Archive for the ‘MDT’ Category

Lately I’ve been thinking about BIOS updates. More specifically the fact that I’ve needed to apply them to some of my older HP Desktops and Laptops so we could deploy Windows 10 1511 reliably. Moving forwards this was going to be an issue as we are looking to upgrade our entire business to Windows 10 CBB later in the year. I definitely did not want to be in a position where we were manually updating BIOS versions.

Here is a solution to update your BIOS versions using a Configuration Manager task sequence. I’ve focused on HP however the solution I have implemented would work for any vendor, just adjust to suit the utility they offer.

And yes to all those SSM fans out there, I know that you can add a step to update the BIOS using that HP utility against a SSM downloaded management source with all the HP updates, however I’m not a fan and have chosen not to use it for various reasons specific to my environment.

So the requirements. Well that depends on what your already doing. If you are enabling BitLocker as part of your Task Sequence then you should already been using the HP Bios Config Utility to enable your TPM and set your BIOS settings using something like BiosConfigUtility.exe /Set:TPMEnable.REPSET /nspwdfile:”password.bin” as part of Run Command Line step with a package. You will need to use your password.bin file as part of our BIOS update command as you can’t update a BIOS automatically unless you pass the password through as part of the command. Also note that if you try to update a HP BIOS and you have bitlocker enabled there is a suspend bitlocker switch which I haven’t needed to use. But its nice to know its there. Here is a link to the HP BIOS Configuration Utility Guide which also explains how you can you generate a password.bin file if required.

2016-05-25_083206

I have my enable TPM / Import REPSET file steps before my Update BIOS steps in my task sequence. This is to ensure that the devices BIOS settings are always configured with a password before my BIOS update step runs. This avoids the scenario where a BIOS update is attempted using a password switch where that device doesn’t have a password set. Clear as mud?

Having said all of this, if you don’t set passwords for your BIOS or don’t enable BitLocker then ignore the last few paragraphs!

The next step you will need to do is to download all the latest BIOS versions from the HP website for your models. Create a source folder in your Configuration Manager source share and then create sub-folders for each model like this:

2016-05-25_084028

Extract and copy each BIOS update to the relevant folder. For older models that use HpqFlash.exe the contents should look like this:

2016-05-25_084259

And for newer models that use HPBIOSUPDREC.exe the contents should look like this:

2016-05-25_084334

Once this has been completed, create a package for each BIOS update without a program and distribute them to your DP’s.

2016-05-25_084604

Now add some update BIOS steps to your Task Sequence. As mentioned before I have my update steps after my BIOS REPSET import settings step (which enables the TPM etc). This occurs after the PC has rebooted following the Setup Windows and ConfigMgr step.

2016-05-25_085220

Create a folder for the model of PC relevant to the BIOS update, then set a WMI Query so it will only run against that model. This is what you would most likely be doing for driver packages. You don’t need to worry about using anything sneaky to query the SMSBIOSVersion against the Win32_BIOS class. If the BIOS version is up to date, the utility just exits and the task sequence continues.

2016-05-25_085509

Next add a Run Command Line step and reference the BIOS update package you created earlier for that model. In the Command line for older BIOS updates that use hpqFlash.exe specify the command hpqFlash.exe -s. If you have a password set on your BIOS use hpqFlash.exe -ppassword.bin -s

2016-05-25_090011

For newer models that use HPBIOSUPDREC.exe specify the command HPBIOSUPDREC.exe -s -r. Again if you have a password set use  HPBIOSUPDREC.exe -s -ppassword.bin -r.

2016-05-25_091654

The last step is to add a Restart Computer step which is an absolute must for obvious reasons.

That’s pretty much it, Happy BIOS Updating!

Cheers

Damon

 

 

 

So a while back I implemented a working Windows XP to Windows 7 refresh using Configuration Manger 2012 R2, some of you may be aware that this was an issue initially as there was a bug with the client being unable to stage the boot image just prior to the initial restart into WinPE. To address this a hotfix was released however the whole process had a lot of caveats to it working and was generally painful to implement.

Good news, nothing has changed with that! So last week I was thinking maybe my existing process can be used to achieve a Windows XP to Windows 10 refresh, surely that’s possible assuming that the original change Microsoft made in the client to support staging a Windows PE 3.1 boot image had been retained in the latest Configuration Manager 2012 R2 SP1 client? Well I’m happy to report that with a few changes this is indeed possible, although totally unsupported my Microsoft!

A note before proceeding. This is not supported by Microsoft and I take no responsibility for any adverse outcomes if you choose to implement this in a production environment 🙂

So with that out of the way how do we go about this?

Well the main problem with trying to do this is the issue of staging the boot image to Windows XP – so make sure that you have a Windows PE 3.1 boot image and that you have a Configuration Manager client on your Windows XP OS that is 5.00.8239.1203 or higher. If you get this wrong, you will see an error in the logs relating to an inability to stage the image as per the below screen grab. The other main issue your likely to run into is a lack of drivers in your Windows PE 3.1 boot image, so spend some time making sure you have all of your hardware models NIC and storage drivers added to the boot image that are required.

2015-10-05_111554

A few assumptions are going to be made by me here.

  • You have a working Configuration Manager 2012 R2 SP1 site with Cumulative Update 1 installed + hotfix KB3084586
  • You have installed the Windows ADK 10 and have a working USMT 10 package
  • You have installed MDT 2013 Update 1 and have integrated it with your Configuration Manager instance
  • You have a working USMT 4 package (You can download the Windows AIK to grab the USMT files, usually in c:\Program Files\Windows AIK\Tools\USMT)
  • Your Windows XP machine has a working, active Configuration Manager agent installed at version 5.00.8239.1203 or higher
  • You have a working custom Windows PE 3.1 x86 boot image with your hardware model network and storage drivers injected into it – follow this guide for building your own boot image. You can use DISM to inject drivers in a mounted wim file with this documentation. Remember that you will need to inject the correct driver versions relevant to the PE 3.1 boot image, in most cases this will be the Windows XP equivalent for each of your hardware model types.
  • You have added this Windows PE 3.1 x86 boot image to your Configuration Manager environment and have replicated it to your Distribution Points

2015-10-05_114630

  • You have a Windows 10 reference image

The process

  • Create your USMT 4 package and distribute the package to your Distribution Points. As mentioned previously the source files can be obtained from the Windows AIK.

2015-10-05_102155

  • Create a new MDT Client Replace Task Sequence specifying your Win PE 3.1 boot image, MDT Files package, Windows 10 OS reference image, Client package, USMT 10 package and your Settings Package. Make sure that you add any driver packages, applications and other settings for your Windows 10 OS such as Start Menu Layout file import steps, etc. Also don’t forget to set a local administrator password, time zone and any other Task Sequence specific settings that need to be addressed.

2015-10-05_104246

2015-10-05_104855

  • Edit the newly created Task Sequence so that the Capture User State step runs your USMT 4 package. Even though Microsoft have documented that USMT 10 supports capturing files and settings from Windows XP, it fails with an execution error about scanstate.exe not being a valid Win32 Application. Note that you could use USMT 5.0 however I already had a working USMT 4.0 Files package so for this blog I have chosen to leave the version at this level. You can leave the Restore User State step as USMT 10 as it will restore the data from the Capture User State step.

2015-10-05_102026

  • Create a new collection for deployment and review your Task Sequence.
  • Check that your Windows XP client is running the correct Configuration Manager client version of 5.00.8239.1203 or higher and add your Windows XP client to the collection.

2015-09-28_134201

2015-10-02_145049

2015-10-02_152141

2015-10-02_154909

2015-10-05_081808

2015-10-05_110650

  • Review your results. Its worth mentioning that the User State Migration Process doesn’t restore the wallpaper settings between Windows XP and Windows 10 and I don’t believe this is possible. However I’m happy to be corrected on this one if anyone does manage to achieve this. It does however migrate the source jpg and I’ve just reset this as the background image.

Cheers

Damon

 

 

Lets assume that your using MDT 2013, WSUS and HyperV to build and capture your Windows 7 SP1 reference image.

Due to the large number of updates now required for Windows 7 SP1 (Over 200!) you may run into an issue where your VM runs out of memory. Specifically, the problem is caused by the process TrustedInstaller.exe. To avoid this, make sure you allocate at least 4GB of memory. In addition to this its worth adding an additional processor to improve performance.

2015-04-09_153840

2015-04-09_154043

2015-04-09_153644

Even with these settings it takes a very long time for the process to complete. Hopefully Microsoft will release a new ISO this year with updates included.

Cheers

Damon

 

I’ve implemented this solution based on information provided in the following blogs – credit to these people for posting this information.

http://www.deploymentresearch.com/Research/tabid/62/EntryId/97/PowerShell-wrapper-for-MDT-2012-Update-1-and-MDT-2013-Preview.aspx

http://blogs.technet.com/b/deploymentguys/archive/2013/10/21/removing-windows-8-1-built-in-applications.aspx

So I’ve moved on from my old process of corporate WIM image creation. I used to build up an image from a source ISO for a respective operating system using Hyper V, make my customisations, apply patches, then use MDT to do a sysprep and capture. I know, I know, there are probably numerous reasons why you shouldn’t do this. Well no more after watching Johan’s session from System Center Universe this year here 

The new process involves the more contemporary approach of doing a completely automated build and capture in one process with MDT performing any additional changes using scripts and additional steps. The session that Johan presented is in my view the best by far that I have seen.

One thing that wasn’t covered was how to remove the built in Windows 8.1 Modern Applications. In my case (like many others) we are deploying Windows 8.1 and do not wish to have all of these applications available.

Here is a solution you can implement which will remove these apps as part of your MDT or Configuration Manager Task Sequence. My example will be in MDT 2013.

Firstly create a new powershell script from the this blog, you can amend the script as required so that it only removes the applications that you want. Alternatively I have copied the script syntax into a word document here removemodernappsnew – please make sure that you edit this script in Powershell ISE to confirm that there are no syntax errors.

Copy the script to your MDT server sources folder.

Create a new MDT application and give it an appropriate name such as Remove Windows 8.1 Modern Applications

RemoveApps1

Use the following powershell wrapper command – credit to Johan who posted the install wrapper argument here

powershell.exe -Command “set-ExecutionPolicy Unrestricted -Force; cpi ‘%DEPLOYROOT%\Applications\Remove Windows 8.1 Modern Applications\RemoveWindows8Apps.ps1’ -destination c:\; c:\RemoveWindows8Apps.ps1; ri c:\*.ps1 -Force; set-ExecutionPolicy Restricted -Force”

Note you will need to adjust the path to your powershell script depending on how you setup the application in MDT.

RemoveApps3

Now just add an install application step in your existing MDT / Configuration Manager Task Sequence, its that easy.

RemoveApps2

If you implement a Suspend action in your MDT Task Sequence you can check that the apps have been removed.

RemoveApps4

RemoveApps5

Cheers

Damon

OK well it’s not completely true to claim it’s a Zero Touch MDT solution however it is a fully automated Lite-Touch solution for upgrading your Windows XP computers to Windows 7 using MDT 2012 Update 1.

Some of you would be aware of the issue that occurred if you upgraded to Systems Centre Configuration Manager 2012 R2 – Basically the bootsect.exe included in the Windows ADK 8.1 isn’t compatible with Windows XP so you can’t stage a 2012 R2 boot file to a computer running a Windows XP Operating System. This basically meant no way to refresh XP systems with that version of Config Manager.

Microsoft has released a hotfix for this issue recently: http://support.microsoft.com/kb/2910552

However there is an alternative to applying this update. You can still fall back to using MDT 2012 Update 1 and have a fully automated solution for upgrading any Windows XP instances you still have out in the wild using USMT to migrate the user data as part of the refresh process.

Here are the steps I followed so I didn’t have to apply this hotfix. I have small environment, only 1500 seats, so going down this path made more sense than messing with my production Configuration Manager 2012 R2 instance just to get back support for XP.

  1. Build up a fully patched Windows Server 2012 R2 instance (or your preferred supported OS). This can be running on your choice of hypervisor if you prefer.
  2. Install the Windows ADK 8.1  (http://www.microsoft.com/en-au/download/details.aspx?id=39982) and install the Deployment Tools, User State Migration Tool (USMT) and the Windows Preinstallation Environment (Windows PE) options. Note there was a new version released so make sure you re-download if you have an older copy.
  3. Install MDT 2012 Update 1 (http://www.microsoft.com/en-au/download/details.aspx?id=25175). Note that you cannot use MDT 2013 as it doesn’t support Windows XP.
  4. Create your Deployment Share and import your drivers, any applications, packages, OS wim files etc.
  5. Update your boot images with any required drivers.
  6. Update your Unattend.xml if required (I just re-used my Config Manager copy which saves a fair amount of time).
  7. Enable MDT Monitoring and create your Log folder and share.
  8. Test your refresh process before attempting any automation to ensure the upgrade process runs smoothly without any base problems such as missing drivers.
  9. Once you have your refresh Task Sequence working as expected we can look at updating our CustomSettings.ini file to automate the refresh process.
  10. Update your ini file – you can use my ini file settings as a guide.

[Settings]
Priority=Default
Properties=MyCustomProperty, SavedJoinDomain

[Default]
OSInstall=Y
_SMSTSOrgName=%YOURORGNAME%
DeployRoot=\\%SERVERNAME%\DeploymentShare$
DoCapture=No
DisableTaskMgr=YES
HideShell=YES

SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipBitLocker=YES
SkipFinalSummary=YES
SkipSummary=YES
SkipBDDWelcome=YES
SLShare=\\%SERVERNAME%\Logs$
SkipDeploymentType=YES
DeploymentType=REFRESH
SkipDomainMembership=YES
JoinDomain=%FQNDOMAINNAME%
DomainAdmin=%NetworkAccessAcountName%
DomainAdminDomain=%NetBiosDomainName%
DomainAdminPassword=%NetworkAccessAccountPassword%
SkipUserData=YES
UserDataLocation=AUTO
SkipComputerBackup=YES
USMTMIGFILES001=MigUser.xml
USMTMIGFILES002=MigApp.xml
USMTMIGFILES003=YourCustom.xml
USMTConfigFile=YourWindowsXPConfig.xml
ScanStateArgs=/v:5 /o /c /ue:administrator /ue:%yourdomain%\adm* /uel:45
LoadStateArgs=/v:5 /c /lac
SkipTaskSequence=YES
TaskSequenceID=%YourTaskSequenceIDNumber%
SkipComputerName=YES
OSDComputerName=%ComputerName%
SkipLocaleSelection=YES
UILanguage=en-AU
UserLocale=en-AU
KeyboardLocale=en-AU;0409:00000409

SkipTimeZone=YES
TimeZone=265
TimeZoneName=Tasmania Standard Time

SkipApplications=YES

UserID=%NetworkAccessAcountName%
UserPassword=%NetworkAccessAccountPassword%
UserDomain=%NetBiosDomainName%

EventService=http://%SERVERNAME%:9800

Test your fully automated MDT Refresh scenario by running litetouch.vbs from the MDT Deployment Share. If working you should see the upgrade to your OS progress without any dialogue box prompts.

There are quite a few ways of actually kicking off the execution of the litetouch.vbs script, however I will leave this mechanism up to you.

Here’s a video of the finished refresh process which shows MDT processing the answers provided by CustomSettings.ini. I have also shown that the USMT hard-linking process is working. The TS then stages the boot image and reboots into WinPE and begins to overlay my Windows 7 corporate wim.

http://youtu.be/9vJet3okIBw

Cheers

Damon

I think a lot of people look at UDI (User Driven Installation) Task Sequences as just that – an option for users in an organisation to perform actions associated with the deployment of an Operating System. Well that’s perfectly acceptable however when I first installed Configuration Manager 2012 in my lab I looked at the new UDI options and immediately saw a way of replacing my old HTA that I had with Configuration Manager 2007. I was fairly sure I could adapt the UDI Wizard to suit my deployment model taking full advantage of what the MDT team had already written. The following blog briefly describes what I have done with UDI in my organisation.

Implementing the out of box UDI solution is actually fairly straight forward.

  1. Integrate MDT with your Configuration Manager 2012 installation
  2. Create your MDT files package, I have done this with MDT 2012 Update 1
  3. Create a standard MDT client task sequence, this will automatically include the steps that call the UDI Wizard
  4. Test your Task Sequence to ensure that it works and calls the UDI Wizard as expected.

Once you have these basics configured you can then take a closer look at customising what built in panes the wizard presents and how that information is collected and used.

Its worth noting as this point that I haven’t had a need to create any custom panes which set variables. Having said that, you can do this and MDT 2013 includes the ability to create your own pages using a GUI which is a vast improvement on what was offered in MDT 2012 Update 1.

Using the UDI Wizard Designer, I have removed quite a few of the built in panes. This is because I have tailored it for my Service Desk technicians to use and rely on the other built in Task Sequence steps to set variables. I have modified the New Computer and Refresh page libraries and have a separate USMT scripted process for the replace scenario.

2013-08-19_133314

New Computer UDI Steps

2013-08-19_140310

Refresh Computer UDI Steps

I have created separate UDI XML files for each Operating System that I deploy or refresh so that I can control settings and what applications are installed. To call different UDI Wizard XML files, save your UDI XML template file with an appropriate name into your MDT Files package then modify the two UDI Wizard steps in the Task Sequence.

2013-08-19_140608

2013-08-19_133757

You can customise the default header image (as I have) so the UDI Wizard is customised to your organisation. To do this you will need to locate the UDI_Wizard_Banner.bmp file located in your MDT Files package. Modify both copies of this file within the \Tools\x86 and \Tools\x64 folders respectively. The image needs to be 759 x 69 pixels. Rename the old file to UDI_Wizard_Banner.original in case you wish to roll back. Once your changes are complete, update your Distribution Points.

2013-08-20_094912

2013-08-20_094756

Here are some screen captures on my New Computer UDI Wizard. You can use the wizard to add Organizational OU’s, a pre-populated Domain Name, Applications and other variable settings.

2013-08-19_134119

Collecting Computer and Network Settings

2013-08-19_134436

Application Selection and Installation

2013-08-19_134521

Summary Page

As the MDT Gather step runs before the UDI Wizard starts, you can also pre-populate other variables which will then automatically appear within the UDI panes. For example you may wish to run a separate script to generate a computer name, if this is run prior to the UDI Wizard running, it will be displayed in the pane that contains the field referencing that variable. Another good example of this is to pre-populate the domain join account username and password using CustomSettings.ini.

2013-08-19_135828

You can also use the UDI Wizard to present groupings of Applications which when selected will then be installed as part of the base variable COALESCEDAPPS during the Install Applications step of your TS . To correctly configure this for OSD you will need to create a collection within your Configuration Manager Console, then Deploy each Application to that collection that you want to make available during an OSD Task Sequence. The Deployment type needs to be set to availableAlternatively you can use an existing collection, if you have one setup, that already has your Applications deployed in this manner.

Note: If you rename an application in Configuration Manager 2012, you will have to update your UDI XML file, save and redistribute your MDT Files package.

2013-08-20_100030

When this has been completed you can use the UDI Wizard Designer to create your Software Groups. Ensure that you have set the Site Settings within the designer by selecting the Configuration Manager ribbon button. You will need to set your Site Server Name and the name of the Application Collection that you have created and deployed your Applications to otherwise your Applications will not appear when you try to search and add them.

Note: You need to tick the option “Allow this application to be installed from the Install Application task sequence action without being deployed” for each Application that you want to install as part of a TS

2013-08-20_101716

2013-08-20_100603

Using UDI as an alternative has allowed me to transition into Configuration Manager 2012 OSD easily, retiring my old HTA. I have been able to take advantage of the built in panes and were suitable, set and populate information automatically. With the new version of MDT 2013 around the corner, the new Custom Page Designer will no doubt add further options and capabilities in this area.

Hopefully this blog gives you some broad ideas around how you can implement UDI in your organisation and what is possible to achieve when using it.

2013-08-20_103446

Cheers Damon