Hello,

Do you think I can deploy a NDES on windows Server 2016 on an infrastructure that already have a CA(W2008R2) ?

I don't want to touch the CA for now and especially not install a IIS role.

Thank you guys

Hello,

I'm trying to setup WDS on Windows Server Standard 2012 R2 with Update after having used WDS on W2K3 for many years.

I can deploy images using the 2012 server just fine, but whenever I try to capture an image and select UPLOAD, I get the error message "A specified logon session does not exist. It may already have been terminated." I cannot upload the image simultaneously.

I tracked down the error using Event Viewer and it looks like 2012 is disconnecting me right after logging in because my Administrator login is somehow considered Anonymous. How do I enable uploads? Change in group policy?

Below are the events:

SUCCESSFUL LOGIN:
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/30/2015 12:17:53 PM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      LIBTECH
Description:
An account was successfully logged on.

Subject:
    Security ID:        NULL SID
    Account Name:        -
    Account Domain:        -
    Logon ID:        0x0

Logon Type:            3

Impersonation Level:        Impersonation

New Logon:
    Security ID:        ANONYMOUS LOGON
    Account Name:        ANONYMOUS LOGON
    Account Domain:        NT AUTHORITY
    Logon ID:        0x9688D
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Process Information:
    Process ID:        0x0
    Process Name:        -

Network Information:
    Workstation Name:    MINWINPC
    Source Network Address:    10.1.240.50
    Source Port:        49412

Detailed Authentication Information:
    Logon Process:        NtLmSsp
    Authentication Package:    NTLM
    Transited Services:    -
    Package Name (NTLM only):    NTLM V1
    Key Length:        128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4624</EventID>
    <Version>1</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-30T19:17:53.768686800Z" />
    <EventRecordID>7797</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="2040" />
    <Channel>Security</Channel>
    <Computer>LIBTECH</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-5-7</Data>
    <Data Name="TargetUserName">ANONYMOUS LOGON</Data>
    <Data Name="TargetDomainName">NT AUTHORITY</Data>
    <Data Name="TargetLogonId">0x9688d</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">MINWINPC</Data>
    <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">NTLM V1</Data>
    <Data Name="KeyLength">128</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">10.1.240.50</Data>
    <Data Name="IpPort">49412</Data>
    <Data Name="ImpersonationLevel">%%1833</Data>
  </EventData>
</Event>

SESSION TERMINATED:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/30/2015 12:17:53 PM
Event ID:      4634
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      LIBTECH
Description:
An account was logged off.

Subject:
    Security ID:        ANONYMOUS LOGON
    Account Name:        ANONYMOUS LOGON
    Account Domain:        NT AUTHORITY
    Logon ID:        0x9688D

Logon Type:            3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4634</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12545</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-30T19:17:53.769685700Z" />
    <EventRecordID>7798</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="2040" />
    <Channel>Security</Channel>
    <Computer>LIBTECH</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserSid">S-1-5-7</Data>
    <Data Name="TargetUserName">ANONYMOUS LOGON</Data>
    <Data Name="TargetDomainName">NT AUTHORITY</Data>
    <Data Name="TargetLogonId">0x9688d</Data>
    <Data Name="LogonType">3</Data>
  </EventData>
</Event>

Hello Everyone,

We try to deploy Windows 10 x64 Enterprise with UEFI machines.

The WDS Server Plattform is 2012 R2 x64.

Im Playing around with Domainjoin for one Week now and cannot find an answer.

Panther Setuperr.log gives me:
2017-01-18 14:14:47, Error                        [DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [5]
2017-01-18 14:14:48, Error                        [DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x5

Unattended File is with flags

  <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <Identification>
                <Credentials>
                    <Domain>xxx</Domain>
                    <Username>mdtinstall</Username>
                    <Password>xxx</Password>
                </Credentials>
                <JoinDomain>xxx</JoinDomain>
                <DebugJoin>true</DebugJoin>
                <TimeoutPeriodInMinutes>1</TimeoutPeriodInMinutes>
            </Identification>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <TimeZone>W. Europe Standard Time</TimeZone>
            <ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43</ProductKey>
            <ComputerName>%MACHINENAME%</ComputerName>
            <RegisteredOrganization>xxx</RegisteredOrganization>
            <RegisteredOwner>IT Department</RegisteredOwner>
        </component>
    </settings>

any suggestions?

We have a server that handles WDS, APP-V, and now recently VPN. After adding the VPN, we are getting this error probably over 100 times a day (see below). WDS is still running and I am able to PXE boot to it, VPN is working as well, but the errors are getting intense. After doing some looking around I found posts pertaining to DHCP and WDS installed on the same machine giving this error. DHCP is not installed on this machine. Though I also tried changing the WDS settings to not listen on port 67. This got rid of the errors but booting to the PXE Server fails. Any help is appreciated.

Thanks!

Log Name:      Application
Source:        WDSServer
Date:          5/31/2012 2:13:01 PM
Event ID:      772
Task Category: WDSServer
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      app-v.dw.local
Description:
An error occurred while trying to create the UDP endpoint for WDSPXE provider on interface 172.27.4.2:67. This can happen if the network interface was disabled or changed, or some other application is already using the port. The provider  will not be able to receive requests on this interface.
 
 Error Information: 0x2740

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="WDSServer" />
    <EventID Qualifiers="49409">772</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-05-31T18:13:01.000000000Z" />
    <EventRecordID>74935</EventRecordID>
    <Channel>Application</Channel>
    <Computer>app-v.dw.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WDSPXE</Data>
    <Data>172.27.4.2:67</Data>
    <Data>0x2740</Data>
  </EventData>
</Event>

I've seen what I'd say is an unofficial location for checksum (a pastbin site), is there an official site with the downloadable OS install iso's?  Trying to create a clean source for our new domain controllers.

Thanks

Ever since I setup a new 2016 Server for WDS/PXE our event log has been filling up with this error which shows that for providers:

WDSMC, WDSTFTP, WDSPXE

This error keeps coming up saying "An error occured while tryingto create the UDP endpoint for (one of the providers) on interface (always an ipv6 interface, none of which are on this server). This can happen if the network interfaces was disabled or changed., or some other application is already using the port. The provider will not be able to receive request on this interface.

WDS/PXE both work, DHCP is not on this machine, but this error is showing up like 10 times a minute. IPv6 isn't even enabled on any interface on this server so I don't understand where these are coming from.

I've seen a proposed fix where you tell it not to listen for DHCP on port 67, but if I enable it it breaks the PXEboot for clients on this network.

Hello!

I hope someone can help me with my problem. The thing is that the unattended Setup for my Windows Deployment Service is working except of the RunSynchronous  and Asynchronous Scripts. You can see my unattended File below. Can someone tell me if there is some kind of a log file specifically for the Scripts because I couldn't find anything usefull at %windir%/Panther.

<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend"><settings pass="windowsPE"><component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SetupUILanguage><UILanguage>de-de</UILanguage></SetupUILanguage><InputLocale></InputLocale><SystemLocale>de-de</SystemLocale><UILanguage>de-de</UILanguage><UserLocale>de-de</UserLocale></component><component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DiskConfiguration><Disk wcm:action="add"><CreatePartitions><CreatePartition wcm:action="add"><Type>Primary</Type><Extend>true</Extend><Order>1</Order></CreatePartition></CreatePartitions><DiskID>0</DiskID><WillWipeDisk>true</WillWipeDisk></Disk><WillShowUI>OnError</WillShowUI></DiskConfiguration><WindowsDeploymentServices><Login><Credentials><Password>WDSTest01</Password><Username>WDSTest-01\Administrator</Username></Credentials></Login><ImageSelection><InstallImage><Filename>install-(5).wim</Filename><ImageGroup>Windows1803Group</ImageGroup><ImageName>Windows 10 Pro</ImageName></InstallImage><InstallTo><DiskID>0</DiskID><PartitionID>1</PartitionID></InstallTo></ImageSelection></WindowsDeploymentServices><Restart>Restart</Restart><EnableNetwork>true</EnableNetwork></component></settings><settings pass="specialize"><component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><RunSynchronous><RunSynchronousCommand wcm:action="add"><Order>1</Order><Path>CMD /C mkdir c:\Test224</Path></RunSynchronousCommand></RunSynchronous></component></settings><settings pass="oobeSystem"><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><FirstLogonCommands><SynchronousCommand wcm:action="add"><Order>1</Order><Description>CMD /C mkdir c:\Test224522</Description></SynchronousCommand></FirstLogonCommands><LogonCommands><AsynchronousCommand wcm:action="add"><Order>1</Order><CommandLine>CMD /C mkdir c:\Test224522</CommandLine></AsynchronousCommand></LogonCommands></component></settings><settings pass="auditUser"><component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><RunSynchronous><RunSynchronousCommand wcm:action="add"><Path>cmd /C mkdir c:\Test2245</Path><Order>1</Order></RunSynchronousCommand></RunSynchronous></component></settings><cpi:offlineImage cpi:source="wim://Joel-PC/austausch/win10_1803_german_x64/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" /></unattend>

I receive this error after PXE booting:WdsClient: An error occurred while communicating with the Windows Deployment Services server. Please check to ensure that the server is optional and that the necessary ports are open on the server's firewall

• DHCP and WDS are on the same same machine.
• The firewall is turned off on the WDS server.
• I can ping from the PXE client to the WDS server.
• The WDS server service is running, and all dependency service are running.

• 0x0b004f WDS CreateClientSession: Failed to initialize client -> server logging, Error code 0x8007005
• 0x0b0055 WDS CreateClientSession: Failed to create client session, Error code 0x8007005
• 0x0b0065 WDS CallBack_WDSClient_DetectWDSMode: Failed to create client session or initialize WDS unattend. Error 0x8007005
• 0x0b0052 WDS CallBack_WdsCleint_ErrorEventHandler: Problem processing error event. Error code 0x80070057

I have searched for days and have yet to find a solution.  Thank you in advance.

Hi

Recently my windows server went on update.

After that i cannot get my login screen i.e credentials screen. It just goes blank with mouse cursor which is moving.

I tried to go onto safe mode but it also gives me same screen.

But i can access the Shared folders which their on the server 

the server i am using for PXE booting and it has two NICs, each on its own vLAN. NIC1 is the vLAN that allows it communicate with the rest of the machines within the infrastructure (and other vLANs). NIC2 is on an isolated vLAN that is set for PXE booting, so the server is only board casting on this vLAN. 

NIC1 has the default gateway set and NIC2 does not have a default gateway set. I created a second DNS entry for the server pointed toward NIC2, and PXE booting worked. however, i could no longer ping NIC1 from a PC on the same vLAN as NIC1. I removed that DNS entry, and then i could no long PXE boot. DNS did its own registry for NIC2 but i still cannot PXE boot. I can ping NIC1 still, but i cannot ping NIC2 from a PC that is on that isolated vLAN (destination host not reached).

any help would be appreciated. 

Folks

I'm trying to set up a KMS host on a Windows 2008 Ent R2 server. There will be no DNS involved from KMS client to KMS host.

The issue I'm facing is that I'm not able to complete the KMS host setup to begin with.

I am able to successfully run: cscript slmgr.vbs /ipk <key>. However, when I try to run the /ato option - I get an error message like so:

Error: 0xC004C008 The activation server determined that the specified product key could not be used.

Other posts have talked about opening port 1688 etc. but I'm not even talking about setting up a KMS client right now.

What am I doing wrong....

Thanks !

Trying to install windows security patch on windows server 2012 R2. Installation is getting successful however after restart of server it getting failed with below error message

Windows update changes undoing . Please find below CBS logs

CBS Error:C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]  2016-08-11 17:35:00, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]

Hello, looking for the AVMA keys for Server 2019?

I have a 2019 Datacenter Licensed Hyper-V host with a 2016 Standard VM on it.  I am unable to do an in place upgrade of the 2016 VM using 2019 setup with the AVMA keys located here: 

https://docs.microsoft.com/en-us/windows-server/get-started-19/vm-activation-19

I get the error: "This key doesnt work with this edition on windows. Try a different key"

The 2016 VM is currently activated with an AVMA key.

Hi,

I've just downloaded Windows Server 2019 Evaluation. On the eval website it states that the product can be used for 180 days until it expires. However if I check with slmgr /dli I see that the grace period is just 10 days and the rearm count is 6, which is not the 180 days mentioned on the website....

Anyone any thoughts on this?

With kind regards,
Michael

Hello,

We are currently in the testing phase of setting up WDS in our organization and are running into a few small problems.  Right now we have WDS on Server 2016 on a separate VLAN and this server also hosts the DHCP for that VLAN.  It can still talk to the other servers and most importantly talk to our AD domain.

The problem I am running into is that on Windows 10 we seem to be unable to properly join a domain unattended.  We created a service account for the purpose and it works just fine on Windows 7 unattended installs.  It also works properly to connect to the WDS to get the list of images available.  What happens is after the first boot when it's prepping for the OOBE the machine will reboot and then say "Why did my PC restart?".  If we click OK then it will set it up properly on the next boot.  This can't be right.  I've also noticed that the checkboxes for joining a domain or not joining one in WDS properties appear to do nothing.  Ideally, I'd like to have it just setup the Administrator account silently the autologon to the service account so we can install our AV and any custom per-user software as a final step.  We have a group policy in effect that renames the Administrator account to something else and sets a password only we know and locks out the account on that machine.  Right now, it sets up an WDSAdmin account and autologon to this so we have to join the domain as a final step and rename the machine.  On reboot we logon to a domain admin account and remove the WDSAdmin account.

Another problem we are having is that during approval process we set a machine name and this does not seem to get passed over to Windows.  I thought this would do this and I would like it to do so.

We have two unattended files.  One is pointed to the image itself which does specialize and oobe pass.  During approval, we have an unattended for WinPE for picking an image and disk setup.  It also mirrors the specialize pass.  I am not sure if that is necessary, but I've seen that done as examples elsewhere.

Here is our install XML we pick during the approval process:

<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend"><settings pass="windowsPE"><component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SetupUILanguage><WillShowUI>OnError</WillShowUI><UILanguage>en-US</UILanguage></SetupUILanguage><InputLocale>en-US</InputLocale><SystemLocale>en-US</SystemLocale><UILanguage>en-US</UILanguage><UILanguageFallback>en-US</UILanguageFallback><UserLocale>en-US</UserLocale></component><component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><WindowsDeploymentServices><Login><Credentials><Domain>XXX</Domain><Password>XXX</Password><Username>XXX</Username></Credentials></Login><ImageSelection><InstallImage><ImageGroup>Win_10_Pro_VLK</ImageGroup><ImageName>Win_10_Pro_VLK_VMWare_Unattend</ImageName><Filename>Win_10_Pro_VLK_VMWare_Unattend-(2).wim</Filename></InstallImage><InstallTo><DiskID>0</DiskID><PartitionID>4</PartitionID></InstallTo></ImageSelection></WindowsDeploymentServices><DiskConfiguration><Disk wcm:action="add"><CreatePartitions><CreatePartition wcm:action="add"><Order>1</Order><Size>500</Size><Type>Primary</Type><Extend>false</Extend></CreatePartition><CreatePartition wcm:action="add"><Order>2</Order><Type>EFI</Type><Extend>false</Extend><Size>100</Size></CreatePartition><CreatePartition wcm:action="add"><Order>3</Order><Extend>false</Extend><Size>16</Size><Type>MSR</Type></CreatePartition><CreatePartition wcm:action="add"><Order>4</Order><Extend>true</Extend><Type>Primary</Type></CreatePartition></CreatePartitions><ModifyPartitions><ModifyPartition wcm:action="add"><Active>false</Active><Format>NTFS</Format><Label>Recovery</Label><Order>1</Order><PartitionID>1</PartitionID><TypeID>DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID></ModifyPartition><ModifyPartition wcm:action="add"><Order>4</Order><Label>Windows</Label><Format>NTFS</Format><Letter>C</Letter><PartitionID>4</PartitionID></ModifyPartition><ModifyPartition wcm:action="add"><Order>3</Order><PartitionID>3</PartitionID></ModifyPartition><ModifyPartition wcm:action="add"><Order>2</Order><Format>FAT32</Format><Label>System</Label><PartitionID>2</PartitionID></ModifyPartition></ModifyPartitions><DiskID>0</DiskID><WillWipeDisk>true</WillWipeDisk></Disk><WillShowUI>OnError</WillShowUI></DiskConfiguration><UserData><ProductKey><Key>XXX</Key><WillShowUI>OnError</WillShowUI></ProductKey><AcceptEula>true</AcceptEula><FullName>XXX</FullName><Organization>XXX</Organization></UserData></component></settings><settings pass="specialize"><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ProductKey>XXX</ProductKey><SignInMode>1</SignInMode><DoNotCleanTaskBar>false</DoNotCleanTaskBar><TimeZone>Eastern Standard Time</TimeZone></component><component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><InputLocale>en-US</InputLocale><SystemLocale>en-US</SystemLocale><UILanguage>en-US</UILanguage><UILanguageFallback>en-US</UILanguageFallback><UserLocale>en-US</UserLocale></component></settings><cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" /></unattend>

Here is our XML we add to the image in the properties:

<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend"><settings pass="specialize"><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DesktopOptimization><GoToDesktopOnSignIn>true</GoToDesktopOnSignIn><ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar></DesktopOptimization><ProductKey>XXX</ProductKey><SignInMode>1</SignInMode><DoNotCleanTaskBar>false</DoNotCleanTaskBar><TimeZone>Eastern Standard Time</TimeZone><ComputerName>WDSLab</ComputerName></component></settings><settings pass="oobeSystem"><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DesktopOptimization><GoToDesktopOnSignIn>true</GoToDesktopOnSignIn><ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar></DesktopOptimization><UserAccounts><LocalAccounts><LocalAccount wcm:action="add"><Password><Value>XXX</Value><PlainText>false</PlainText></Password><Description>Local Administrator Account</Description><DisplayName>WDSAdmin</DisplayName><Group>Administrators</Group><Name>WDSAdmin</Name></LocalAccount></LocalAccounts></UserAccounts><OOBE><HideEULAPage>true</HideEULAPage><HideLocalAccountScreen>true</HideLocalAccountScreen><HideOEMRegistrationScreen>true</HideOEMRegistrationScreen><HideOnlineAccountScreens>true</HideOnlineAccountScreens><HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE><ProtectYourPC>3</ProtectYourPC></OOBE><DoNotCleanTaskBar>false</DoNotCleanTaskBar><SignInMode>1</SignInMode><TimeZone>Eastern Standard Time</TimeZone><AutoLogon><Password><Value>XXX</Value><PlainText>false</PlainText></Password><Enabled>true</Enabled><Username>WDSAdmin</Username><LogonCount>1</LogonCount></AutoLogon></component><component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><InputLocale>en-US</InputLocale><UILanguage>en-US</UILanguage><UILanguageFallback>en-US</UILanguageFallback><UserLocale>en-US</UserLocale><SystemLocale>en-US</SystemLocale></component></settings><cpi:offlineImage cpi:source="wim:c:/users/franks/desktop/win10_aik/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" /></unattend>

Hello,

We are currently trying to setup WDS in our organization.  The WDS is on it's own VLAN with Server 2016 and also hosts the DHCP server.

The problem we are having is that I keep having to pick between x64\wdsnbp.com or x64\wdsmgfw.efi in the DHCP options to get it to boot.  I thought WDS was supposed to set this up automatically when the DHCP server is hosted on the same machine?  We also have to leave "Configure DHCP options to indicated that this is also a PXE server" unchecked or it will not boot.

Are we doing something wrong or is this intended behaviour?  I was under the impression that WDS hosted on the same DHCP server was supposed to automatically choose the proper architecture and boot option.  We are only deploying x64 machines, so it's not a huge deal but it becomes annoying when we forget to change this.

I used keep my myriad windows templates in a workgroup but of late I need them to be scanned by various security appliances for vulnerability mgmt. etc. This requires admin accounts to be created on them and becomes and admin pain. As such, I have been looking at joining them to my domain and assign a single account to do these scans etc. I'd never really looked at it in detail but I cannot see any issue sin doing this. I script the power on of the machines once a month for patching and scanning so being part of the domain makes this stuff easier. Also, when deployed, MS SYSPREP runs under the local SYSTEM account and will remove the new machine from the domain and generalize it but not affect the template computer account it seems (from testing). The only bits that required cleanup on the deployed VM are things like local accounts and domain user profiles as these don't appear to be removed during sysprep. 

So, wondering what others are doing in this area and anything else to look out for?