Group policies with Microsoft Deployment Toolkit and WDS

Question

Hi everyone, Hoping someone on here can provide some advice as I have hit a brick wall.

I have created a WDS environment to deploy windows 10 which is pretty much ready to go, we have around 600 workstations to build and deploy. On the Gold image we have the baseline GPO and user specific GPOs for the user and the administrator. When the image is SYS prep, captured on the WDS and deployed all of those GPOs have been wiped.

Is there a method of capturing the baseline GPOs and user specific GPOs then injecting them into the build process or is there a tool as part of the MDT package that will allow these GPOs to be created.

Due to the nature of the organisation i work in we cant go down the route of creating a domain and pushing these policies that way. It has to be installed locally on each client.

Any help would be greatly appreciated. Thanks in advance :)

Answer 1

Hi,

Thanks for posting in Microsoft Q&A forum.

1,GPOs are assigned to SIDs (both machine and user). Sysprep changes the SIDs by design. There is no way to keep Sysprep from changing SIDs. The GPOs still exist but they now are referencing SIDs that no longer exist.

2,We could try to use the command-line utility LGPO.exe to configure policies directly in the reference Windows image in MDT. For more information, please refer to:
Deploy LGPO with MDT 2013
LGPO.exe - Local Group Policy Object Utility, v1.0
Microsoft Security Compliance Toolkit 1.0
Note: The non-Microsoft link is just for your reference.

Best regards,
Simon

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.