HotdogSCCM Posted March 11, 2016 Report post Posted March 11, 2016 Howdy hoo! Here's what I'm working with: SCCM 1511 Windows 7->Windows 10 In Place, Zero Touch Task Sequence. Cisco ISE for network authentication. For "normal" Windows 10 builds, thumb drive/PXE builds for bare metal, I have a lovely little batch file that does: copy CERT1.cer X:\OhioBWC-CA.cer /ycopy CERT2.PFX x:\BWCCert.pfx /ycopy Ethernet.xml x:\Ethernet.xmlcopy InstallCertsSilently.vbs x:\InstallCertsSilently.vbscopy InstallCerts.bat x:\InstallCerts.batcmd /c cscript.exe InstallCertsSilently.vbscmd /c Powershell.exe Sleep 15cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Local Area Connection"cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Ethernet"cmd /c Netsh LAN add profile filename="X:\Ethernet.xml" interface="Ethernet0"cmd /c Powershell.exe Sleep 5cmd /c Ipconfig /releasecmd /c Powershell.exe Sleep 5cmd /c Ipconfig /renewcmd /c Powershell.exe Sleep 5cmd /c ipconfig /renew Which, through the magic of love, gives me full ISE access, and authenticates the WinPE environment. I've modified my unattend.xml to do something similar, dropping the certs and XML in the WinPE side of the house: net start dot3svcsc config dot3svc start= auto C:\windows\system32\certutil.exe -addstore root C:\windows\temp\CERT1.cerc:\windows\system32\certutil.exe -f -p SUPERAWESOMEPASSWORDGOTEAMAMERICA! -importpfx c:\windows\temp\CERT2.pfx Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Local Area Connection"Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Ethernet"Netsh LAN add profile filename="c:\windows\temp\Ethernet.xml" interface="Ethernet 0"REG ADD HKLM\System\CurrentControlSet\services\RasMan\PPP\EAP\13 /t REG_DWORD /v NoRevocationCheck /d 1 /f Which works, so the full Windows OS has access to the network too. In ZTI, however... I'm not sure how to do a "prestart" command. I'm using the MDT Boot image, and I'm unsure of how to "force" something to run before the Task Sequence itself even begins; I basically need to do all the "first" steps, the WinPE stuff, as soon as the box drops into WinPE, from the full session of Windows (starts in Windows, turns off Bitlocker, reboots, USMT, etc). How do I do this? It doesn't look like any of the "normal" things want to work when it's a ZTI; I've tried tsconfig.ini, and I know the winpeshi.ini gets eaten when I make a boot disk. The tsconfig.ini stuff from here: https://sccmdiet.wordpress.com/tag/tsconfig-ini/works, but it doesn't work in ZTI/no "user interaction". I *KNOW* I'm missing something really stupid, but I've never had to do this yet Thanks! Quote Share this post Link to post Share on other sites More sharing options...
