Hello. i am deploying WDS and MDT in my env. with w2k8. 1. i want to give Help Desk guys permission to approve machines in WDS but they have 'access denied' when viewing list of waiting clients. i already gave them permision for approving (permision to OU...) 2. if i want to make approving proces more automatic what should i do? not to wait for approve? 3. i do not have UUID tab when creating computer object in AD - on all screens in forums and blogs i see that there is 'next>' button on first screen when creating computere but in my AD (w2k3) i can not see it. thx in advance for any tips. Voytas

Hi, Thanks for posting in Microsoft TechNet forums. To answer your questions one by one: 1. i want to give Help Desk guys permission to approve machines in WDS but they have 'access denied' when viewing list of waiting clients. i already gave them permision for approving (permision to OU...) As I know, there are two most common causes of this issue: l You do not have the correct permissions in AD DS for the computer. You must delegate the appropriate user rights for Help Desk. To approve a pending computer, in AD DS, you must grant rights to the Windows Deployment Services server’s account (WDSSERVER$) to create computer account objects for the containers and OUs where the approved pending computers will be created. Please take the following steps to grant permissions to approve a pending computer: 1) Open Active Directory Users and Computers. 2) Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control. 3) On the first screen of the wizard, click Next. 4) Change the object type to include computers. 5) Add the computer object of the Windows Deployment Services server, and then click Next. 6) Select Create a Custom task to delegate. 7) Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next. 8) In the Permissions box, select the Write all Properties check box, and click Finish. Reference: Required Permissions l The computer name is invalid. For example, the name might be too long, or it might contain characters that are not valid. 2. if i want to make approving proces more automatic what should i do? not to wait for approve? In order to ignore the approval from the administrator, you may prestage clients computers in AD DS, or disable the pending functionality. 3. i do not have UUID tab when creating computer object in AD - on all screens in forums and blogs i see that there is 'next>' button on first screen when creating computere but in my AD (w2k3) i can not see it. As I understand your scenario, the WDS server is installed on Windows Server 2008, the AD is installed on Windows Server 2003, you want to prestage the computer in AD but the GUID/UUID window doesn’t appear. I would like to provide the following methods: Method 1: Install ADDS in Windows Server 2008 and prestage computers from Windows Server 2008. Method 2: Install Windows Deployment Services role on Windows Server 2003, then you should be able to see the next window during prestage. Method 3: Update the Active Directory Users and Computers on your workstation. 1) You need the following files from your server and they have to be the same architecture, so if your workstation is x64, then so does the server. %systemroot%\system32\imadmui.dll %systemroot%\system32\en-US\imadmui.dll.mui 2) Copy those files from WDS server to the same location on your workstation. 3) Register the dll using the following command as an administrator (remember UAC):regsvr32 imadmui.dll Method 4: Prestage computers using WDSUTIL command. More reference: How to prestage a computer Prestage client computers BTW, I noticed that you are using MDT. I would recommend you to post in MDT forums for support as well. Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hey, thx for answers. i have a question according first one. permission for wds server has been given but you mentioned that Help Desk shoud have proper permission to have access to view pending computers. can you be more specific? all information you provided is great. thx thx in advace.Voytas

I mean the Help Desk guys should be the Domain administrator of the domain that contains the Windows Deployment Services server so that he can approve the computers in WDS. Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

i think that giving Domain Administrator to Help Desk is not good - they have then access to all domain -not good.Voytas

Please grant read/write permissions on the C:RemoteInstall\MGMT folder, also give permissions to the OU and see how it works. Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.