Achievement_First
asked on
Running Powershell Script To Join Domain after running Sysprep in Windows 7
I'm working on a Windows 7 image that will join the computer to the domain automatically. I'm trying to accomplish this through a Powershell script. While logged in as Administrator, I set the execution policy to remotesigned. Then I use Get-Credential to Store Passwords “securely” in a file (see http://bsonposh.com/archives/338). I create a script with the following commands:
$password = Get-Content c:\windows\system32\window spowershel l\v1.0\pas sword.txt | ConvertTo-SecureString
$credential = New-Object System.Management.Automati on.PsCrede ntial "Domain\domainuser",$passw ord
add-computer -domainname Domain -credential $credential af.org -passthru
I save the script in c:\windows\system32\window spowershel l\v1.0\ and I place the run script command in the Administrator's runonce registry entry.
The problem:
1. It appears that Powershell reverts back to "Restricted" mode after running sysprep thereby not allowing scripts to run automatically.
2. It seems that the Administrator account seems to change because I get an error when trying to access the encrypted password file. I have to start running the Powershell cmdlets from scratch in order for it to work which defeats the automated process, but does join the domain.
I should note that my unattend.xml file changes the Administrator password. (Don't know if that has anything to do with it).
Please advise.
$password = Get-Content c:\windows\system32\window
$credential = New-Object System.Management.Automati
add-computer -domainname Domain -credential $credential af.org -passthru
I save the script in c:\windows\system32\window
The problem:
1. It appears that Powershell reverts back to "Restricted" mode after running sysprep thereby not allowing scripts to run automatically.
2. It seems that the Administrator account seems to change because I get an error when trying to access the encrypted password file. I have to start running the Powershell cmdlets from scratch in order for it to work which defeats the automated process, but does join the domain.
I should note that my unattend.xml file changes the Administrator password. (Don't know if that has anything to do with it).
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I read the posts and I understand what you're trying to achieve. It seems that when sysprep runs it resets the the key used to encrypt the file so it won't allow you to open it. I did come across a website that states:
• Do not encrypt any files or folders on your reference PC that you will be running Sysprep on. If you run Sysprep on an NTFS file system partition that contains encrypted files or folders, the data in those folders becomes completely unreadable and unrecoverable.
IV
• Do not encrypt any files or folders on your reference PC that you will be running Sysprep on. If you run Sysprep on an NTFS file system partition that contains encrypted files or folders, the data in those folders becomes completely unreadable and unrecoverable.
IV
ASKER
Thanks Ivanoviola for your help. You are probably right.
I'm going to look into any possible work arounds to this question before closing it. I'll come back to this question. In the meantime, if you come across anything, let me know.
I'm going to look into any possible work arounds to this question before closing it. I'll come back to this question. In the meantime, if you come across anything, let me know.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got it. It's a viable workaround to join the domain automatically and wirelessly.
1. First, we created a directory called c:\sysprep that would house the files and cmd files we create.
2. We then wrote a PowerShell script that will join the computer to the domain and saved it under C:\sysprep. That same script will delete all files in c:\sysprep
3. When creating the unattend.xml file, we ran two Synchronous commands under oobe system that would first set the execution policy in PowerShell to remotesigned. Then a second synchronous command that would call the PowerShell script to join the computer to the domain (which by the way, sets PowerShell back to restricted mode)
4. Since the wireless driver and software were already installed under the default profile, what happens after running sysprep and rebooting the machine, it will: one, ask for a computer name (this is because we left the computer name blank in the xml file. We did not specify that we wanted to join the domain in the unattend.xml file, we do that through PowerShell). Two, it will reboot and join the domain wirelessly. Voila!
After the second time it reboots, when you click on the "Switch User" button, you'll see a log in prompt to log in to the domain.
I've attached a sample of the files
autojoin.ps1.txt
sysprepgo.cmd.txt
Unattend.xml.txt
1. First, we created a directory called c:\sysprep that would house the files and cmd files we create.
2. We then wrote a PowerShell script that will join the computer to the domain and saved it under C:\sysprep. That same script will delete all files in c:\sysprep
3. When creating the unattend.xml file, we ran two Synchronous commands under oobe system that would first set the execution policy in PowerShell to remotesigned. Then a second synchronous command that would call the PowerShell script to join the computer to the domain (which by the way, sets PowerShell back to restricted mode)
4. Since the wireless driver and software were already installed under the default profile, what happens after running sysprep and rebooting the machine, it will: one, ask for a computer name (this is because we left the computer name blank in the xml file. We did not specify that we wanted to join the domain in the unattend.xml file, we do that through PowerShell). Two, it will reboot and join the domain wirelessly. Voila!
After the second time it reboots, when you click on the "Switch User" button, you'll see a log in prompt to log in to the domain.
I've attached a sample of the files
autojoin.ps1.txt
sysprepgo.cmd.txt
Unattend.xml.txt
ASKER
Found my own work around
Achievement:
Well done and thank you for sharing. I found your post very interesting. Being persistent pays off!
Well done and thank you for sharing. I found your post very interesting. Being persistent pays off!
ASKER
I'm still left with the problem of why I cannot access the encrypted password in Powershell when logged in as Administrator after the sysprep process. I can however run the script if I re-encrypt the file (see:http://bsonposh.com/archives/338).
Please advise