Share This Post

Automation: Preventing user interaction and resuming execution after restart

If you use ConfigMgr and have used a Task Sequence to deploy applications outside of OSD. You have probably run into the issue where if you perform a restart, the computer will sit at the ctrl+alt+delete screen and continue the execution in the background. Now this might be fine for some cases. For others it gives a sloppy presentation and there is no way to prevent the user from using the computer if you want to do so. To get around this I have been using autologin and runonce for years now to put the system into a sort of limbo state where the user is logged in but explorer.exe has not yet started. I have polished this process up and made it reasonably difficult to get around so I could share it with everyone.

For non-ConfigMgr users (most of the departments where I work) that don’t have access to a task sequencer. I have developed my own “mini” task sequencer and included it in this script. It is similar to other products, you give a list of commands to perform but you can also specify special actions, such as restart computer, and the script will perform those actions in sequence while maintaining state between those actions.

Download here: https://webspace.utexas.edu/skeiffer/pub/AutoLogonMiniTS.zip

Usage

ConfigMgr Non-ConfigMgr
AutologonMiniTS.vbs Flags

  • /configMgr – Used to start the script in configMgr mode. Use this at the start of your Task Sequence
  • /finish – Used to stop the computer from automatically logging in. Use this at the end of your Task Sequnce
  • /noInitRestart – This will prevent the script from restarting the computer when first run. You should use this if you are using this in a task sequence.
  • /noExitRestart – When /finish is called the script will logout rather than restart
AutologonMiniTS.vbs Flags

  • /commands:<cmd1>;<cmd2>;… – used to start the script in task sequence mode as well as specifying the commands to be run. Use quotes if command has spaces. If you need to use quotes in a command use single quotes(‘), they will be replaced.
  • /noInitRestart – This will prevent the script from restarting the computer when first run.
  • /noExitRestart – When the script finishes all the commands this flag makes the script logout rather than restart.

Special Actions

  • restart – used in /commands to indicate that you wish to restart the computer.
  • more later…

 

image

All actions are logged here: %windir%\temp\AutoLogonMiniTS.log. There is no user interaction other than what you seen in the screenshot below. Check this file to see if things failed or succeeded.

Note: This has not been tested on XP as of yet but should work fine.

 

Example

We are currently deploying full disk encryption to our mobile devices using ConfigMgr. I have recreated this exact process using only the script to illustrate both methods. To encrypt our devices we install the virtual c++ runtimes, restart, install the encryption software, and then wait for the encryption to finish. Here is how we implement this in both ConfigMgr and the script inorder to have the exact same effect.

ConfigMgr

Standard task sequence (in picture below) with two tasks that call AutoLogonMiniTS.vbs

  1. Initalize MiniTS : AutoLogonMiniTS.vbs /configMgr /noInitRestart – Starts the script in configmgr mode and prevents script from restarting computer
  2. Close MiniTS : AutoLogonMiniTS.vbs /finish – Stops the script from automatically logging in and then restarts the computer.

Non-ConfigMgr

AutoLogonMiniTS.vbs is called with all the main commands present in the configMgr task sequence.

command line(from bat): cscript %~dp0AutologonMiniTS.vbs /commands:”%~dp0vcredist_x86.exe /q”;restart;”cscript %~dp0install.vbs”;”cscript %~dp0waitForSDBat.vbs”

Here is a picture that shows both of these processes running on the same step side-by-side.

autologonEx

 

How it all works

Here is a basic run though of what happens. This is just the big picture, there is a lot of other stuff going on.

  1. A user, AutoLoginuser is created with a random password and is set to automatically login
  2. Scripts are copied to HDD and are set to run in various places in the registry
  3. Once the computer is restarted the script is run again
  4. If in configMgr mode the script does nothing and exits. If in commands mode it will run all commands in sequence. This process will resume if a restart command is given.
  5. In commands mode, once all commands are finish (or a command fails) the script will remove the autologon, delete the user, and clean up anything left behind. In configMgr mode, The user must specify a /finish task in their task sequence to perform those actions.

To prevent the user from accessing the desktop, various scripts are put in place. The first faces the user (as you can see in the screenshot). This window is just a distraction. If the user closes the window, another script that is in the background will reopen it. If they get past the hidden script, a third script will automatically log the user out.

Share This Post

Leave a Reply