Tuesday, July 9, 2013

MDT: Important FYI regarding the new GPO Pack feature

Its been covered at other sites, but I recently ran afoul of this so I'll cover it here. By default in MDT 2012 you may find Windows Firewall settings disabled by group policy after deploying certain OSes. Firewall settings will be greyed out and the following message is displayed in the Windows Firewall interface after deployment:

"For your security some settings are managed by your system administrator"

The computers will not have been domain-joined yet and you will not have set up any manual tasks to apply local policies. So what is the culprit? Actually  it’s a new feature in MDT 2012! You can add the following to Customsettings.ini to disable it:

ApplyGPOPack=NO

This should resolve the issue. Unfortunately Microsoft did not just add the new feature to apply local polices during a Task Sequence. They also added four GPO Pack templates which get applied *by default* during a deployment! You can find these templates in your Deployment Share folder in the subfolder "\Templates\GPOPacks". As of the day these notes were written the current templates are as follows:

<MDTShare>\Templates\GPOPacks\
|
|_\Win7SP1-MDTGPOPack
|
|_\WinVistaSP2-MDTGPOPack
|
|_\WS2008R2SP1-MDTGPOPack
|
|_\WS2008SP2-MDTGPOPack

No comments:

Post a Comment