There are some new properties in MDT 2012 that can be useful.

ApplyGPOPack=YES/NO

In MDT 2012 there is a new function that will apply a local GPO during the deployment. In MDT 2012 there are four templates that will be applied automatically. If you open the templates folder in the deployment share you will see the following folders

If you don’t want them for some reason (not tested and verified) you can disable them using ApplyGPOPack=NO. I do however recommend you to download Security Compliance Manger 2.5 and import them and then verify that all security settings are correct according to your environment

HideShell=YES/NO

HideShell means that the desktop (explorer) does not show up until the deployment process is done, this will make it bit more complicated to interfere with the computer while it is being deployment. If you are deploying Windows 8 you should set this to YES otherwise the Metro UI will cover the deployment process UI and it will very hard to see if a deployment process is running

DisableTaskMgr=YES/NO

This one works in conjunction with HideShell, since HideShell does not prohibit the user to press ctrl-del and start the task manager, but this one does. My recommendation is to use this after you have verified that your deployment process works since it will also make it a bit harder to troubleshot some scenarios

OnBattery=True/False

This one is very nice to use, the new version of the gather process will now expose if we are running on battery and as you understand it is not a good idea to deploy a new OS on a machine that runs on battery, so modifying your customsettings.ini file like the example below will block any attempt to deploy a OS on a machine that runs on battery.

[Settings]
Priority=ByIsOnBattery, Default
Properties=MyCustomProperty

[ByIsOnBattery]
SubSection = ByIsOnBattery-%ByIsOnBattery%

[ByIsOnBattery-True]
OSInstall=N

[Default]
OSInstall=Y

/mike

Mr Adian Finn has done a very nice blog post on ACL’s in Hyper-V. Not so many know about this, trust me.

Here is an abstract….

There are many reasons why you might want to isolate virtual machines at the NIC level in Hyper-V. Maybe you have different tenants on a cloud. Maybe you have some stuff that has high security requirements. If so, then there’s a new feature in Windows Server 2012 Hyper-V that you’ll like: Port ACLs (access control lists).

Port ACLs allow you to set rules as follows:

• Local MAC/IP address: what local address does this apply to?
• Remote IP/MAC address: what remote address does this apply to? Can be a specific IP address or network address or a wildcard.
• Action: Do you want to block, allow, or measure traffic that this rule applies to?
• Direction: Are you apply this rule to inbound traffic, outbound traffic, or traffic in both directions?

It’s important to note that Port ACLs works at the address level and not at the port or protocol level. If you need that level of granularity, then check out one of the certified Hyper-V Switch extensions that MSFT partners such as Cisco and 5Nine are producing

the rest you can read here….