![]() ![]() Reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v RoamingCount /d 0 /f Reg add "HKLM\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v Flags /d 0x00d6fb7f /f Reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v IsFederated /d 0 /f Reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v EnrollmentType /d 0 /f Mdm_fake_enrollment Download reg add "HKLM\SOFTWARE\Microsoft\Enrollments\FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" /t REG_DWORD /v EnrollmentState /d 1 /f ![]() So instead, I’ll do the registry change as a CMD script: reg add "HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /t REG_SZ /v ExecutionPolicy /d "Unrestricted" /f (Looks like it’s too early to me since MDM fake enrollment registry files do not take effect and I had to use reg command script later). I cannot confirm when the registry files are loaded in NTLite. The correct path is changing the string value ExecutionPolicy to Unrestricted in the key HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell It’s not in HKCU but in HKLM (his screenshots says HKLM). I decided to take a look at registry values that can be changed and this website suggested there is one. Microsoft deciding to prevent Powershell scripts from running by default broke NTLite’s powershell scripting. I tried to use CMD files to do powershell -command "Set-ExecutionPolicy unrestricted -force" but it does not work and quite a few people reported ignoring execution policy with -ExecutionPolicy Bypass switch to powershell.exe does not work with NTLite either. However, this is a chick and egg problem with slipstreaming as you need to execute this first programmatically. The Execution-Policy is set to be disabled and you have to go to Powershell to run Set-ExecutionPolicy unrestricted -force ![]() Turns out Microsoft decided to not allow you to run Powershell scripts out of the box. ![]() Register-ScheduledTask -TaskName "Create System Restore Point" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest $Action= New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-Command Checkpoint-Computer -Description "TWC-RestorePoint" -RestorePointType MODIFY_SETTINGS' $Trigger= New-ScheduledTaskTrigger -AtLogon # Register task to create snapshot at every logon Reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /t REG_DWORD /v SystemRestorePointCreationFrequency /d 0 /f # There's a 24hr refactory period if the key was not disabled (set to 0) StartSystemRestoreOnSystemDriveAtEveryBoot Download Enable-ComputerRestore $env:systemdrive Computer put to standby with a timeout by default.The last one (KB5011543 for now) is a 600MB+ roll-up that gets updated often that you might want to check Microsoft Update Catalog for the latest YYYY-MM Cumulative Update Preview and replace it (check superseded info)Īnnoyances fixed with Registry/Post-Setup scripts I have a CMD command to run in Post-Setup that you can run before any Powershell scripts are executed that’d fix the issue. Powershell scripts wouldn’t executeīecause Microsoft changed the defaults and do not allow Powershell scripts to run out of the box. There’s a firewall setting group specifically for the service that can be enabled. They are blocked by firewall out of the box. Remember to change the password afterwards! Unattended installation will mark your machine as managed by the corporate office Ping and file sharing (Samba/CIFS) with older Windows machines blocked out of the box If you don’t create a password in NTLite when choosing built-in Administrator account, you will be auto-logged in. Built-in administrator account logs in automatically by default There are a few quirks when it comes to slipstreaming Windows 10 with NTLite. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |