Archive for May 8, 2014

Can’t access ADMIN$ share using a local user account

Posted: May 8, 2014 in Windows
0

Method 1: Use Audit mode to edit the registry before you use Sysprep on the image

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  1. Start the computer in Audit mode. To do this, press Ctrl+Shift+F3 at the Windows Welcome screen.
  2. Follow these steps to manually edit the registry:
    1. Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list.
    2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type LocalAccountTokenFilterPolicy for the name of the DWORD, and then press ENTER.
    5. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. Exit Registry Editor.
  3. After you configure the Windows installation, use sysprep /generalize /oobe to reseal the image for deployment.

    Note You may only use Sysprep to reseal an image three times. For more information about how to use images to deploy Windows, see the Windows Automated Installation Kit (WAIK) documentation.

Method 2: Edit the registry automatically during an unattended installation

Create an Unattended answer file (Unattend.xml) for unattended installation. This file uses the REG ADD command to edit the registry during the installation. Add the REG ADD command as a RunSynchronous command in the AuditUser pass or in the oobeSystem pass. Or, add the REG ADD command as a FirstLogonCommand in the oobeSystem pass. For example, the REG ADD command line may resemble the following:

 cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

You can also use the REG IMPORT command. However, the .reg file that is to be imported must be available on the system when the command is run. You can use the $oem$ functionality to put the file on drive C.

The REG IMPORT command line may resemble the following:

Cmd /c reg import c:\test.reg

For more information, see the WAIK documentation.

Note The AuditUser pass, the oobeSystem pass, and the FirstLogonCommand pass run at elevated levels. Commands that are scripted during these sections of the unattended installation are run by using full administrative credentials.