Avatar of Achievement_First
Achievement_First

asked on 

Running Powershell Script To Join Domain after running Sysprep in Windows 7

I'm working on a Windows 7 image that will join the computer to the domain automatically.  I'm trying to accomplish this through a Powershell script.  While logged in as Administrator, I set the execution policy to remotesigned.  Then I use Get-Credential to Store Passwords “securely” in a file (see http://bsonposh.com/archives/338).  I create a script with the following commands:

$password = Get-Content c:\windows\system32\windowspowershell\v1.0\password.txt | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential "Domain\domainuser",$password
add-computer -domainname Domain -credential $credential af.org -passthru

I save the script in c:\windows\system32\windowspowershell\v1.0\ and I place the run script command in the Administrator's runonce registry entry.

The problem:
1. It appears that Powershell reverts back to "Restricted" mode after running sysprep thereby not allowing scripts to run automatically.
2. It seems that the Administrator account seems to change because I get an error when trying to access the encrypted password file.  I have to start running the Powershell cmdlets from scratch in order for it to work which defeats the automated process, but does join the domain.

I should note that my unattend.xml file changes the Administrator password. (Don't know if that has anything to do with it).

Please advise.
PowershellWindows 7Networking

Avatar of undefined
Last Comment
Ivano Viola
ASKER CERTIFIED SOLUTION
Avatar of Ivano Viola
Ivano Viola
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Achievement_First
Achievement_First

ASKER

Thanks Ivanoviola for your response and your article which I found most helpful throughout this process.  
I'm still left with the problem of why I cannot access the encrypted password in Powershell when logged in as Administrator after the sysprep process.  I can however run the script if I re-encrypt the file (see:http://bsonposh.com/archives/338).
Please advise
Avatar of Ivano Viola
Ivano Viola
Flag of United States of America image

I read the posts and I understand what you're trying to achieve. It seems that when sysprep runs it resets the the key used to encrypt the file so it won't allow you to open it. I did come across a website that states:

• Do not encrypt any files or folders on your reference PC that you will be running Sysprep on. If you run Sysprep on an NTFS file system partition that contains encrypted files or folders, the data in those folders becomes completely unreadable and unrecoverable.

IV
Avatar of Achievement_First

ASKER

Thanks Ivanoviola for your help.  You are probably right.  

I'm going to look into any possible work arounds to this question before closing it.  I'll come back to this question.  In the meantime, if you come across anything, let me know.
SOLUTION
Avatar of Ivano Viola
Ivano Viola
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of Achievement_First

ASKER

Got it.  It's a viable workaround to join the domain automatically and wirelessly.
1. First, we created a directory called c:\sysprep that would house the files and cmd files we create.
2. We then wrote a PowerShell script that will join the computer to the domain and saved it under C:\sysprep.  That same script will delete all files in c:\sysprep
3. When creating the unattend.xml file, we ran two Synchronous commands under oobe system that would first set the execution policy in PowerShell to remotesigned.  Then a second synchronous command that would call the PowerShell script to join the computer to the domain (which by the way, sets PowerShell back to restricted mode)
4. Since the wireless driver and software were already installed under the default profile, what happens after running sysprep and rebooting the machine, it will: one, ask for a computer name (this is because we left the computer name blank in the xml file.  We did not specify that we wanted to join the domain in the unattend.xml file, we do that through PowerShell).  Two, it will reboot and join the domain wirelessly.  Voila!
After the second time it reboots, when you click on the "Switch User" button, you'll see a log in prompt to log in to the domain.
I've attached a sample of the files
autojoin.ps1.txt
sysprepgo.cmd.txt
Unattend.xml.txt
Avatar of Achievement_First

ASKER

Found my own work around
Avatar of Ivano Viola
Ivano Viola
Flag of United States of America image

Achievement:
Well done and thank you for sharing. I found your post very interesting. Being persistent pays off!
Networking
Networking

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo