If you have certain domain policies, like renaming the administrator account or setting a legal disclaimer at login, those policies will break MDT 2010. Group Polciies that deploy application may also fail if they are executed when the task sequence is running.Here are some workarounds…
Option 1 – Use a Staging OU
Use a Web Service to move the computer account to a staging OU during deployment, and move it back to the production OU when deployment is completed. Maik Koster has a great post about that:
Option 2 – Prevent the Group Policy to apply as long as the deployment is running
I have seen quite many ways for this, all from creating additional variables to check for, to modifying the built-in script. The simplest solution I have found is simply to add a WMI filter to the Group Policy, so that it does not apply until the deployment is done.
The obvious way would be to check for the existenece of the C:\_SMSTaskSequence folder, but due to the way WMI filter works (or rather not works) it’s better to check for the existence of the C:\Windows\Temp\DeploymentLogs folder. That folder is not created until deployment is completed.
Create thw following WMI Filter and link it to the Group Policy
Select * From CIM_Directory Where Name = ‘C:\\Windows\\Temp\\DeploymentLogs’
Note: Make sure that you don’t have such folder in the wim you are deploying…
Option 3 – Postpone the domain join process
I do like option 1 the best, but yet another solution is to postpone the domain join process. Here is a good article by Keith Garner that explains how to do this.
http://deployment.xtremeconsulting.com/2009/12/08/new-for-mdt-2010-ztidomainjoin-wsf/
/ Johan