Merged PR 2844: Moved service acct configuration under step 11, and updated ms.date, fixed HEAD conflict

Moved service acct configuration under step 11 in "poc" topic, and updated ms.date in several topics
2025-05-29 13:47:23 +00:00 · 2017-08-24 19:17:17 +00:00 · 2017-08-24 19:17:17 +00:00 · e28e96c2fa
commit e28e96c2fa
parent 3b27342e54
8 changed files with 29 additions and 21 deletions
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@ -7,6 +7,7 @@ ms.localizationpriority: high
 ms.prod: w10
 ms.sitesec: library
 ms.pagetype: deploy
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-enterprise-subscription-activation.md
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 keywords: deployment, automate, tools, configure, mdt
 ms.localizationpriority: high
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 keywords: deployment, automate, tools, configure, sccm
 ms.localizationpriority: high
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 keywords: deployment, automate, tools, configure, mdt, sccm
 ms.localizationpriority: high
 ms.date: 08/23/2017
 author: greg-lindsay
 ---
@ -771,6 +772,27 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
    Add-DnsServerForwarder -IPAddress 192.168.0.2
    </pre>
    **Configure service and user accounts**
    Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
    >To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
    On DC1, open an elevated Windows PowerShell prompt and type the following commands:
    <pre style="overflow-y: visible">
    New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
    New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
    New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
    New-ADUser -Name CM_NAA -UserPrincipalName CM_NAA -Description "Configuration Manager Network Access Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
    Add-ADGroupMember "Domain Admins" MDT_BA,CM_JD,CM_NAA
    Set-ADUser -Identity user1 -PasswordNeverExpires $true
    Set-ADUser -Identity administrator -PasswordNeverExpires $true
    Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
    Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
    Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
    </pre>
 12. Minimize the DC1 VM window but **do not stop** the VM.
    Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain.
@ -984,27 +1006,6 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
    Restart-Computer
    </pre>
 ### Configure service and user accounts
 Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
 >To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
 On DC1, open an elevated Windows PowerShell prompt and type the following commands:
 <pre style="overflow-y: visible">
 New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
 New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
 New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
 New-ADUser -Name CM_NAA -UserPrincipalName CM_NAA -Description "Configuration Manager Network Access Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
 Add-ADGroupMember "Domain Admins" MDT_BA,CM_JD,CM_NAA
 Set-ADUser -Identity user1 -PasswordNeverExpires $true
 Set-ADUser -Identity administrator -PasswordNeverExpires $true
 Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
 Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
 Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
 </pre>
 This completes configuration of the starting PoC environment. Additional services and tools are installed in subsequent guides.
 ## Appendix A: Verify the configuration