There are many new features of MDT but one that I particularly use a lot many time in non-domain infrastructure is the ability to apply GPO Packs created using Security Compliance Manager (SCM) during the deployment process.
Microsoft Security Compliance Manager 3.0 is a great tool that allows you to create and manage group policy baselines in an easy to use interface. These polices are then able to be applied at the domain level or as “Local GPO Packs”.
MDT provides four default GPO packs for the following operating systems that are applied by default during deployment. 1. Windows 7 SP1 | 2. Windows Vista SP2 | 3. Windows 2008 SP2 | 4. Windows 2008 R2 SP1
All GPO packs are stored in the Templates folder within the Distribution Share. For example <Distribution Share>\Templates\GPOPacks\<GPO Pack Folder>.
When you specify your own GPO Pack you must override the default GPO pack using the GPOPackPath variable in the customsettings.ini file.
This is a relative path from the <Distribution Share>\Templates\GPOPacks\ folder. For example
GPOPackPath = BTN-WIN8-MDTGPOPack
If you do not want to apply any GPO Packs then task sequence step can be skipped by setting the variable ApplyGPOPack to NO in customsettings.ini.
You can create your own GPO packs using the following process.
1. Use SCM to create an SCM baseline
2. Export the baseline using a GPO backup
Now we need to turn the baseline into a GPO pack, this is a simple process.
3. Open to an existing GPO pack and copy the following files to the backup – GPOPack.wsf, LocalPol.exe, LocalSecurityDB.sdb
4. Copy the GPO Pack to the <Distribution Share>\Templates\GPOPacks folder
3. Update the GPOPackPath variable in the customsettings.ini file to point at the new GPO Pack