Removing the Windows Domain login EULA for automated deployments

Uncategorized

Pre-login EULA’s are a common sight within organisation’s forcing a user to “read” something then click OK allowing the system to continue to login.

Automated build tools such as Ivanti, or MDT however are not keen on these things and often as part of a new environment it is recommended that a new Active Directory Organisational Unit is created and blocking inheritance of group policies applied so that the EULA can be filtered out.

New systems built with automation tools are joined to the domain added to these OU’s to ensure that when systems reboot the automation is not interrupted by waiting for a manual EULA acceptance.

But what happens in cases where you cannot create a staging OU and stop the EULA from applying either by design or by organisational requirements.

Automating through MDT and Ivanti etc suddenly becomes a lot harder. However, two registry keys, a scheduled task and a simple script come into play here that can save the day in these situations. All available from GitHub here.

These keys are populated when a EULA group policy is defined and contains the header and the body text of the EULA.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption

These can simply be deleted in order to remove the EULA from the system however unfortunately group policy will constantly reapply these causing the issue to reoccur.

Combining these keys with a script and a scheduled task however ensures the keys will not reappear during your automated build process.

A couple of things to note is taking MDT as an example using the task sequences unattend.xml file ensure that you remove the steps to domain join and instead rely on the Recover from Domain step instead to perform the domain join. Without doing so you will see the system installing the OS and joining the domain and rebooting before you have a chance to “install” the script as a step meaning that you will already be seeing the EULA.



With that out of the way comes creating a scheduled task for ease I’ve put the MDT package on GitHub here. All you need to do is import into MDT and create the application that runs the Disable-EULA.CMD.

When run this copies a batch file along side its parent folder to C:\Script and also creates a scheduled task using the XML task template included.
The scheduled task then runs at computer start under the system context and delete’s the registry keys associated with the EULA and allows the automated logon to continue uninterrupted.

All that remains is when you have completed the automated build process is to delete the scheduled task which you could automate as well using the following command:


Schtasks /delete /TN “Disable EULA” /F

Author: Dale Scriven

Leave a Reply