deployment share
$DeploymentShareNTFS = "E:\MDTBuildLab"
icacls $DeploymentShareNTFS /grant '"Users":(OI)(CI)(RX)'
icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)'
icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)'
icacls "$DeploymentShareNTFS\Captures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(M)'
# Configure Sharing Permissions for the MDT Build Lab deployment share
$DeploymentShare = "MDTBuildLab$"
Grant-SmbShareAccess -Name $DeploymentShare -AccountName "EVERYONE" -AccessRight Change -Force
Revoke-SmbShareAccess -Name $DeploymentShare -AccountName "CREATOR OWNER" -Force
Line 17, you reference the variable ""$DeploymentShareNTFSCaptures", but nowhere is it defined. Am I missing something?
Oops, there was a missing "\" in $DeploymentShareNTFS\Captures". Fixed that. Thanks for the headsup.
/Johan
Hi Johan Arwidmark,
can you tell me, where should i write this script. ?
You need to update the script to reflect the path of your MDT deployment share, as well as the domain and username you use for accessing the share. You then run the script on your MDT deployment server.
/ Johan
I know it's an old post, but helped me troubleshoot issues today. Thanks!
Hi there! I have this exact problem with a Microsoft Surface Laptop 4, it just can't access deployment share, giving me the error of possible invalid credentials. However, this only happens with this specific machine/model, all other pc's I have in my domain work just fine (HP, Lenovo, Dell). So I'm no totally confident using this script of yours, because I'm afraid I might ruin the deployment server for other machines I already have working… Could you give me your opinion on this? Btw, I'm using Windows 10 Enterprise x64 build 2004.
Thank you and best regards!
Hi Jack.
I would suspect some sort of network glitch, or drivers missing. If this is still an issue, please reach out to me on LinkedIn and I'll see what I can to do help.