If you use ConfigMgr and have used a Task Sequence to deploy applications outside of OSD. You have probably run into the issue where if you perform a restart, the computer will sit at the ctrl+alt+delete screen and continue the execution in the background. Now this might be fine for some cases. For others it gives a sloppy presentation and there is no way to prevent the user from using the computer if you want to do so. To get around this I have been using autologin and runonce for years now to put the system into a sort of limbo state where the user is logged in but explorer.exe has not yet started. I have polished this process up and made it reasonably difficult to get around so I could share it with everyone.
For non-ConfigMgr users (most of the departments where I work) that don’t have access to a task sequencer. I have developed my own “mini” task sequencer and included it in this script. It is similar to other products, you give a list of commands to perform but you can also specify special actions, such as restart computer, and the script will perform those actions in sequence while maintaining state between those actions.
Download here: https://webspace.utexas.edu/skeiffer/pub/AutoLogonMiniTS.zip
|AutologonMiniTS.vbs Flags ||AutologonMiniTS.vbs Flags |
All actions are logged here: %windir%\temp\AutoLogonMiniTS.log. There is no user interaction other than what you seen in the screenshot below. Check this file to see if things failed or succeeded.
Note: This has not been tested on XP as of yet but should work fine.
We are currently deploying full disk encryption to our mobile devices using ConfigMgr. I have recreated this exact process using only the script to illustrate both methods. To encrypt our devices we install the virtual c++ runtimes, restart, install the encryption software, and then wait for the encryption to finish. Here is how we implement this in both ConfigMgr and the script inorder to have the exact same effect.
Standard task sequence (in picture below) with two tasks that call AutoLogonMiniTS.vbs
- Initalize MiniTS : AutoLogonMiniTS.vbs /configMgr /noInitRestart – Starts the script in configmgr mode and prevents script from restarting computer
- Close MiniTS : AutoLogonMiniTS.vbs /finish – Stops the script from automatically logging in and then restarts the computer.
AutoLogonMiniTS.vbs is called with all the main commands present in the configMgr task sequence.
command line(from bat): cscript %~dp0AutologonMiniTS.vbs /commands:”%~dp0vcredist_x86.exe /q”;restart;”cscript %~dp0install.vbs”;”cscript %~dp0waitForSDBat.vbs”
Here is a picture that shows both of these processes running on the same step side-by-side.
How it all works
Here is a basic run though of what happens. This is just the big picture, there is a lot of other stuff going on.
- A user, AutoLoginuser is created with a random password and is set to automatically login
- Scripts are copied to HDD and are set to run in various places in the registry
- Once the computer is restarted the script is run again
- If in configMgr mode the script does nothing and exits. If in commands mode it will run all commands in sequence. This process will resume if a restart command is given.
- In commands mode, once all commands are finish (or a command fails) the script will remove the autologon, delete the user, and clean up anything left behind. In configMgr mode, The user must specify a /finish task in their task sequence to perform those actions.
To prevent the user from accessing the desktop, various scripts are put in place. The first faces the user (as you can see in the screenshot). This window is just a distraction. If the user closes the window, another script that is in the background will reopen it. If they get past the hidden script, a third script will automatically log the user out.