When deploying Windows clients using Configuration Manager 2007 and MDT 2010 Update 1, there is often a requirement to run task sequence actions as a domain user as opposed to the local system account. For example, in order to perform actions on a computer object in Active Directory (such as moving the computer object to a different OU). Usually, the OU security will be configured with the necessary ACLs to allow specific users or groups to perform computer object operations. Therefore when we attempt to automate this as part of the deployment process, it will fail as the action will be executed by the system account which will not hold the necessary privileges (default behaviour in Configuration Manager 2007).
Therefore the “Run Command Line” task sequence action provides the functionality to execute the command as a domain user account that will have the necessary privileges.
This has always worked perfectly for me, until recently when working on a Windows 7 deployment. The issue was that the task sequence would fail when attempting to run the command line action as a domain user. The error logs revealed the error “Incorrect Function”:
This is quite a generic error and can be caused by many different things, including a syntax error in the script or cscript unable to locate the script specified. However, in this instance this error occurred due a combination of Microsoft .NET Framework 1.1 installed on the system and the attempt to run the command line as a different user. More specifically the error was caused by the configuration of the following registry key:
The default value for this key is 1, however the installation of.NET Framework 1.1 modified the value. The solution is to re-configure the REGDBVersion DWORD value back to 1 during the task sequence, which will result in the command line action running correctly. This can be easily automated during the deployment process by creating a collection of actions to first backup the key, then modify the value and finally restore the original value as illustrated in the following steps.
Step One: Backup the existing registry values
Step Two: Set the REGDBVersion value to 1
Step Three: Run the desired script as the domain user
Step Four: Restore the previous registry values
This post was contributed by Matt Bailey, a Consultant with Microsoft Services – UK.