DLU and local "Administrator" account

Similar Messages

• Turn off Password never expires on local administrator account

  Hello Experts,
  we have some servers where the Password Never Expires flag is checked , and I am trying to find out a scripting way to uncheck these option so that password expires on the Local administrator account(Not AD Account).
  There are -bor 0x10000 (https://social.technet.microsoft.com/Forums/en-US/e4e96a5e-3b28-4673-8c61-d4abdf8f2426/win-7-setting-the-option-password-never-expires-for-a-specific-local-user?forum=winserverpowershell)
  which turn this option ON.
  But , what is need is exact opposite. I want to turn off the option so that , the password gets expired.
  Thanks,
  -Prashant Girennavar.
  MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  PowerShell example:
  $ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
  $admin = [ADSI] "WinNT://$Env:USERDOMAIN/$Env:COMPUTERNAME/Administrator,User"
  $flags = $admin.UserFlags[0]
  if ( ($flags -band $ADS_UF_DONT_EXPIRE_PASSWD) -ne 0 ) {
  $flags = $flags -band (-bnot $ADS_UF_DONT_EXPIRE_PASSWD)
  $admin.UserFlags = $flags
  $admin.SetInfo()
  Retrieve UserFlags (bit array), and if the bit is set, clear it. Reassign UserFlags with cleared bit, and write the change.
  -- Bill Stewart [Bill_Stewart]

• How to unlock local administrator accounts

  Hi all,
  I have a XP machine that is a member of Win2008 domain and the local
  administrator account is locked out
  whenerver i restart xp machine automaticaly locked out admin accounts.
  how to unlock the xp or windows 7 machines local admin accounts over gpo.
  Regards,
  Udaiyar

  How to unlock local administrator account
  Using CMD (Adminstrator)First
  you’ll need to open a command prompt in administrator (Ctrl + X + A in Windows 8).
  Then, run the following command to unlock the account.
  net user administrator /active:yes
  Then, log out and you’ll now see the Administrator account as a choice.
  To lock this account again, type
  the following command:
  net use administrator /active:no
  http://www.suctips.com/2014/02/how-to-enable-local-administrator.html

• Really confused here. I have somehow created both a managed account and an administrator account. The admin acct is now highlighted in system preferences. We are now blocked from using our computer because parental controls keeps popping up.

  In attempting to add a music lesson program for my daughters band lessons we have messed up our computer. I now have both a managed account and an administrator account (both in my name).  It is using the managed account now and not letting use the Internet because parental controls keep popping up. I would like to delete the managed account and get back to the admin account but I have no idea what my login is for the admin account. We have never had to use it before this problem started and what we thought it was when we set it up does not work. Any ideas?

  If the user account is associated with an Apple ID, and you know that account password, the Apple ID can be used to reset your user account password.
  Otherwise, boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar.
  In the Terminal window, type this:
  resetpassword
  That's one word with no spaces. Then press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select  ▹ Restart from the menu bar.
  You should now be able to log in with the new password, but you won't be able to unlock the Keychain. If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it. You’ll need to reset your keychain in the preferences of the Keychain Access application.

• I need help, How could I add Aliases to Local Administrator account via terminal commands???

  I need help, How could I add Aliases to Local Administrator account via terminal commands???
  I want to use commands to add alias for existing administrator account remotly by using ARD.
  Thanks.

  Hi,
  a Windows Domain Controller does not have any local user or groups. So you might add the user to the admin group at Domain level.
  B RGDS,
  Gregor
  Edited by: Gregor Gasper on Jan 9, 2009 1:44 PM

• Windows 7: Trust Relationship Error - Local Administrator Account Locked.

  I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".
   I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it.  When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't.  After a
  few tries I got a different message that said that the account was locked.  No idea how this could have happened.  Every other local account was locked as well.
  I checked the AD on our 2003 server and I didn't see anything out of the norm.  The computers were in the correct OU, and were not disabled in anyway.  I searched online for a solution, but they all required me to be able to log on to the local
  admin, which is disabled.  
  I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .
   It told me that the change had been made, but when I reboot it still shows the local account as disabled.
  Any suggestions would be greatly appreciated.  
  Edit: It is Windows 7 Professional x64 

  I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just
  seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have
  seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.

• Msiexec /qn fails when its not run using the built-in local administrator account

  Hello all,
  I am working on a project where I am trying to automate the deployment of VMs through a self-service portal.
  Among other tasks such as clone VM, sysprep it, assign an IP, create AD computer object, join VM to domain and so on..., i need to install a few applications using msiexec, which is driving me crazy...
  For this purpose, I am using a local user account part of the administrators group.
  Please note, UAC is disabled on all the OS.
  Basically, the msi installation works as expected on Windows 7 machines, however on Windows 8/2012, it fails due to lack of permissions. The curious thing is that if I use the built-in\administrator account instead for the deployment on those systems, the
  application is installed correctly.
  I have tested some things such as: DisableMSI (http://msdn.microsoft.com/en-us/library/aa368304%28v=vs.85%29.aspx), but although it progresses a bit further, it keeps failing.
  Does anyone know what I can do to allow an user part of the administrators local group to be able to install using msiexec /qn?
  Thanks in advance.

  Hi,
  Does it work if you use the account in local admin, and run the commands prompt as administrator to install the msi file? Please know that Only the built in administrator account has admin privilege by default. On other admin accounts you need
  to run with elevated privilege (ie runas).
  I would like to know if you use SCCM to perform your deployment with task sequence.
  As I known, even if you disable UAC, the following policy is still enabled to detect application installation.
  Computer configuration\Windows settings\Security Settings\Local
  Policies\Security Options -> User Account Control: Detect application installations and prompt for elevation policy
  Please disable this policy to see if your issue can be fixed. 
  Kate Li
  TechNet Community Support

• Zen 3.2 DLU and Local profiles

  We're a high school and DLU has been great in the labs, because we don't
  want students to alter any local settings such as wallpaper, etc. Works
  great. For teachers and staff, I have begun disabling workstation manager
  and setting them up with a static local account so they can have more
  flexibility in their local settings. I don't want to do anything with
  roaming profiles. Is there a way to setup workstation manager (in Zen 3.2)
  to basically create a NON-volatile local user the first time through, and
  then to authenticate through and manage that account going forward? Is it
  just a matter of checking "Manage existing account" and unchecking
  "volatile user" in the user package??
  Thanks - Eric

  Yes but..............
  Any existing Volatile DLU accounts will remain volatile.
  The Volatile/Non-Volatile nature of an account is determined upon creation.
  [email protected] wrote:
  > We're a high school and DLU has been great in the labs, because we don't
  > want students to alter any local settings such as wallpaper, etc. Works
  > great. For teachers and staff, I have begun disabling workstation manager
  > and setting them up with a static local account so they can have more
  > flexibility in their local settings. I don't want to do anything with
  > roaming profiles. Is there a way to setup workstation manager (in Zen 3.2)
  > to basically create a NON-volatile local user the first time through, and
  > then to authenticate through and manage that account going forward? Is it
  > just a matter of checking "Manage existing account" and unchecking
  > "volatile user" in the user package??
  > Thanks - Eric

• SCCM 2012 R2 CU3 - Drivers Not Installing, Local Administrator Account Disabled

  After PXE OSD for a Thick Image of Win 7 x64 Ent completes, several Task Sequence steps are not complete. Namely, 3 device drivers are missing (NIC, SM Bus and some other chipset driver), the built-in Administrator Account is disabled and it's not Domain
  joined.
  I have already re-created the thick WIM twice. It was built in a VMware VM then captured with SCCM Capture Media. The NIC is a Realtek and I have downloaded the most recent version of the drivers from HP's site and added them to a driver package which is
  deployed. I even added several older drivers to my Boot Image and created to 2 steps to add drivers in the Task Sequence - one automatically installs the best drivers, the other installs a package with 7 NIC drivers. When I get the error during PXE OSD, I
  press F8 and the machine has an IP address and the driver for the NIC appears to be correct. Upon rebooting, Windows completes setup but the Administrator Account is not enabled and the NIC driver is missing, etc.
  Here is the portion of the log where errors begin to show up (from D:\SMSTSLog). Any help is GREATLY appreciated!!
  !--------------------------------------------------------------------------------------------!    TSManager    11/18/2014 1:06:57 PM    872 (0x0368) Expand a string: WinPE    TSManager  
   11/18/2014 1:06:58 PM    872 (0x0368) Executing command line: OSDApplyOS.exe /data:XXXXX0001A,%OSDDataImageIndex%    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Command line for extension
  .exe is "%1" %*    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) Set command line: "OSDApplyOS.exe" /data:XXXXX0001A,1    ApplyOperatingSystem    11/18/2014
  1:06:58 PM    1040 (0x0410) Searching for next available volume:    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410)   Volume C:\ has already used.    ApplyOperatingSystem  
   11/18/2014 1:06:58 PM    1040 (0x0410)   Volume D:\ has already used.    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410)   Volume E:\ is not a XXXXX hard drive.  
   ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410)   Volume X:\ is not a XXXXX hard drive.    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) it
  != volumes.end(), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installcommon.cpp,519)    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) There are no more volumes available
  for use.    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) GetNextAvailableVolume(allowFAT, volume), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\installcommon.cpp,651)  
   ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) The requested target could not be resolved to a valid volume on this computer. Check your task sequence to ensure this drive is correct and that it is being
  created The parameter is incorrect. (Error: 80070057; Source: Windows)    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) ResolveTarget( g_Target, g_InstallType == InstallType_DataImage, targetVolume
  ), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\applyos\applyos.cpp,483)    ApplyOperatingSystem    11/18/2014 1:06:58 PM    1040 (0x0410) Process completed with exit code 2147500037  
   TSManager    11/18/2014 1:06:58 PM    872 (0x0368) !--------------------------------------------------------------------------------------------!    TSManager    11/18/2014 1:06:58 PM  
   872 (0x0368) Failed to run the action: Apply Data Image 1. Unspecified error (Error: 80004005; Source: Windows)    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) MP server http://XXXXSCCM12.XXXXX.XXXXX.
  Ports 80,443. CRL=false.    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Setting authenticator    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Set authenticator
  in transport    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Sending StatusMessage    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Setting message signatures.  
   TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Setting the authenticator.    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) CLibSMSMessageWinHttpTransport::Send: URL:
  XXXXXSCCM12.XXXXX.XXXXX:80  CCM_POST /ccm_system/request    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Request was successful.    TSManager    11/18/2014 1:06:58 PM  
   872 (0x0368) Set a global environment variable _SMSTSLastActionRetCode=-2147467259    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Set a global environment variable _SMSTSLastActionSucceeded=false  
   TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Clear XXXXX default environment    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Let the parent group (Install Operating
  System) decides whether to continue execution    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) The execution of the group (Install Operating System) has failed and the execution has been aborted. An action
  failed. Operation aborted (Error: 80004004; Source: Windows)    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Failed to run the last action: Apply Data Image 1. Execution of task sequence failed. Unspecified
  error (Error: 80004005; Source: Windows)    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) MP server http://XXXXXSCCM12.XXXXX.XXXXX. Ports 80,443. CRL=false.    TSManager    11/18/2014
  1:06:58 PM    872 (0x0368) Setting authenticator    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Set authenticator in transport    TSManager    11/18/2014 1:06:58
  PM    872 (0x0368) Sending StatusMessage    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Setting message signatures.    TSManager    11/18/2014 1:06:58 PM  
   872 (0x0368) Setting the authenticator.    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) CLibSMSMessageWinHttpTransport::Send: URL: XXXXXSCCM12.XXXXX.XXXXX:80  CCM_POST /ccm_system/request  
   TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Request was successful.    TSManager    11/18/2014 1:06:58 PM    872 (0x0368) Executing command line: X:\WINDOWS\system32\cmd.exe
  /k    TSBootShell    11/18/2014 1:07:38 PM    764 (0x02FC) The command completed successfully.    TSBootShell    11/18/2014 1:07:38 PM    764 (0x02FC) Successfully launched
  command shell.    TSBootShell    11/18/2014 1:07:38 PM    764 (0x02FC) Execution::enExecutionFail != m_eExecutionResult, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,923)  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Task Sequence Engine failed! Code: enExecutionFail    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) ****************************************************************************  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Task sequence execution failed with error code 80004005    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Cleaning Up.  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Removing Authenticator    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) shKey.DeleteValue( c_szRegValue_SecurityToken ),
  HRESULT=80070002 (e:\nts_sccm_release\sms\framework\ccmutillib\ccmutillib.cpp,1660)    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Cleaning up task sequence folder    TSManager  
   11/18/2014 1:07:43 PM    872 (0x0368) Unable to delete file D:\_SMSTaskSequence\TSEnv.dat (0x80070005). Continuing.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) hr, HRESULT=80070091
  (e:\nts_sccm_release\sms\framework\core\ccmcore\ccmfile.cpp,1218)    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Failed to delete directory 'D:\_SMSTaskSequence'    TSManager    11/18/2014
  1:07:43 PM    872 (0x0368) (dwRet = ::SetNamedSecurityInfoW ((WCHAR*) pszObjectName, objectType, OWNER_SECURITY_INFORMATION, pOwnerSID, NULL, NULL, NULL)) == ERROR_SUCCESS, HRESULT=80070005 (e:\qfe\nts\sms\framework\tscore\utils.cpp,6675)  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) SetNamedSecurityInfo() failed.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) SetObjectOwner() failed. 0x80070005.  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) SetObjectOwner (szFName, SE_FILE_OBJECT, c_szAdministrators), HRESULT=80070005 (e:\qfe\nts\sms\framework\tscore\utils.cpp,6772)    TSManager    11/18/2014
  1:07:43 PM    872 (0x0368) RemoveFile() failed for D:\_SMSTaskSequence\TSEnv.dat. 0x80070005.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) RemoveDirectoryW failed (0x80070091) for D:\_SMSTaskSequence  
   TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ...    TSManager    11/18/2014 1:07:43 PM    872
  (0x0368) DeleteFileW(sVolumeIDFile.c_str()), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,508)    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Deleting volume ID file D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca
  ...    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) DeleteFileW(sVolumeIDFile.c_str()), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,508)    TSManager    11/18/2014
  1:07:43 PM    872 (0x0368) Successfully unregistered Task Sequencing Environment COM Interface.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Command line for extension .exe is "%1"
  %*    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Set command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister    TSManager    11/18/2014 1:07:43 PM  
   872 (0x0368) Executing command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) ==========[ TsProgressUI started in process 1980 ]==========  
   TsProgressUI    11/18/2014 1:07:43 PM    624 (0x0270) Command line: "X:\sms\bin\x64\TsProgressUI.exe" /Unregister    TsProgressUI    11/18/2014 1:07:43 PM    624 (0x0270)
  Unregistering COM classes    TsProgressUI    11/18/2014 1:07:43 PM    624 (0x0270) Unregistering class objects    TsProgressUI    11/18/2014 1:07:43 PM    624 (0x0270)
  Shutdown complete.    TsProgressUI    11/18/2014 1:07:43 PM    624 (0x0270) Process completed with exit code 0    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Successfully
  unregistered TS Progress UI.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) g_TSManager.Run(), HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,766)    TSManager  
   11/18/2014 1:07:43 PM    872 (0x0368) ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\utils.cpp,811)    TSManager    11/18/2014 1:07:43
  PM    872 (0x0368) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) GetTsRegValue() is unsuccessful.
  0x80070002.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) End program:     TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Error Task Sequence Manager failed
  to execute task sequence. Code 0x80004005    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Sending error status message    TSManager    11/18/2014 1:07:43 PM    872
  (0x0368) MP server http://XXXXXSCCM12.XXXXX.XXXXX. Ports 80,443. CRL=false.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Setting authenticator    TSManager    11/18/2014 1:07:43
  PM    872 (0x0368) Set authenticator in transport    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Sending StatusMessage    TSManager    11/18/2014 1:07:43 PM  
   872 (0x0368) Setting message signatures.    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Setting the authenticator.    TSManager    11/18/2014 1:07:43 PM    872
  (0x0368) CLibSMSMessageWinHttpTransport::Send: URL: XXXXXSCCM12.XXXXX.XXXXX:80  CCM_POST /ccm_system/request    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Request was successful.    TSManager  
   11/18/2014 1:07:43 PM    872 (0x0368) Finalize logging request ignored from process 804    TSManager    11/18/2014 1:07:43 PM    872 (0x0368) Process completed with exit code 2147500037  
   TSPxe    11/18/2014 1:07:43 PM    864 (0x0360) Task Sequence Manager returned code 0x80004005    TSPxe    11/18/2014 1:07:43 PM    864 (0x0360) ThreadToResolveAndExecuteTaskSequence
  returned code 0x00000000    TSPxe    11/18/2014 1:07:43 PM    844 (0x034C) ResolveProgressPage::OnWizardNext()    TSPxe    11/18/2014 1:07:43 PM    844 (0x034C) Activating
  Finish Page.    TSPxe    11/18/2014 1:07:43 PM    844 (0x034C) Exiting with return code 0x00000000    TSPxe    11/18/2014 1:07:43 PM    844 (0x034C) Execution complete.  
   TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) hMap != 0, HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentscope.cpp,493)    TSBootShell    11/18/2014 1:07:43 PM  
   768 (0x0300) m_pGlobalScope->open(), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,335)    TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) this->open(), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,553)  
   TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) ::RegQueryValueExW(hSubKey, szReg, NULL, NULL, NULL, &dwSize), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\utils.cpp,811)    TSBootShell  
   11/18/2014 1:07:43 PM    768 (0x0300) RegQueryValueExW is unsuccessful for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram    TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) GetTsRegValue()
  is unsuccessful. 0x80070002.    TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) End program:     TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) Finalizing
  logging from process 760    TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) Finalizing logs to root of first available drive    TSBootShell    11/18/2014 1:07:43 PM  
   768 (0x0300) Successfully finalized logs to D:\SMSTSLog    TSBootShell    11/18/2014 1:07:43 PM    768 (0x0300) Cleaning up task sequencing logging configuration.    TSBootShell  
   11/18/2014 1:07:43 PM    768 (0x0300)

  Thank you for the reply, you're right the problem is with an image being applied, but not the OS image.
  The issue is that for some reason, there were 2 images captured and SCCM automatically created a step for both. Image 2-2 is the valid Windows image, but image 1-1 clearly has some issues. I disabled the that step in the Task Sequence and it installed drivers
  and completed the rest of the Task Sequence!

• Using administrator and non administrator accounts - questions

  I have been looking around re security for my iMac - newly updated to Snow Leopard.  I am not very savvy re much of computer things.  I just found a pdf entitled Mac OS X Security Configuration.  It recommended having a standard nonadministrator account as well as an administrator account.  When I first set up my iMac in Leopard coming from a pc, I had telephone support for my first three years and used it when I ran into some issues.  During that time following directions from different support people I have ended up in Systems Preferences "Accounts" having 5 different accounts - one "Administrator", one "Login only" entitled "Guest Account",  and three Standard [one entitiled with my name and the other two "TEST1" and "TEST2"].  When I am in the "accounts" window in Systems Preferences, my "Administrator" account is selected, but I cannot select any of the others.
  I am thinking from what I read in the article that I should probably delete the three "standard" accounts so I am left with the "Administrator" and "Guest" accounts. And then when my computer turns on, it will use my "Guest" account.  Would you agree?  Right now when I want to get back in after my computer went to sleep, I have to enter my password.  Would this not be required if I am in the "Guest" acccount?
  Two questions:
  (1)  I don't know how to delete those accounts - if, in fact, I should. 
  (2)  How and when will I use the two accounts that are left when the computer turns on?

  1.  You can delete the Test1 and Test2 accounts if you log into your Administrator Account. Once in your Admin Account, open System  Preferences > Users & Groups and you will see and be able to delete the Test1 & Test2 accounts.
  2.  Leave your Guest account for, well, guest users.  Do not use it in the normal course of events.  When you log out of the Guest account, all the settings, caches, etc. are wiped, as are all files and folders that you may have saved in the Guest account home folder.  The Guest account is truly designed only for temporary, guest use.
  3.  Leave your Administrator account for use only for installing programs, doing system administration, managing accounts, etc.
  4.  User your named account as your regular account.  It appears to already be a User account.  The primary limitation is you cannot install programs in a regular User account.  This actually helps protect your Mac from viruses and other malware that would need to install software in order to corrupt your system.
  5.  You can turn off the need to enter a password when your computer sleeps in System Preferences > Security & Privacy > General.  UNcheck the option called "Require password for sleep and screen saver."

• APIM Delegation and the Administrator account

  When using the Delegation feature (delegating sign-in and sign-up), are there any special requirements for handling the Administrator account?
  The Administrator user has already been added to the developer portal (when the APIM instance is initially created) – that user (ID = “1”, name = “Administrator”, email=”whatever was provided when the APIM instance was created”) isn’t a registered user in
  my  delegated identity service.  So there are a few operations that don’t work in the portal.  For example, when logged in to the developer portal as Administrator and navigating to the profile page, what is supposed to happen when clicking
  the “Change account information” button?  Should that button even be available for the Administrator when using delegation?

  Miao,
  That is exactly how I am logging in...so once the Administrator logs in (via Azure Portal -> Launch Management Console -> Go to Developer portal), what should happen when the Administrator clicks on "Administrator -> Profile -> Change Account
  Information" (on the Administrator profile page in the developer portal) when delegation is enabled?
  Should that button be visible at all on the Profile page when delegation is enabled and the current user is the Administrator?

• AD and Local Network accounts take three attempts to log in successfully

  Our lab's Mac Mini server is running a patched-up 10.9 + OS X Server (though this problem has persisted since 10.7)
  Our server is 'local' to our laboratory and serves 4-5 machines, 10-15 people.
  The server (and the connected machines) are bound to the college's Active Directory server.
  We have a 'Local Network' group  (called FlipLab) on the Server that contains laboratory members from the AD server.
  The lab client machines are set to only allow network logins from that group. We also have an occasional 'visiting' scholar who doesn't have a college-wide AD account, so we set them up as a 'Local Network' user and add them to the FlipLab group so they too can log in to the lab's machines.
  About 75% of the time, a user logging into a lab machine take three attempts to get logged in successfully. We've noticed that they don't need to re-type the password or username each time, just once and hit 'enter/return' three times in the password field. It never takes two tries- only either one (very rarely, usually after successfully logging in earlier in the day) and more commonly three tries.
  This doesn't seem to happen with file sharing (though I think one of the guys has noticed an occasional problem logging in to a SMB share from a Boot Camp'd machine). It isn't a problem w/ Time Machine backups either. BUT We recently noticed that even the 'Local Network' users (e.g. belong to the FlipLab group but don't have AD credentials) occasionally have this problem. Hitting 'return' three times in the password field gets you logged in though in any case (well, assuming you have your password correct).
  I've tried moving around the directory search order on the client machines, but not in a systematic-enough way.
  Since we can get logged in this isn't the worst problem ever. But I'd like to be able to figure out what is going on - and maybe learn something about configuring it in the process.

  Thanks- good observation.
  Unusual, perhaps, but it is what we need in our setting. And- allegedly this is supported / encouraged based on my understanding of the OS X Server docs. I don't have any control over the AD server (since it's in the university-level IT management's hands) but I -do-, of course, have control over my own server. So I just want to use their authentication (and save my students / lab folk the trouble of having multiple logins, etc).
  You make a good point / observation / point-of-debuggery. Indeed, if I set the client machines to use -only- the main campus AD server (and thus allow logins from everyone on campus) it works first time. So it is some interesting interaction betwixt the Mac OS Server and the client methinks. In fact, across campus, all the 'public' machines are simply bound to the AD server and you can just log in that way.

• My login widow shows both user account and system administrator account . how do i not show the root account on my MBP i have upgraded to mountain lion

  my log in window shows btoh my user account and the system administrator (root) acount. how do i not show the system accout on the log in window?

  I think you need to disable the root user assuming you have it enabled.
  Navigate thus;
  /Applications/Utilities/Directory Utility
  ...and then.....
  Edit>Disable Root User

• Built-in Admin and local admin accounts can not logon locally

  When I attempt to logon locally to a Windows 7client as the built-in administrator or local admin I receive the message "You can not logon because the logon method you are using is not allowed on this computer"
  I can logon as a network administrator.  I run gpedit.msc to see the current group policy.
  Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Allow log on locally is set to EVERYONE, Administrators
  Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Deny log on locally is set to NONE
  This makes no sense as to why the local admin or built admin cannot logon.

  Hi,
  What is the network environment? Are you in a domain? Group Policy processing has a precedence, local GPO has the lowest priority, please make sure that it's not overwritten by other GPOs.
  After setting the policy, make sure to run gpupdate /force to update the policy.
  Does this issue happen only on this specific computer? Another situation is that the profile is corrupted, delete the profile and recreate one, and check if it works.
  Yolanda Zhu
  TechNet Community Support

• Whats the differene between a standard account and an administrator account

  Can someone explain to me the difference between these two accounts please. Also I wonder if theres a way to stop the guest account deleting files on exit.

  Admin accounts can install and remove applications, Standard accounts can not. The Guest account is designed to delete files on exit, that is because it is a Guest account.
  You MUST have at least one Admin account.