Run script after loading audit-mode (starts automatically using NTLite)

[sptzdmnc]

Can i run a script (PowerShell, CMD) after signin in to the Audit-Mode-local Admin?
This would be great, because WiFi and settings might be applied in this way.
Thanks

 

[garlin]

I'm assuming you have NTLite configured to boot into audit mode.

Edit your preset in a text editor, insert this XML block right below
<settings pass="specialize">
</settings>

    <settings pass="auditSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Connect to WiFi</Description>
                    <Order>1</Order>
                    <Path>cmd /c netsh wlan set profileparameter name=&quot;SSID&quot; ssidname=&quot;SSID&quot; keyMaterial=&quot;password&quot; connectionmode=auto</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Change PS execution policy</Description>
                    <Order>2</Order>
                    <Path>powershell.exe -noprofile Set-ExecutionPolicy Unrestricted -force</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Run PS command</Description>
                    <Order>3</Order>
                    <Path>powershell.exe -noprofile Import-StartLayout –LayoutPath C:\Setup\StartMenu.xml –MountPath $env:SystemDrive\</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>

 

[francis11]

Afaik it's not recommandable to be online in Audit mode unless you want to use WU for drivers or updates which could already be implemented via NTL. Some stuff is ok in audit but be best to implement your script for online access after capture unless purpose is somethow very special of demant in Audit.

 

[garlin]

What if you had a web installer, with no offline option? Steam client (or OneDrive) for example.
You could use the fake WSUS reg hack to block unwanted WU activity.

 

[crypticus]

I would use dummywsus or WUB tool to block WU.. no reg or bat is reliable if u ask me...

 

[Clanger]

Just pull the bloody lan cable out for petes sake.

 

[garlin]

The WSUS registry is reliable, just users keep putting it in the wrong place (Post-Setup instead of Registry).
A common error is people forget Windows is fully enabled after the last Setup reboot.

 

[francis11]

What about giving OP a change before you all fall on top of each other with good advice that is probably not even necessary