Advertisements
TRENDING

MDT 2012 | 2013 “Deploying with GPO Packs”

There are many new features of MDT but one that I particularly use a lot many time in non-domain infrastructure is the ability to apply GPO Packs created using Security Compliance Manager (SCM) during the deployment process. Microsoft Security Compliance Manager 3.0 is a great tool that allows you to create and manage group policy baselines in an easy to use interface. These polices are then able to be applied at the domain level or as  “Local GPO Packs”. MDT provides four default GPO packs for the following operating systems that are applied by default during deployment. 1.  Windows 7 SP1 | 2. Windows Vista SP2 | 3. Windows 2008 SP2 | 4. Windows 2008 R2 SP1 All GPO packs are stored in the Templates folder within the Distribution Share. For example <Distribution Share>\Templates\GPOPacks\<GPO Pack Folder>. vlcsnap-2013-08-20-13h02m14s207 When you specify your own GPO Pack you must override the default GPO pack using the GPOPackPath variable in the customsettings.ini file. vlcsnap-2013-08-20-13h02m56s115

This is a relative path from the <Distribution Share>\Templates\GPOPacks\ folder. For example
GPOPackPath = BTN-WIN8-MDTGPOPack

vlcsnap-2013-08-20-13h03m57s207
If you do not want to apply any GPO Packs then task sequence step can be skipped by setting the variable ApplyGPOPack to NO in customsettings.ini.

vlcsnap-2013-08-20-13h03m19s87

You can create your own GPO packs using the following process.
1. Use SCM to create an SCM baseline
2. Export the baseline using a GPO backup

Now we need to turn the baseline into a GPO pack, this is a simple process.
3. Open to an existing GPO pack and copy the following files to the backup – GPOPack.wsf, LocalPol.exe, LocalSecurityDB.sdb

vlcsnap-2013-08-20-13h04m21s192

4. Copy the GPO Pack to the <Distribution Share>\Templates\GPOPacks folder

vlcsnap-2013-08-20-13h04m44s171

3. Update the GPOPackPath variable in the customsettings.ini file to point at the new GPO Pack

vlcsnap-2013-08-20-13h05m38s192

Advertisements
About BjTechNews (905 Articles)
An IT guy trying to learn everything about technology and sharing it with you all. I'm a blogger and video blogger who highlights daily news in the tech industry, promoting tips and hacks for fellow techies.

3 Comments on MDT 2012 | 2013 “Deploying with GPO Packs”

  1. how can I use this and deploy more than one gpopack after the os is installed using mdt, customsettings.ini will only allow one gpopackpath entry

  2. Use GPO packs as applications. You can install more than one and they are easier to maintain:

    Just run LGPO.exe as an application in MDT:

    -Take your folder output with the DomainSysvol, Backup.xml and bkupinfo.xml files and drop LGPO.exe into it.

    -Create an apply_gpo.bat file and type the following into it:

    @echo off
    SET COMPAT_LAYER=RUNASADMIN
    %~dp0LGPO.exe /g %~dp0

    You may really only need the one line: %~dp0LGPO.exe /g %~dp0

    but what I used there worked.

    Create your app with source files in mdt and run the apply_gpo.bat. Easy to create and maintain as you don’t have to continually edit task sequences.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s