Hello all,
I'm having a problem maintaining a local administrator account on my Windows 7 PC after imaging. Let me briefly summarize my imaging process:
To create my image, I use a DS 7.1 Scripted OS Install job to install Windows 7 Enterprise using a custom unattend.xml on my master image PC. It enables the Administrator account, then also creates a secondary local admin account called Admin. I install updates on the PC, then capture the image for deployment.
I only added the second Admin account to the PC because Windows 7, after imaging, leaves the local Administrator account disabled. I use group policy preferences to enable the local Administrator account once the newly imaged PC joins the domain. However, if the PC does not join the domain, I am completely locked out of the PC. My intent was to add a secondary local admin account to the machine so that, even if the configuration task sent to the PC after imaging failed, my techs could still log into the PC and do basic troubleshooting, look at Altiris logs, etc.
What I find is happening, however, is that on deployment of my image, my second local Admin account has its administrative rights stripped away from it, making it just a standard user account. While I can at least log into the machine, I can't administer it until the PC gets joined to the domain.
One last thing - While my Scripted OS install job used to create the master image does use a custom answer file, my Deploy Image task does not, nor do I want it to. I want to keep the option checked in my Deploy Image task to "generate Sysprep info using inventory data". So, given that constraint, is there any way for me to be able to do either of the following:
A. Keep my local administrator account enabled, even if the PC doesn't join the domain? Or,
B. Find a way to allow this second local Admin user to retain its administrative rights?
My reluctance to use another custom answer file for my imaging task stems from the fact that it was a real PITA setting up my original answer file for the SOI. If I made another custom one, I'd need it to contain all of the same tokens that the "Generate from inventory data" checkbox uses. It's just so much cleaner to be able just check that checkbox and be done with it. I'm sure I could get it to work this way if I worked at it, but I'd really prefer not to. And then there's the matter of principle - what good is the option to Generate from inventory data if I can't log into the PC after it's imaged? (I have to run a Config task after imaging new bare metal PC's because importing Predefined Computers via CSV file doesn't work in DS 7.1 like it ought to. But that's another thread.)
Any thoughts on this matter? Thank you!