1

We use WDS images combined with GPOs to automate the installation of our desktops.

This all works great, except that when a WDS deployment to a new/existing PC is completed, there's a fifty/fifty chance of the GPOs applying on first boot.

That unfortunately means that following a refresh of our development environment, someone has to check the machines and initiate a reboot / GPUpdate for around 15-20 PCs.

Machines are either pre-staged or have existing computer accounts in AD because they are re-imaged rather than new.

Just wondering if anyone has experienced similar problems with GPOs not applying following a WDS installation? At the moment we're considering hacking a script into the image so that workstations are automatically rebooted following a WDS installation, but that feels more like a work around rather than dealing with the problem's root cause.

Thanks

biscuitNinja
  • 21
  • 5
  • Are all GPOs not applied, or some of them? – strongline Jun 10 '15 at 14:07
  • Also if you let the computer sit, after thirty minutes (default GPO refresh time) doesn't the computer automatically update the GPO? – Elliot Huffman Jun 10 '15 at 16:19
  • No GPOs are applied, period. – biscuitNinja Jun 11 '15 at 08:52
  • 1
    Done some digging and found the issue seems related to setting the timezone to "GMT Standard Time". If we don't set the timezone at all in unattend.xml and the PC's hardware clock happens to be correct, then the image is applied to the machine, it is joined to the domain and the GPOs apply. If we set the timezone to "GMT Standard Time", the WDS install seems to assume that the hardware clock is in PST (GMT -8) and thus adds 8 hours to it. It remains in this incorrect state until the NTP sync happens but this is after the GP processing has failed. – biscuitNinja Jun 11 '15 at 09:01

1 Answers1

0

We have resolved the problem in rather a hacky way by adding the following to the specialize section of the unattend.xml used with the WDS image:

<settings pass="specialize">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ComputerName>%MACHINENAME%</ComputerName>
        <TimeZone>GMT Standard Time</TimeZone>
    </component>

    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-GB</InputLocale>
        <SystemLocale>en-GB</SystemLocale>
        <UILanguage>en-GB</UILanguage>
        <UserLocale>en-GB</UserLocale>
    </component>

    <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
            <Credentials>
                <Domain>$domain</Domain>
                <Password>$password</Password>
                <Username>$username</Username>
            </Credentials>
            <UnsecureJoin>true</UnsecureJoin>
        </Identification>
    </component>

    <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
                <Description>Force Time Resync</Description>
                <Order>1</Order>
                <Path>cmd /c w32tm /resync</Path>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
                <Description>Force GPUpdate</Description>
                <Order>2</Order>
                <Path>cmd /c gpupdate /force /boot /sync</Path>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
                <Description>Reboot</Description>
                <Order>3</Order>
                <Path>cmd /c reboot -r -t 1</Path>
            </RunSynchronousCommand>
        </RunSynchronous>
    </component>
</settings>
biscuitNinja
  • 21
  • 5