21 Nov 2012

Offline USMT excluding Local Accounts in SCCM 2012 & MDT 2012

Local Machine accounts can be excluded from the USMT process by specifying an additional Task Sequence variable and then either explicitely excluding the local account(s) or explicity including the domain accounts. An issue with the offline USMT method is that the machine is unable to determine the domain by it's name and therefore it's necessary to use the Domain's SID based on the fact that each user account within a given domain will have a similar SID apart from the RID which forms the last section of the SID string.

See the Wikipedia explanation

  1. First of all create the necessary TS variable in a new step before the Scanstate operation named OSDMigrateAdditionalCaptureOptions
  2. Give it a value of /ue:* /ui:<Domain SID>*
Multiple instances of /ui can be used to specify additional domains if required.

A domain's SID can be retrieved by using PSGetSID.exe from SysInternals and using the following syntax; psgetsid.exe <Domain Name>