@FoxNBeard said in General A to Z support (FOG):
It would install with the Administrator account activated. Through the unattend.xml I was able to figure out how to have it make a second user with administrator priviledges, but I couldn’t seem to solve how to not have the administrator account active and only the user.
Use the setupcomplete.cmd batch file to do this. With something like this in batch
REM Rename the default administrator account to something else
wmic useraccount where name='administrator' rename slipperyjim
net localgroup administrators slipperyjim /add
REM Rename the guest user account
wmic useraccount where name='guest' rename debbiedowner
REM Create a fake administrator account for hackers to bang on
net user Administrator NeG@tiveNancy-F@nT@#13s /ADD /comment:"Built-in account for administering the computer/domain" /PASSWORDCHG:NO /active:NO /Y
REM Be sure to remove from administrators and users groups, add to guest group to limit access
net localgroup Administrators Administrator /delete
net localgroup Guests Administrator /add
net localgroup Users Administrator /delete
REM create new System Admin user
net user sysstarr "1cecr3am-SanWitch0" /add /EXPIRES:NEVER /PASSWORDCHG:NO /active:YES /Y
net localgroup Administrators sysacce55 /add
wmic useraccount where Name='sysacce55' set PasswordExpires=FALSE
REM Disable slipperyjim (real admin/root user account)
net user slipperyjim /active:no
I presume due to limited knowledge, I couldn’t figure out how to let MDT install both updates and applications correctly.
There is a task sequence to apply windows updates. It helps if you have a local WSUS server to cache the packages. When I was just getting started in imaging this site helped out quite a bit. https://www.deploymentresearch.com/
I was wondering if I was able to manually configure a VM and pull an image to FOG that way?
Yes developing your golden image on a VM is the best choice so you can use snapshots to fix o-crap moments while perfecting your golden image.
Hostname was identical to the original machine (Although I think, unless wrongly configured, the hostname changer in FOG was active).
This is true because fog is a block level cloner, it knows nothing about the target system. To use the hostname changer will you will to register the computer with FOG and have the FOG client installed. That is not something you probably want as a system builder. You can have FOG set a name of the computer at deploy time via using a custom FOG post install script that will inject a new host name into the unattend.xml file at deployment time.
Yes I would still sysprep your windows system. For full disclosure I have not had to build an image for Windows 11 yet, so I might be incorrect here. BUT I would also build your golden image so that its protected from getting to the internet. I have seen on windows 10 if the workstation can get to the internet it will try to down stuff causing sysprep to fail.
I would spend my time getting MDT to do what you want it to do to give you the perfect golden image. The capture and deploy with FOG is the easy part (kind of). If you want to do more of the advanced stuff like editing the unattend.xml file on the fly it will take some time but I have examples for that.