As you may be aware, the local administrator account is disabled by default in Windows 7. MDT 2010 re-enables it and resets the password. This is initially done when you create a new task sequence so you don’t really need to type it in every time during the Lite-Touch Deployment wizard.
You can skip the Administrator Password wizard page by using this property in the customsettings.ini.
SkipAdminPassword=YES
You can also override the admin password for all of your task sequences by using this property in you customsettings.ini.
AdminPassword=P4$$w0rd
Or you can set it per Task Sequence as a Variable. Handy if your security manager tells you to start using a new admin password immediatly as there’s just one setting to change.
Hey,
Thanks for the Blog. Alot of helpfull stuff.
Can you show us an example of a completed\demo customsettings.ini?
Cheers
LikeLike
Sure, I’ve been meaning to put something together.
LikeLike
You just might be able to help me out…
At my job we are in the process of migrating from MDT 2008 to MDT 2010 (we are only deploying XP SP3). We are nearly finished, but we have a pretty major snag. Back when we were first building out MDT 2008, we used N-Lite to change (among other things) the built-in administrator account name from Administrator to, let’s say, Batman. In MDT 2008, we would provide the account name Batman and its password for the AutoAdminLogin process for all subsequent reboots, and it worked like a charm. In MDT 2010, however, somewhere in the OS installation process MDT seems to be reversing the custom naming of the admin account and changing it back to Administrator. After the OS installation is complete, the box reboots; when it tries to do its first AutoAdminLogin as the user Batman, we get an error message indicating bad username and password because an account of that name no longer exists. From there we can manually log in as Administrator and re-rename the account back to Batman, and it resumes the build process with the task sequences. It goes without saying that this is a big problem as having to manually log in breaks the “no-touch” part of what was once a truly no-touch process with MDT 2008.
Which brings me to my question: how can we get MDT 2010 to stop overwriting our custom-named administrator account before the first post-OS-installation reboot?
Many thanks for any help you might provide.
LikeLike
MDT will always set local admin password at the time of deployment. This is by design. I suggest using the AdminPassword variable with your current password as what you want it to be. You can use it as a task sequence variable so it only applys to that particular image.
LikeLike
Thank you Andrew, this might be on the right track! Is there a similar variable for the NAME of the admin account? Our issue is not with the password being squashed, but with the name of the account being reverted from ‘Batman’ back to ‘Administrator’.
Thanks,
Gavin
LikeLike
Sorry, fighting off a cold here and part read the post. A similar question was posted and answered in the MDT forum here. http://social.technet.microsoft.com/Forums/en/mdt/thread/edc88cb5-f9b0-4862-adf9-bb2b73940ee7
Truthfully, I’ve never had this issue but, to keep things simple, I suggest you use a custom script to rename the local admin account back to ‘batman’ near the end of your task sequence.
LikeLike
hi there
I tried creating the TS variable AdminPassword, Value Password at the end of the Preinstall Phase. During deployment i checked the c:\MININT\unattend.txt file and the variable does exist in the file, yet XP still prompts me to enter the local administrator password.
Once i enter the password manually, the deployment continues and completes.
is the adminPassword variable different for XP deployments.
Am i missing something
LikeLike
Hi Reza,
Set the Task Sequence Variables at the very start of your task sequence. You can use the skip to hide the wizard panes as described above.
Andrew.
LikeLike
I know Gavin’s Problem because we are working together. MDT tries to log in with “Administrator” when we renamed that account to Batman. How do we change a setting so that MDT can log in the first time with ouw admin account that we called batman?
LikeLike
Hello Steve
I’m in the same problem, how to get mdt to realize the account isn’t called Administrator.
Any solutions?
Cheers
LikeLike
I know this isn’t a support forum, but thought I would ask anyway. My MDT Image is activating the Administrator account, but not setting the password at all. I have tried setting the admin password in the TS then in customsettings setting it to skip, I have tried what was outlined in this article. And I have setup the customsettings to not skip the admin password and enter it in the Windows Deployment Wizard. But each time the system says bad username/password and if I manually type in the password it says that it is still bad. I can log into a domain account and then set the admin password, but I don’t understand why it isn’t setting it automatically. Thanks in advance if you have an answer or suggestion.
LikeLike
It sounds like your password is too weak. If your machine is domain joined, it could be a strong password policy set in AD.
LikeLike
How to have the option of customizing names of individual machines in MDT2010?
Its like this…
Say… 3 Users… Alan, Jake and Charlie Harpers … join my company… and I have to prepare machines for them…. currently… the only name i can use is MININT- (This part is grayed out so i cannot change it at all)… I would like to have the option of assigning a name every time i run the deployment….
Like…. alanh- … “alanh-malibu”…. Get it?
Currently I am unable to do that… so… in order to avoid unnecessary entries in my AD.. I am adding the machine to a work group and then after the machine starts I change the name from “MININT-3BKGQBS” to “charlieh-malibu” and add it to my domain….
Am I making sense?
I dont want to do this…. Is there a way out?
Thanks
Ravi
LikeLike
Have a read of my article here on computernames. You can set the computername in the wizard during deployment.
LikeLike
Hi Andrew
Is it possible to set the password of a computer via rule in combination with the computername e.g. “Hppc#computername” ?
Thanks
Sacha
LikeLike
Yes, I written a number of posts on this topic. Take a look using the search box above.
LikeLike