Avoiding Legal Notice that breaks MDT autologon.

There is a known issue when you're setting Legal Notice text and caption in GPO and when deploying in MDT, the Legal Notice is popping up during auto logon. I fix it by saving JoinDomain to another variable SavedJoinDomain and join to domain before the last step in the task sequence.

Here are the steps

  1. Add a new custom property to your customsettings.ini
    Properties=MyCustomProperty, SavedJoinDomain
  2. Modify Scripts\ZTIDomainJoin.wsf by commenting out those two lines:

          oLogging.CreateEntry "Initiating a reboot.", LogTypeInfo
          oEnvironment.Item("LTISuspend") = ""
          ' oEnvironment.Item("SMSTSRetryRequested") = "true"
          ' oEnvironment.Item("SMSTSRebootRequested") = "true"
  3. Create a new temporary task sequence and ovewrite TS.XML from CONTROL\<Your TS ID> with TS.XML attached to this post
  4. Copy "Save JoinDomain" group and paste it to your TS before Preinstall\Configure
  5. Copy "Restore JoinDomain" group and paste it to your TS before State Restore\Recover From Domian. See attahced picture.
  6. In the following "Recover From Domian" step make sure it's Auto Recover
  7. Make sure there are no following reboots after this step
  8. You can delete temporary task sequence now



Comments (17)

  1. Sem says:

    Will this avoid the restart after joining domain is successful?

  2. Jagan says:

    Solved my problem.. Thanks for the solution

  3. SJeff says:

    Works in MDT2010 and MDT2012. Thanks for the solution.

  4. I ran this, and it did bypass the security screen. But now it no longer joins to the domain, just the workgroup.

  5. Works in MDT2010 and MDT2012. Thanks for the solution.

  6. ACCEOTech says:

    This seems to be the right fix for me.  But seems to keep me from deploying drivers.  Any sugesstion?  Maybe it`s something somewhere in my customsettings.ini: Thanks in advance.



    Properties=MyCustomProperty, SavedJoinDomain


    _SMSTSORGNAME=My Company


























    TimeZoneName=Eastern Standard Time





  7. Angel says:

    ACCEOTech, it sounds like your problem might be in the Task Sequence.. CS.ini looks fine..

  8. the1rickster,  if you are using Virtual machines, Please make sure:

    Edit –> Virtual network editor –> click "Host-only Type" –> DO NOT TICK "user local DHCP to distribute IP address to VMs

  9. DerekZA says:

    With regards to step 7. Make sure there are no following reboots after this step.

    What happens if there are?

    This solution works great until I enable the Windows Updates before and after the Install Applications task.

    For each successful reboot there after I need the legal notice to be avoided.

    Is this possible?

  10. Taho says:

    Logonexpert works perfectly for bypassing logon notice http://www.logonexpert.com/…/options.html

  11. Joe Z says:

    Taho, I went your route because of the possibility of the machine restarting after it's joined to the domain with Alex's process.

    With LogonExpert, I have a TS the installs it, then copies over my preconfigured logon.ini file.  The last TS is to uninstall the software before I capture it.

  12. Bryan says:

    This worked great !!! THANK YOU….. The only thing I had to modify was in the CS the last veritable. I noticed that the newly deployed OS was sitting logged into the admin's account. I added FinalAction=Reboot that took care of it now i have deployed imaged fulling joined sitting at the CRTL+ALT+Delete Log On – Again what a time saver AWESOME

  13. Bryan says:

    let me make one correction it was FinishAction=REBOOT not Final  – forgive me please –

  14. Michael says:

    This works great. Just confirmed this process works with MDT 2013.

  15. Maks says:

    Hello, AlexSemi.

    Great post. Thanks. Work perfect.

    But can't understand, what is the reason of executing steps 3-5?

    Why just doing step 2 does not bring the desired result?


  16. Armin says:

    great work, but I have one issue, sometimes, a machine joins the Domain successfully but then cannot be found in the AD, then after 10 minutes or so, there is an authentication error when trying to log in at Ctrl Alt Del Screen, ( as I said, it is not always like that) any Idea.. thanks

  17. Chris Street says:

    Hi, I've just solved my problem with MDT breaking after legal notice text / logon message.

    There is a very simple way to delay the legal message based upon the presence of C:_SMSTaskSequence.

    If you are using the GPO for "Interactive logon: Message text for users attempting to log on" and "Interactive logon: Message title for users attempting to log on" it's simple: DON'T!!!!!

    Instead of using the Interactive Logon Policy items, create registry items for the below…



    You can then apply "Item Level Targeting" on these and only apply is folder C:_SMSTaskSequence does NOT exist.

    It's as simple as adding a new "File Match" item and then right click on it, go to "Item Options", then choose "Is Not". Then change "Match Type" to "Folder" and enter "C:_SMSTaskSequence" in the "Path".

    Bob's your uncle, MDT delayed Legal Notice Text which will apply after the MDT has finished (folder disappears)

Skip to main content