GPOPack not applying from Offline ISO build

[Lagamorph]

Hi all.

 

I've created a task sequence that, when deployed from SCCM via a Boot image, works absolutely perfectly. Performs all my steps and then lastly applies a GPOPack placed in the Templates\GPOPacks folder of my MDT files.

When I generate a Stand-alone media ISO from this task sequence however and run that through, everything works except for the GPO Pack not being applied. This is immediately obvious as no logon message is displayed after pressing Ctrl+Alt+Del and the account renaming carried out by the pack is not done. I've checked the smsts log file though and according to that the Apply GPO Pack stage has completed successfully with exit code 0, no errors, though it does complete in only 3 seconds which seems a little fast.

 

Any ideas on what might be causing this strange behaviour?

[Lagamorph]

Don't suppose anyone has any ideas about this do they?

[Lagamorph]

Managed to find a solution to this.

Incase anyone else runs into the same error,

https://social.technet.microsoft.com/Forums/en-US/be2c05a0-620c-4b64-a82f-18ccc9f6cec5/apply-gpo-pack-offline-media-does-not-apply

 

But to summarise,

You need to edit the ZTIApplyGPOPack.wsf in the MDT Files.

 

In the list of declared variables at the top of the script, add an additional variable,

 

Dim LSDB

 

 

Then, just before the "Run GPO Pack Script" section, add the following,

 

'// Remove read only Attrib. from LocalSecurityDB.sdb

LSDB = "Attrib -R " & oUtility.LocalRootPath & "\" & sGPOPackPath & "\LocalSecurityDB.sdb /S"
oShell.Run LSDB,0

 

 

It appears that the problem is with the Security database being read-only when using an Offline ISO build, but not when using a Boot Image/PXE Boot. I've tested the script with both Offline ISO and Boot Image builds, and it works perfectly in both scenarios.