Bonji wrote:Create a batch file or a script file that performs the operation you need, and then setup a GPO to run that file.
From your post I can't tell if you've gotten a process down to make the security change, but if you haven't you aren't ready for the GPO part of it yet.
I am trying to do exactly this.
I configured the ACL settings I wanted in an image (VM)
I exported those settings using MSLogonACL.exe /e c:\temp\acl.txt
copied that file to a domain share
pushed the original sysprep image back so that the settings are blank.
Copied the ACL.txt file back to the temp folder.
Performed the MSLogonACL.exe /i /o c:\temp\acl.txt
it doesn't throw any errors and appears like it worked
rebooted the machine
checked the admin properties, the MS Logon options are checked but the ACL list within "Configure MS Logon Groups" is empty.
If I can't get this to work using the command line, then it won't work in a script either.
Hoping I can get suggestions to fix this. I would like to script this and make it part of system deployment.