Group Policy refresh after a task sequence has completed

Similar Messages

• "The task sequence has been suspended" when using a conditional task sequence

  I'm getting the dreaded "The task sequence has been suspended. LiteTouch has encountered and Environment Error (Boot into WinPE!)" when using a conditional task sequence. 
  I've created a "Install Application" task  right before the "Restart Computer" in the postinstall phase. The task installs a Dell Bios update.  I've added two WMI conditions on the task, to match it with the correct model and to check that the
  bios not current.  This works very well, except for a strange issue.  When the computer reboots into WinPE, I get the error above.  The message stays for about 30 second and then disappears.  After that the computer reboots into Windows
  7, runs the Bios Update and throws up a similar message but with the addition of Use the desktop shortcut to resume.  (however there is no shortcut).  The message disappears after a while and the process stops there. If I reboot
  manually, the installation will continue and finish without any error. It's as if a LTIsuspend.wsf was inserted.
  Does anyone have any clue what's happening?

  Thanks for the answers, but I finally figured it out.  The problem was due to where I had inserted it during the deployment sequence.  The bios update task sequence was attempting to run in WinPE.  I moved the sequence to the state restore
  section and now it's working perfectly.  I was trying to run the update earlier during the installation sequence, as was recommened by Dell, but that doesn't appear to be feasible.  This will have to do.

• "The task sequence has been suspended. LiteTouch is trying to install applications. This cannot be performed in Windows PE."

  MDT 2012 Server is up and running. I mistakenly deleted a Task Sequence step called "Install Application" that I thought was not needed (I know I should have disabled it and tested).
  I have a problem now, when I went to image a computer I did not get application list (This used to work before I deleted the above TS step) with items to check and uncheck for installation.  "Install Application" TS was readded but now when I try to
  image I get this error:
  "The task sequence has been suspended. LiteTouch is trying to install applications. This cannot be performed in Windows PE."
  I've tried moving it to different positions on the list (Higher and lower) to no avail, I always get the same error. Please advise.
  -Thanks in advance!

  On the computer you are deploying to "the client", boot into WindowsPE just like you are going to image and before you authenticate or
  get any dialogue boxes, press F8 in WindowsPE to get command prompt and type the following:
  diskpart
  list disk
  select disk 0
  list part
  select part 1
  clean
  create part primary
  assign
  active
  exit
  Please mark this as the answer if it works.
  You are awesome this worked for me I didn't see how I was going to get my new computer to reimage again Thank you sooooooooooooo much!!!

• Group Policy - Computer preference - Schedule task creation

  Hello,
     We are getting error while applying schedule task creation GPO (from Windows 2012) to system windows 2008 R2.
  Group Policy object did not apply because it failed with error code '0x80041316 The task XML contains an unexpected node.' This error was suppressed.
  As recommended in many threads, we have made the settings to run the schedule task with user which is "NT Authority\System" (selected user manully from Damain -> Building group -> System).  After changing, we observe that task is getting
  created but we keep on getting warning messages in event viewer. In GPO ->  schedule task -> setting is to "update" schedule task (not create or replace).
  Below is excerpt from traces file while applying GP.
  -------2015-02-11 09:41:22.976 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] Read GPE XML data file (3146 bytes total).
  2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.070 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Properties handled. [ hr = 0x80041316 "The task XML contains an unexpected node." ]
  2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Error suppressed. [ hr = 0x80041316 "The task XML contains an unexpected node." ]
  2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Completed get next GPO. [SUCCEEDED(S_FALSE)]
  2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{AADCED64-746C-4633-A97C-D61349046527}"
  2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] Purged 2 old RSoP entries.
  2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] Logging 2 new RSoP entries.
  2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] RSoP Entry 0
  2015-02-11 09:41:23.117 [pid=0x35c,tid=0x934] RSoP Entry 1
  2015-02-11 09:41:23.117 [pid=0x35c,tid=0x934] Completed get GPO list. [SUCCEEDED(S_FALSE)]
  Any input will be helpful.
  Thank you.

  Hi Martin,
    Please find it below
  <?xml version="1.0" encoding="UTF-8"?>
  -<ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}">-<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" removePolicy="0" userContext="0" uid="{1E0044F0-305A-48ED-A432-DDF4E5AB50BC}"
  changed="2015-02-11 09:07:27" image="2" name="AssetExplorer">-<Properties name="AssetExplorer" logonType="S4U" runAs="NT AUTHORITY\System" action="U">-<Task version="1.2">-<RegistrationInfo><Author>domain2\useradmin</Author><Description>Asset
  Explorer</Description></RegistrationInfo>-<Principals>-<Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>S4U</LogonType><RunLevel>LeastPrivilege</RunLevel></Principal></Principals>-<Settings>-<IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>P1D</ExecutionTimeLimit><Priority>7</Priority></Settings>-<Triggers>-<CalendarTrigger><StartBoundary>2015-02-05T23:00:00</StartBoundary><Enabled>true</Enabled>-<ScheduleByDay><DaysInterval>1</DaysInterval></ScheduleByDay><ExecutionTimeLimit>P1D</ExecutionTimeLimit></CalendarTrigger></Triggers>-<Actions
  Context="Author">-<Exec><Command>\\domain\NETLOGON\Global\mycommand.cmd</Command></Exec></Actions></Task></Properties></TaskV2> -<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}"
  removePolicy="0" userContext="0" uid="{0C27559B-07A6-4F36-A400-0D769B62BE93}" changed="2015-02-11 09:16:50" image="2" name="AssetExplorer">-<Properties name="AssetExplorer" logonType="S4U"
  runAs="NT AUTHORITY\System" action="U">-<Task version="1.1">-<RegistrationInfo><Author>domain2\useradmin</Author><Description>Asset Explorer</Description></RegistrationInfo>-<Principals>-<Principal
  id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>S4U</LogonType><RunLevel>LeastPrivilege</RunLevel></Principal></Principals>-<Settings>-<IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>P1D</ExecutionTimeLimit><Priority>7</Priority></Settings>-<Actions
  Context="Author">-<Exec><Command>\\domain\NETLOGON\Global\mycommand.cmd</Command></Exec></Actions>-<Triggers>-<CalendarTrigger><StartBoundary>2015-02-05T23:00:00</StartBoundary><Enabled>true</Enabled>-<ScheduleByDay><DaysInterval>1</DaysInterval></ScheduleByDay><ExecutionTimeLimit>P1D</ExecutionTimeLimit></CalendarTrigger></Triggers></Task></Properties></TaskV2>
  </ScheduledTasks>

• Task Sequence has failed with error code: 0x80070570

  I've created task sequence for Windows XP OS Deployment. WinPE boot image loads successfully, Partitions are formatted successfully too. But during "Applying image 1 from volume C:\" I receive following error:
  Task Sequence: My_task_sequence_name has failed with error code: 0x80070570.
  What I need to do? Any ideas? (My computer has following details: ASUS P5KSE motherboard, Core 2 Duo, SATA HDD, Atheros L1 adapter)

  No, a build and capture task sequence automates the build of the image removing any and all human intervention so that rebuilding or refreshing an image becomes a simple matter. Building images by actually manually installing Windows is anti-IT.
  File corruption can be caused by many, many things; e.g., anti-virus, physical disk errors, network transmit errors, etc.
  Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

• MDT 2012 - Task Sequence Not Completing

  I'm a complete novice with MDT 2012, but I have had pretty good luck getting a deployment for Server 2008 R2.
  I have a reference system, and I do a very vanilla sysprep and capture using the template task sequence with no changes.
  My deployment has a few app installs and other configuration items, but nothing too exotic.
  My problem is this: during deployment, after applying the system from WinPE, I perform the final reboot. At this point, the expected action is for an autologon to take place, and for the local Administrator account to run c:\Litetouch.vbs, which does some final
  cleanup and a few tasks that require the target system to be running.
  This isn't happening on my system. And a look at the registry shows that the autologon stuff has not been set up, so it won't ever happen. It's not a matter of having an incorrect account, or a count of 0, none of the autologon registry keys are even present.
  In trying to solve this (I believe it worked when I first started!) I've stripped down my deployment to a pair of task sequences that have no customization
  at all in either the capture or the deployment task sequences, and still no luck. So I believe that something has changed in my reference system - but I unfortunately can't roll back.
  What is driving me a little nuts is that I can't tell when that autologon information is supposed to be inserted in the registry. There is code in Litetouch.wsf that appears to do it, in function PopulateAutoAdminLogon, but I can't come up with a scenario in
  which this function gets called. I am guessing that perhaps sysprep does it when creating the WIM, but I can't seem to find good information on that.
  I've done a lot of searching on this, and unfortunately the answer space is cluttered with people who have a similar sounding but completely different problem - they want their deployed system to do an autologon, and after deployment their system comes up with
  the logon screen instead of doing what they want. I've seen a few people post similar problems to mine, but nobody has received an answer. This one is pretty close, it suggest I might have a group policy item that disables the local admin account, but I don't
  think it hits the mark for me.
  http://social.technet.microsoft.com/Forums/en-US/mdt/thread/e625aa88-2415-4a2a-9e79-ac6b37119c27
  So in a nutshell: when deploying a system using MDT 2012, at what point do the autologon items from unattend.xml stuffed into the registry for use after state restore/reboot in the task sequence? And what can go wrong with that?
  - Mark

  Same here, can't find any solution though. Did you ever work it out? 

• Need to Trigger a Program in ECC after the DSO load has completed

  HI Experts,
  I have scenario where i need to trigger a Program in ECC after the load to DSO has been completed successfully. Basically opposite of the everyday scenario.
  Can i still use the  the RSSM_EVENT_RAISE FM in the program to call the event in ECC.
  If the above is true.Do i need to have code in the program to confirm the DSO has been loaded or can i just have the program (which basically calls the FM RSSM_EVENT_RAISE) appended to the process chain after the DSO Activation?
  Appreciate your advice

  Hi,
  To help future proof your solution, lean towards using the process chain as much as possible.
  A "Green/Success" only link from the DataStore Activation process variant to an ABAP Program process variant will work nicely. It will also still allow your program to be executed by other scenarios (like manually because you want the event raised now without any dependency on the DataStore status).
  SAP now recommends you use the CL_BATCH_EVENT class and it's methods to interact with the system events. Use transaction SE24 to review the methods and parameters available and then use the sample code below to test your solution.
  Here is a starting point for coding that is used within an ABAP Program process variant in a process chain.
  Use transaction SE38 to store this code to be called by the ABAP Program process variant.
  constants:
    c_interrupt_eventid   type btceventid  value '[Event]',
    c_interrupt_eventparm type btcevtparm  value '[Parameter]'.
  data:
    l_interrupt_eventid   type btceventid value c_interrupt_eventid,
    l_interrupt_eventparm type btcevtparm value c_interrupt_eventparm.
  call method cl_batch_event=>raise
    EXPORTING
      i_eventid                      = l_interrupt_eventid
      i_eventparm                    = l_interrupt_eventparm
    EXCEPTIONS
      excpt_raise_failed             = 2
      excpt_server_accepts_no_events = 3
      excpt_raise_forbidden          = 4
      excpt_unknown_event            = 5
      excpt_no_authority             = 6
      others                         = 1.
  if sy-subrc <> 0.
    message e051(rsar) with 'Failed to raise background event.' c_interrupt_eventid c_interrupt_eventparm.
  endif.
  Note: The error message is process chain friendly and will appear in the RSPC transaction GUI and system logs.
  Hope this helps,
  John.

• How do i connect to a wifi network after my time capsule has completed its auto setup.

  Let me start by saying I contract overseas currently in Afghanistan. Ok so I have over 10 networks in my area and can not connect to a router with ethernet cable. When it does the auto setup it finds the network sometimes but doesn't stay up long enough for me to enter my password. I just dont know how or where to manually set up my network. I also dont know what information i need. I dont have access to any of the routers so this might not even be possible.
  Thanks Dan

  Unfortunately, the Time Capsule, and AirPort Extreme do require an Ethernet connection when they are connected to a 3rd party wireless network.
  It is a bit goofy....and I don't know if it will work in your particular situation.....but here is what I do when am traveling and I want to set up a private wireless network in my room......and the hotel only provides a wireless connection. I travel with an AirPort Express and another AirPort router....two devices.
  One AirPort Express is configured to "Join a wireless network", so it receives the wireless signal from the hotel. That same Express then feeds an Ethernet signal from its LAN port to the WAN port on another AirPort router, which is set up to "create a wireless network".
  So, I can set up my own private network in the room and connect from multiple devices....wireless or wired...and only pay for one connection.

• MDT 2013: Wizard Pages by Task Sequence

  Hi,
  I believe what I am trying to do is not possible from previous readings on this forum, BUT then I see something in my MDT 2013 OSD wizard that seems to indicate there might be a way to get it done. So here goes.
  For my own demos, I am trying to develop a deployment share that is much like Johan Arwidmark's hydration kit. Some machines, like a domain controller or a SQL cluster are all well-defined: computer names, IP addresses, etc. are fixed and can be set
  in customsettings.ini or in the Task Sequence with variables. However, I would also like the ability to have to deploy a "generic" machine where I can select roles, applications, etc.
  This would require having different wizard pages shown for different task sequences. From what I've read, this may not be possible without developing a custom wizard (and that might be too much effort). However, I currently have two task sequences and depending
  on which one I select, I see a different number of steps to complete? See screenshots. I don't know what I have currently configured that makes it like that.
   (when I select "Domain Controller 01" task sequence) (Task sequence ID "DC01")
   (when I select the "generic" task sequence)
  Below is my customsettings.ini [the only rules file I have].
  [Settings]
  Priority=TaskSequence,Default
  [Default]
  _SMSTSORGNAME=Demo Deployment
  OSInstall=Y
  SkipCapture=YES
  SkipAdminPassword=YES
  AdminPassword=P@ssw0rd!
  SkipProductKey=YES
  SkipComputerBackup=YES
  SkipBitLocker=YES
  EventService=http://192.168.232.1:9800
  SkipUserData=YES
  SkipTaskSequence=NO
  SkipTimeZone=YES
  SkipBitLocker=YES
  SkipSummary=YES
  SkipFinalSummary=NO
  FinishAction=SHUTDOWN
  SkipLocaleSelection=YES
  HideShell=YES
  [DC01]
  _SMSTSORGNAME=DC01 Deployment
  SkipComputerName=YES
  OSDComputerName=DC01
  SkipDomainMembership=YES
  JoinWorkgroup=DEMO
  SkipRoles=YES
  I would expect the settings for task sequence "DC01" to be applied after I select that task sequence in the wizard. That doesn't seem to work. The first task in the sequence is a "Gather" task that gathers local data and processes customsettings.ini.
  I understand I can't override most settings from [Default] because they would have already been processed but as you can see, that's not what I am actually trying.
  I am not opposed to having multiple rules files if that would work. However, it seems like that doesn't make much difference when it comes to actually seeing different wizard steps active. I've tried adding a second customsettings_dc01.ini file and having
  a Gather step that specifically references that file in the "Initialize" group.
  I've considered some alternatives to making it work this way, such as having multiple deployment shares and "linking" them (although I haven't done this before) so I wouldn't have to copy all the applications.
  I would also set the computer name and all in the task sequence using variables, but that still doesn't address the problem.
  Any insight is appreciated,
  SA.

  SpeedBird186 - There are several assumptions going on here.
  1. by default MDT processes the CS.ini file *before* the wizard, and *after* the Task sequence has started. If you want CS.ini file to be processed just *after* you select your TS in the wizard, use Johan's trick above.
  2. There are about 20 different wizard pages, and they don't appear in *all* scenarios. the wizard framework will attempt to do an intelligent job of filtering out pages that are not relevant to the scenario at hand. For example, in the graphic above, you
  can see that the OS roles and Features page will appear/disappear. This can happen for example if the task sequence you selected earlier does or does *not* have a "OS Roles and Featrues" step in the Task sequence.
  3. For me, the easiest way to process roles would be to create some new "Applications" and to put them in a folder.
  Keith Garner - keithga.wordpress.com

• MDT 2013 Windows 8.1 Task sequence Stops After first Reboot. login

  Hi There,
  The issue I am having is that After the OS gets laid down, and the Windows 8.1 computer reboots, The task sequence does not continue. It fails everytime. There are not any obvious errors that happen in the process that I can see in the logs. But I have
  customized this process quite a bit and I could use some help. We are deploying potentionally to over 30,000 computers.
  The test machine I have been using is the Surface pro 2.
  The interesting part is after a failure is if I start the process over again ,  boots into PE, then run diskpart manually from command prompt to Clean Disk 0, and then reboot and start the MDT task sequence, it will deploy fine.
  I also have a custom step that copies the TS media from the stick to a Recovery partition I create. The user can launch a -re-image or MDT refresh from an Icon/script, which will unhide this "recovery partition", and kick off a lite touch refresh.
  This works succesfully everytime. We have remote locations with very slow links, so MDT over the network or MDT integrated with SCCM is not an option at this time. So this is the solution.
  I am attempting to use MDT 2013 to deploy Windows 8.1 Offline, and using GPT partitions.
  I am using a custom Format and partiition Step, that call the CustomDiskpart.txt script from %deployroot%\Scripts.
  I am also using a Split image, as multi partitioned EFI/NTFS USB sticks are not a possibility for us , also, the USB sticks capable of this are seen by MDT as a "fixed drive" anyways. Which can cause issues in itself. So the LTIAPPLY.wsf has
  been edited to search and apply ther split .swm files.  This works well.
  After the Task sequence failure I have tried launching the Litetouch scripts from the C:\MINNINT folder manually to continue the sequence, but it doesnt  do anything.
  I don't want to always be running Diskpart manually before imaging a new OEM computer. I needa second pair of eyes on this.
  Thank You in advance!

  Hi,
  Thanks Again for taking a look.
  I checked the sysprep log in the image and they look fine. No errors.
  As requested here are some logs. Let me know if I can provide anything else.
  BDD.log
  litetouch.log
  SMSTS.log
  Im not actually attempting to provide a recovery image. What I am doing is leveraging MDT to refresh the computer remotely. We can update the MDT media on the hidden data partition,when required and kick it off remotely. Some of the computers are very
  remote, and without SCCM DP's, plus a combination of slow links and a lack of deskside techs made this a requirement. This works without incident.
  The only issue I have is on a new computer if I run the sequence (offline USB media) it will fail the first time, unless I run a diskpart clean in PE first.. Then it will succeed. Refreshing the computer is fine.

• Trying to use a task sequence to add a computer to a security group

  I am using the following code to try to add a security group to a computer account when I am imaging using MDT 2012.  I get the following errors after the imaging process has completed.  
  Any help would be greatly appreciated.
  Thanks,
  Andy
  Exception calling "InvokeMember" with "5" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:26 char:2
  +     $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  The following exception occurred while retrieving member "Get": "The specified domain either does not exist or could not be contacted.
  " TaskSequencePSHost
  03/24/2015 8:45:31 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:30 char:2
  +     $strDomainPath = $ORoot.Get("defaultNamingContext")
  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  NotSpecified: (:) [], ExtendedTypeSystemException
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  Exception calling "Execute" with "1" argument(s): "An invalid directory pathname was passed
  " TaskSequencePSHost
  03/24/2015 8:45:32 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:38 char:3
  +         $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  Param(
  [string[]]$GroupNames,
  [String]$Admin,
  [String]$Password
  if($GroupNames)
  [int] $ADS_PROPERTY_APPEND = 3
  #Get the computer DN
  $SysInfo = New-Object -ComObject "ADSystemInfo"
  $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
  $ComputerDN = "LDAP://$UserDN"
  #Get the Domain DN
  $ORoot = [ADSI]"LDAP://rootDSE"
  $strDomainPath = $ORoot.Get("defaultNamingContext")
  #Create ADODB connection
  $oConnection = New-Object -ComObject "ADODB.Connection"
  $oConnection.Provider= "ADsDSOObject"
  $oConnection.Open("Active Directory Provider")
  foreach($groupname in $GroupNames)
  #Get the specefied group
  $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE objectCategory='group' AND  Name='$groupname'")
  If (!$oRs.EOF)
  $strAdsPath = ($oRs.Fields |  Select value ).value
  If($strAdsPath)
  If($Admin -and $Password)
  $objGroup = New-Object DirectoryServices.DirectoryEntry($strAdsPath,$Admin,$Password)
  Else
  $objGroup = [ADSI]$strAdsPath
  $objComputer = [ADSI]$ComputerDN
  #verify if the computer is a member of the Group
  If ($objGroup.ismember($objComputer.adspath) -eq $false) 
  #Add the the computer to the specefied group
  $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
  $objGroup.setinfo()

  If you are using UserID UserDomain UserPassword those variables are base64 encoded.  You could decode them via something similar to this:
  https://social.technet.microsoft.com/Forums/en-US/6c11827f-982d-4fa1-a76d-70a615912d62/mdt-2012-automation-example-of-how-to-use-userdomainuserid-userpassword-in-a-script-move-ou?forum=mdt
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Group Policy Client service failed the sign-in

  After doing an OSD with a Windows 8.1 reference image, I get the "The Group Policy Client service failed the sign-in. The Universal unique identifier (UUID) type is not supported." message. It only shows up on the first very first log in, right
  after the OSD process has completed, and never shows up again. I'm using basic OSD task sequences right now, but I'm not sure where to pinpoint the cause of this message.

  Hi,
  This is only happening when we use the original RTM ISO en_windows_8_1_enterprise_x64_dvd_2791088.iso
  (without any software update), if we instead use the en_windows_8_1_enterprise_x64_dvd_2971902.iso the error is gone.
  Apparently this ISO is updated with the
  Windows 8.1 and Windows Server 2012 R2 General Availability Update Rollup
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• OSD: install software DURING task sequence based upon collection membership

  Hi,
  I'd like to refer to my
  previous post as a starting point.
  Below again the background of my question. But please advise on a powershell script that runs at the end of a task sequence that:
  *enumerates the pc's collection memberships and based upon that lists the software available
  *puts this software in a variable and does the installation DURING the task sequence
  J.
  Background:
  At this time, software in our deployment (of Windows 7) is installed AFTER the task sequence is finished.
  The software is deployed based upon the computer membership of collections (which get their info from AD groups).
  Problem is that users see their pc as finished but don't have all their software. It even takes sometimes more then an hour even when we refresh computer policy after final reboot of the system. That's why we really need a bulletproof solution = installation
  of software DURING task sequence.
  Jan Hoedt

  I found some time to adjust the script. Now I've created something similar for a device. Basically it finds the collections of which the device is a member, finds the targeted applications and creates task sequence variables for those applications.
  See for more information:
  http://www.petervanderwoude.nl/post/install-computer-targeted-application-during-os-deployment-via-powershell-and-configmgr-2012/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• KB2918614 Breaks MDT2012 Update 1 Task Sequence "Install Application" Items on Windows 7 deployments

  Consider the following scenario:
  You have a WDS deployment environment for your enterprise running on Windows Server 2008 R2.
  You use MDT 2012 Update 01 to create a Windows 7 Task Sequence for workstation deployment. 
  The task sequence has an "Install Application" task to install Symantec Endpoint Protection 12.1 RU4 MP1b.
  You either refresh your reference build to incorporate KB2918614 or you publish the update via WSUS and use the Install Updates task in the task sequence prior to the "Install Application" task to install the hotfix. 
  In this scenario, the "Install Application" task starts but never completes. The Symantec installation executable is never called and does not show up in Task Manager. All subsequent "Install Application" tasks exhibit the same behavior.
  No error messages are generated. Eventually the Task Sequence itself times out and moves on to the next task. 
  If you remove update KB2918614 from your reference build or unapprove it from your WSUS server, all "Install Application" tasks in the task sequence execute correctly. 
  Has anyone else experienced a similar issues with deployments? My hunch is that the problem is not specific to the application being installed, and it may also be a problem for environments using SCCM to install Windows 7. I have not had a chance to explore
  this more, so I kept my scenario to the facts that I have directly observed.
  Thanks,
  Rick Reuling
  Walker IT Group, LLC

  Quite the few incorrect assumptions, but thank you for your input. I disagree with your methodology and irrelevant conclusions.
  Problem is quite clearly seen under easily reproducible conditions, which according to your description was not correctly proscribed. No one ever said the patch did not install correctly.
  Whether the root cause is that mainstream third party applications are utilizing Microsoft solution accelerator proscribed methods that a privately reported vulnerability implicated as harmful; and thus the aforementioned patch changed the
  expected behaviour to the detriment of mainstream certified applications in an unattended environment is at fault is up for discussion. Jamal's experience implicates the overall method in not only MDT but also SCCM so there stands a reasonable chance
  that the problem exhibits on a further scale beyond the MDT environment.
  However, as has been documented on a real world basis in the context of actual running environments (in which many do indeed still run Windows 7, much to all our chagrin and your self-declared shock) the issue still exists, and we must decline
  your proposed solution as being appropriate to the described scenario. Your response clearly does not duplicate nor even attempt to recreate the problem space, If you had read clearly you would have seen we had already inserted a reboot in between the Windows
  Update step in the TS and the "Install Application" step. Of course there are many other potential variables, hence why one should be quite careful about declaring an explicit problem or an explicit solution. 
  I believe Mike Niehaus clearly indicated the next step, and Jamal has confirmed the immediate workaround. I will encourage my clients to raise the issue through their EA channel.
  Regards,
  Rick

• Group Policy Preferences - Registry change - time targetting

  I have a customer who wants to change the timeouts etc on a screensaver based on the time of day.
  Users often leave a machine open and on(with Bloomberg info) and work using another machine while they keep an eye on the Bloomberg one.
  The plan is to have these machines running Bloomberg have a long screen timeout during the working day, and then go back to the default screensaver timeout after that so the users don't have to continually enter a password.
  Looking at GPP it needs to be done via a registry change.
  I've created the policy  (screensaver, lock and screensaver on are all set (3 reg updates), then 2 time targeted additional reg updates for the screen saver timeout), but the policy only applies at logon or a forced gpupdate.  It doesn't update when
  the time change occurs.
  If I run a "gpupdate /force" the policy does change based on time.  I have tried a scheduled task for "gpupdate / force" and that didn't apply the change.
  Is GPP registry just not up to the job for time scheduling with a registry change, or am I doing something wrong?
  All machines are Win7 pro x64

  Hi JaseFromLodon,
  To make it work ,we can set this policy to have a check.By default, computer Group Policy is updated in the background every 90 minutes.We can change this time to "0" instead of creating a task schedule and the update will be performed every 7
  second.
  Computer Configuration\Administrative Templates\System\Group Policy \Set group policy refresh internal for computers
  Here is a link for reference
  Group Policy refresh interval for computers
  https://technet.microsoft.com/en-us/library/cc940895.aspx
  For the time range faeture ,I am sorry I didn`t explain the issue clearly .
  Pay attention to the "note " in step 13 of the link as you posted .
  "Make sure you allow for the policy refresh interval (default 90 minutes with a 20% random offset) when configuring the start and end time. This means you might want to start applying the policy 2 hours before the start of business (e.g. 6:30am) to make
  sure all the computers are configured with the Business Hours Power Plan before people login in the morning (e.g. 8:30am)."
  The time targeting feature doesn`t mean the preference settings will be applied according to the specific time we have set .It means the preference settings will be applied to the machines whose time is included in the time range .Please pay attention to
  the explanation of the time range features carefully (the screenshot I have posted).
  Manually "gpupdate /force "will work .I suspect the task schedule hasn`t been set correctly .Please check the running history of this task schedule.
  Best regards