After struggling with an odd problem with USMT, I’ve finally found a solution that works.
When running USMT, scanstate.exe to be more precise, on the old client, it automatically saves the users local group membership.
In this case, many users are local admin in the old environment, but are not supposed to be it in the new. Running a standard USMT will migrate local group membership and it’s not easy to find out how to remove this.
What you need to do is to create a config.xml file to be used, do this by running the following command: scanstate.exe /genconfig:config.xml
Then open the config.xml file and scroll down to the bottom of it and you will find the following section:
What I did was to replace the commented text to the following:
This will move all users from the local administrators group to the users group when running loadstate on the new client. The syntax will be the following:
loadstate.exe \<server>mystore /config:config.xml
I have also tested to change “Users” to a name of a group that doesn’t exist on the new client, which resulted in USMT dropping the users, and not reporting any errors, giving me the result I wanted.
3 Responses to Exclude local group membership in USMT 4