Deploying Windows 8 including Optional Windows Features with ConfigMgr 2012

This week my post will be about the deployment about the deployment of Windows 8 and then including optional Windows features. I already did a post like this about Windows Server 2012, and the methods are similar, but I’m still getting, and seeing, lots of questions about how it works for Windows 8.

So what I really want to show in this post are the different options for deploying Windows 8 including some random Optional Windows Feature(s). The three most used options for this are DISM, Powershell and MDT. Well, actually, to be really correct, there is only one option to install Features in Windows 8 and that’s DISM. Both, Powershell and MDT are just different methods for calling DISM actions. In the rest of this post I will show these three methods and in all three examples I will install the same the same feature, TelnetClient. Why this feature? Well, actually just because it installs quick.

Prerequisites

Before we can start, to deploy Windows 8 we need ConfigMgr 2012 SP1, but the introduction of the RTM version of that caused serious problems with the deployment of the client on Windows 8 (also during a task sequence). Microsoft provided two solutions for this and everyone can pick the one they like the most. The most important part is that picking one of the following solutions is a prerequisite for the rest of this post:

  • Install KB2801987 on all site servers.
  • Offline service KB2756872 into the Windows 8 image.

Method 1: Dism

TSEditInstFeatDISMThe first method that I want to show, which is also the basis for the following methods, is deploying Windows 8 and optional Windows features via Dism. This can be done quickly, by performing the following global steps:

  • Add a Configuration Manager Client Package (default)
  • Add a x86/ x64 Boot Image (default)
  • Add a Operating System Image of Windows 8 (default install.wim)
  • Create a Install an existing image package –Task Sequence, with the mentioned packages of the previous steps (no need for the steps State Migration, Include Updates and Install Updates).
  • Edit the new Task Sequence and add a Run Command Line –step (see picture). Now add the command line Dism.exe /Online /Enable-Feature /FeatureName:TelnetClient.

Note: To find the name of the features that we want to install, use: Dism.exe /Online /Get-Features. Also good to know, in Dism it is necessary to specify the top-level feature before we can install a sub-level feature.

Method 2: Powershell

TSEditInstFeatPHSThe second method that I want to show is deploying Windows 8 and optional Windows features via Powershell. This can be done quickly, by performing the following global steps:

  • Add a Configuration Manager Client Package (default)
  • Add a x86/ x64 Boot Image (default)
  • Add a Operating System Image of Windows 8 (default install.wim)
  • Create a Install an existing image package –Task Sequence, with the mentioned packages of the previous steps (no need for the steps State Migration, Include Updates and Install Updates).
  • Edit the new Task Sequence and add a Run Command Line –step (see picture). Now add the command line Powershell.exe Install-WindowsOptionalFeature –Name TelnetClient –Online.

Note: To find the name of the features that we want to install, use: Powershell.exe Get-WindowsOptionalFeature –Online. Also good to know, in Powershell it is not necessary to specify the top-level feature before we can install a sub-level feature.

Method 3: MDT 2012 Update 1

TSEditInstFeatMDTThe third, and last, method that I want to show is deploying Windows 8 and optional Windows features via MDT 2012 Update 1. This can be done quickly, by performing the following global steps:

  • Install MDT 2012 Update 1
  • Run Configure ConfigMgr Integration
  • Add a Configuration Manager Client Package (default)
  • Add a x86/ x64 Boot Image (default)
  • Add a Operating System Image of Windows 8 (default install.wim)
  • Create a Microsoft Deployment Toolkit Package
  • Create a Install an existing image package –Task Sequence, with the mentioned packages of the previous steps (no need for the steps State Migration, Include Updates and Install Updates).
  • Edit the new Task Sequence, add a Use Toolkit Package –step, add a Gather –step and add a Install Roles and Features –step. Here we can select the Operating System and the Features (see picture).

Note: To deploy .NET Framework 3.5 there are extra sources needed. Create a network share with the contents of the sources\sxs –folder from the Windows 8 –media and add a Set Task Sequence Variable –step. Set as Task Sequence Variable WindowsSource and as Value <NetworkShareWithSXSFolder>.

Tweeting the deployment status of a system via Orchestrator and ConfigMgr 2012

Only a few days before Christmas I thought it would be fun to just create something extra cool for this weeks blog post. I thought about something that would be different, but also useful in some way. So I started thinking about how I would like to get my deployment status messages, as I like to start my deployments without checking them al the time, and I came to Twitter. I’ve got my tweets everywhere, on my phone, my tablet, my laptop, etc. So wouldn’t it be cool to get the deployment status messages on twitter?

Prerequisites

Now I decided that I want to show how to tweet the deployment status of a task sequence, there are two methods to do that and I will show them both. The first method is to use a Status Filter Rule and the second method is to use use the Task Sequence. For these methods, the following points are prerequisites:

  • The Microsoft Deployment Toolkit 2012 Update 1 –package is created.
  • The program SCOJobRunner is present on an accessible location for the Site server.
  • The Site server is member of the OrchestratorUser –group.
  • The Network Access Account is member of OrchestratorUser –group.
  • The Social Media Integration Pack, of VIAcode, is registered, deployed and configured.

Runbook

OrcRunBooTweLet’s start with configuring the runbook for tweeting the deployment status. To keep this runbook as general as possible, it will need two input parameters. In total this runbook contains two steps with the following configuration:

  • OrcRunBooIniDatDetAdd an Initialize Data –activity and double-click it. In the Details Information click Add and a new parameter named Parameter 1 will be added. Now click Parameter 1 and change the name to ComputerName. Repeat that action and rename Parameter 2 to Status, click Ok and click Finish.
  • Add a Tweet –activity, link it with the previous activity and double-click it. In the Details fill in the field, next to Text, the text to tweet and click Finish. OrcRunBooTweProIn this example I choose the line @pvanderwoude The deployment of ComputerName is Status!. To get this line in that field, follow the next steps:
    • Fill in the text “@pvanderwoude The deployment of “.
    • Right-click and select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select ComputerName and click Ok.
    • Fill in the text “ is “.
    • Right-click and select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select Status, and click Ok.
    • Fill in the text “!“. 

Method 1: Status Filter Rules

Now let’s start with the first method, which I also prefer, and that’s configuring the Status Filter Rules. These rules have to perform the tweet action after, either a successful, or a failed deployment of a task sequence. StaFilRulTweGenTo invoke the runbook as an action for the Status Filter Rules use the following configuration:

  • In the Configuration Manager Console, navigate to Administration > Overview > Site Configuration > Sites.
  • In the Home tab click Settings > Status Filter Rules, click Create and the Create Status Filter Rule Wizard will show.
  • On the General page fill in as Name <aName> and select the following criteria and click Next.
    • Select Source and then select Client.
    • Select Message ID and fill in 11171.
  • StaFilRulTweActOn the Actions page, select Run a program, fill in with Program <Dir>:\SCOJobRunner.exe -ID:”<aRunbookID>” -Webserver:”<aWebserver>” -Parameters:”ComputerName=%msgsys;Status=succeeded” and click Next.
  • On the Summary page, click Next.
  • On the Completion page, click Close.

This was the configuration for a Status Filter Rule with a successful deployment. To create a Status Filter Rule for a failed deployment repeat the steps from above and replace 11171 with 11170 and replace succeeded with failed.

Method 2: Task Sequence

Now let’s go to the second method and that’s configuring the Task Sequence. The task sequence will need some extra logics to see whether it failed or not. This means it needs the following three adjustments

  1. One to set a new variable, OSDDeploymentStatus with a default value of succeeded.
  2. One to change the value of the new variable, OSDDeploymentStatus, to a failed, but only if something in the previous part of the task sequence failed if needed
  3. One to invoke the just created runbook with as input the name of the system and the status of the deployment.

TSEdiTweSta01So to put these adjustments together to real configuration changes follow the next six steps:

  • Add a New Group, fill in <aGroupName> and select in the Options –tab Continue on error.
  • Add a Set Task Sequence Variable –step, set Task Sequence Variable to OSDDeploymentStatus and set Value to succeeded.
  • Add a New Group and fill in <aGroupName>.
  • TSEdiTweSta02Add a Set Task Sequence Variable –step, set Task Sequence Variable to OSDDeploymentStatus and set Value to failed. Then go to the Options –tab and click Add Condition > Task Sequence Variable. In the Task Sequence Variable –popup, fill in as Variable _SMSTSLastActionSucceeded, set as Condition equals, fill in as Value False and click Ok.
  • Add an Use Microsoft Deployment Toolkit Package –step and Browse to the Microsoft Deployment Toolkit 2012 Update 1 –package.
  • TSEdiTweSta03Add and Execute Runbook –step, fill in with Orchestrator Server <anOrchestratorServer> and Browse with Runbook to the just created runbook. Then select Specify explicit runbook parameters, fill in with ComputerName %_SMSTSMachineName%, fill in with Status %OSDDeploymentStatus% and select Wait for the runbook to finish before continuing.

Result

As always, after all the configuring, it’s time to look at the results. Normally I like to show log files, or screenshots from console, or screenshots from the event viewer, but this time it’s time for something different. Specially for this post I created a new twitter account that, from now on, will show the deployment status of my lab systems. Those tweets are done by @MyTaskSequenceS and look like this:

TasSeqStaTwe

New and Improved: Pre-provision user applications during OS deployment via Orchestrator and ConfigMgr 2012

Last week I did a post about pre-provisioning user applications, based on group membership, during OS deployment, which I already thought was pretty cool. I got some nice positive feedback on that post, including a comment of my very well respected colleague and ConfigMgr MVP Kim Oppalfens. He said, “Nice find, but what if you have twenty applications?”. Well, my idea of last week would mean two task sequence steps per applications, so that’s not really an option for a lot of applications… I had to come up with something better.

The biggest challenge about this is that Orchestrator can only return static variables, it’s not possible to return dynamically named variables from a runbook. This meant that the only option left, to really achieve my new goal, was to manually edit the ZTIExecuteRunbook.wsf –script from MDT to turn a static variable into multiple task sequence variables. So in rough lines my runbook has to return one string with all application groups and MDT has to turn it into multiple task sequence variables.

Prerequisites

The prerequisites are the same as last week, but to be complete I will sum them up again. This post is based on one basic functional requirement and that’s, that Active Directory (AD) –groups are used to determine whether a user gets and application or not. For the rest of the post the following technical requirements are prerequisites and not further described:

  • The Microsoft Deployment Toolkit 2012 Update 1 –package is created.
  • The Nework Access Account is member of OrchestratorUser –group.
    • Note: By default the Execute Runbook –step will use the credentials of the Network Access Account to connect with Orchestrator.
  • The Active Directory Integration Pack is registered, deployed and configured.
  • User device affinity is configured to Allow user device affinity with automatic approval in the PXE –tab of the Distribution Point Properties.

Runbook

OrcRunBooOveVieLike last week let’s start with configuring the runbook that, in this case, will check all the group memberships. The biggest challenge about this runbook was to find a good way to return the group memberships. The runbook, that I ended-up with, returns a comma separated string with all groups and contains five activities with the following configuration:

    • Add an Initialize Data –activity and double-click it. In the Details Information click Add and a new parameter named Parameter 1 will be added. Now click Parameter 1, change the name to UserName, click Ok and click Finish.
    • Add a Get User –activity, link it with the previous activity and double-click it. In the Filters click Add. In the Filter Settings –popup, select as Name Sam Account Name, select as Relation Equals, right-click the field next to Value and select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select UserName and click Ok, click again Ok and then click Finish.
    • Add a Get Organizational Unit –activity, link it with the previous activity and double-click it. In the Filters click Add. In the Filter Settings –popup, select as Name Organizational Unit, select as Relation Equals, set as Value <aOUName>, click Ok and then click Finish.
      • Note: This is an optional activity that I use for the next activity to only get specific groups used for application distribution. An other option might be to check on specific group names, or anything that makes the groups differ from other groups.
    • OrcGetGroProRunBehAdd a Get Group –activity, link it with the previous activity and double-click it. In the Properties click Optional Properties…. In the Add/Remove Property –popup select Search Root, click >> and click Ok. Right-click the field next to Search Root and select Subscribe > Published Data. In the Published Data –popup, select with Activity Get Organizational Unit, select Distinguished Name and click Ok. Then select Filters and click Add. In the Filter Settings –popup, select as Name Member, select as Relation Equals, right-click the field next to Value and select Subscribe > Published Data. In the Published Data –popup, select with Activity Get User, select Distinguished Name, click Ok and click again Ok. Then select Run Behavior, select Flatten and click Finish.
    • Add an Return Data –activity link it with the previous activity and double-click it. In the Details right-click the field next to APPId and select Subscribe > Published Data. In the Published Data –popup, select with Activity Get Group, select Sam Account Name, click Ok and click Finish.
      • Note: To get the APPId String in the Return Data –activity go to the Properties of the runbook and add it in the Returned Data. Also keep in mind that the runbook has to return APPId, to be functional, as the MDT –script (ZTIExecuteRunbook.wsf) will specifically check for that (see the next paragraph for an explanation).

MDT

Now let’s take a look at the MDT –script (ZTIExecuteRunbook.wsf) that is used to execute a runbook via a task sequence. By default this script will just get the returned data from the runbook and make it into a task sequence variable, via this line of code:

oEnvironment.Item(sName) = sValue

As I wanted to keep the default behavior of the script, I adjusted the script to check for a specific name (APPId) in the returned data of the runbook. When the script finds it, the script will cut its comma separated value into pieces and create a new task sequence variable for every piece. These variables are based on the task sequence base variable (see the next paragraph) and can be used, in the task sequence, to install applications according to a dynamic variable list. This all means that I replaced the previous line of code for the following code snippet (don’t forget to update the Distribution Points after updating the script!):

If StrComp(sName, "APPId") = 0 Then
    aAppGroups = Split(sValue,",")
    For i = 0 To UBound(aAppGroups)
        sValue = aAppGroups(i)
        If Len(i)=1 Then
            sAppId = "0" & i+1
        Else
            sAppId = i+1
        End If
        sAppName = sName & sAppId
        oEnvironment.Item(sAppName) = sValue
    Next
Else
    oEnvironment.Item(sName) = sValue
End If

Download the modified script here: ZTIExecuteRunbook.wsf

Task Sequence

Now let’s start with configuring the task sequence. The task sequence needs three adjustments (five steps), one to set the User Device Affinity, one to execute the runbook and one to install the applications based on a base variable. For these adjustments follow the next steps:

    • Add a Set Task Sequence Variable –step, set Task Sequence Variable to SMSTSAssignUsersMode and set Value to Auto.
    • Add a Set Task Sequence Variable –step, set Task Sequence Variable to SMSTSUdaUsers and set Value to <DomainName>\%PrimaryUser%.
      • Note: PrimaryUser is a variable that I use to set the primary user for a device (User Device Affinity) and to find the group memberships. There are many methods to set this variable and during this testing I used a computer variable for that.
    • TSEdiCheGroMemAdd an Use Microsoft Deployment Toolkit Package –step and Browse to the Microsoft Deployment Toolkit 2012 Update 1 –package.
    • Add and Execute Runbook –step, fill in with Orchestrator Server <anOrchestratorServer> and Browse with Runbook to the just created runbook. Then select Specify explicit runbook parameters, fill in with UserName %PrimaryUser%, and select Wait for the runbook to finish before continuing.
    • TSEdiInsUseAppAdd an Install Application –step, select Install applications according to dynamic variable list, fill in with Base variable name APPId and click Ok.
      • Note: APPId is the variable that is returned by the runbook of the previous step. After the modifications to the ZTIExecuteRunbook –script it captures that variable and turns it’s value into multiple task sequence variables. Those variables now all contain the base variable name plus a number suffix starting at 01.

Result

Like last week, after all the configuring it’s now time to take a look at what the results are when the task sequence is done. This time I will show the results of how the application groups are passed on from the runbook to the task sequence. The first picture shows the application groups in the Output Parameters of the runbook in the Orchestrator Console. Then the second picture shows how the Execute Runbook –step (ZTIExecuteRunbook.log) processes the multiple groups into multiple task sequence variables and at last the third picture shows how the Install Application –step (SMSTS.log) processes the task sequence variables into applications that have to be installed.OrcAPPOutPutParZTIExeRunBooAPPLogSMSTSAPPIdLog

Note

In case the name of the groups are not equal to the applications, that need to be installed, and it’s not possible to easily extract the application name from the group name, then it might be necessary to use a Map Published Data –activity in the runbook. This way it can easily turn a group name into an application name, but the biggest down-side is that it will be a static list.then.

To end this post, I would like to thank my colleague Bart Timmermans for helping me better understand the (un-)logics of Orchestrator.

Pre-provision user applications, based on group membership, during OS deployment via Orchestrator and ConfigMgr 2012

This week it’s time for another, in my opinion, very cool post with the combination of Orchestrator and ConfigMgr 2012 (and MDT 2012 Update 1). In this post I want to use the user, set with User Device Affinity, to pre-provision applications, based on group membership, on a device during the initial deployment of the device. Out-of-the-box User Device Affinity can be used to pre-deploy user-targeted application to a device and it can be set during the deployment of a device. This way it will start receiving applications very quick after the deployment.

Basically I’m going to show in this post how to set User Device Affinity via a task sequence and how to use that username to install only specific applications for that user during the deployment of the device.

Prerequisites

This post is based on one basic functional requirement and that’s, that Active Directory (AD) –groups are used to determine whether a user gets and application or not. For the rest of the post the following technical requirements are prerequisites and not further described:

  • The Microsoft Deployment Toolkit 2012 Update 1 –package is created.
  • The Nework Access Account is member of OrchestratorUser –group.
    • Note: By default the Execute Runbook –step will use the credentials of the Network Access Account to connect with Orchestrator.
  • The Active Directory Integration Pack is registered, deployed and configured.
  • User device affinity is configured to Allow user device affinity with automatic approval in the PXE –tab of the Distribution Point Properties.

Runbook

OrcInsAppLet’s start with configuring the runbook that will check the group membership. The best thing about this runbook is that it doesn’t require any programming skills, just some logics which can be “clicked together”. This runbook contains five activities with the following configuration:

    • Add an Initialize Data –activity and double-click it. In the Details Information click Add and a new parameter named Parameter 1 will be added. Now click Parameter 1 and change the name to GroupName. Repeat that action and rename Parameter 2 to UserName, click Ok and click Finish.
    • Add a Get User –activity, link it with the previous activity and double-click it. In the Filters click Add. In the Filter Settings –popup, select as Name Sam Account Name, select as Relation Equals, right-click the field next to Value and select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select UserName and click Ok, click again Ok and then click Finish.
    • Add a Get Group –activity, link it with the previous activity and double-click it. In the Filters click Add. In the Filter Settings –popup, select as Name Sam Account Name, select as Relation Equals, right-click the field next to Value and select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select GroupName and click Ok. Click another time Add. This time in the Filter Settings –popup, select as Name Member, select as Relation Equals, right-click the field next to Value and select Subscribe > Published Data. In the Published Data –popup, select with Activity Get User, select Distinguished Name, and click Ok and the click Finish.
    • Add an Return Data –activity link it with the previous activity and double-click the link. In the Include click Get Group and change it to Count. Then click value and set Count equals to 1. Now double-click the new activity, set InstallApp to TRUE and click Finish. Repeat these actions, but the use for Count equals 0 and for InstallApp False.
      • Note: To get the InstallApp String in the Return Data –activity go to the Properties of the runbook and add it in the Returned Data.

Task Sequence

Now let’s start with configuring the task sequence. The task sequence needs two adjustments (five steps), one to set the User Device Affinity and one to execute the runbook. For these adjustments follow the next steps:

    • TSEdiVarAdd a Set Task Sequence Variable –step, set Task Sequence Variable to SMSTSAssignUsersMode and set Value to Auto.
    • Add a Set Task Sequence Variable –step, set Task Sequence Variable to SMSTSUdaUsers and set Value to <DomainName>\%PrimaryUser%.
      • Note: PrimaryUser is a variable that I use to set the primary user for a device (User Device Affinity) and to find the group memberships. There are many methods to set this variable and during this testing I used a computer variable for that.
    • TSEdiRunBooAdd an Use Microsoft Deployment Toolkit Package –step and Browse to the Microsoft Deployment Toolkit 2012 Update 1 –package.
    • Add and Execute Runbook –step, fill in with Orchestrator Server <anOrchestratorServer> and Browse with Runbook to the just created runbook. Then select Specify explicit runbook parameters, fill in with GroupName <anApplicationGroupName>, fill in with UserName %PrimaryUser% and click Ok.
    • TSEdiOptAdd an Install Application –step, select Install the following applications and select New (yellow start). In the Select the application to install –popup select the application that belong the <anApplicationGroupName> and click Ok. Go to the Options –tab and click Add Condition > Task Sequence Variable. In the Task Sequence Variable –popup, fill in as Variable InstallApp, set as Condition equals, fill in as Value True and click Ok.
      • Note: InstallApp is a variable that is returned by the runbook of the previous step. That step is so cool that it captures that variable and turns it into a task sequence variable.

Result

EdiPriUseAfter all the configuring, it’s now time to take a look at what the results are when the task sequence is done. As always there are lot’s of place to show the success of the different actions, so I had to pick a few. I tried to pick those that tell the most information from a picture.

The first result is of setting the primary user during the task sequence. In the Edit Primary User –popup it will show that with Primary Users a user is set with the Affinity Type of OSD Defined.

The second results are of the success of finding the user in the group. It show the Output Parameters of the runbook in the Orchestrator Console and under there the Execute Runbook –step (ZTIExecuteRunbook.log) processing the variable and its value.OrcOutPutParZTIExeRunBooLog

Deploying Windows 8 with the UE-V 1.0 Agent via ConfigMgr 2012

UE-VOfflFileServThis week I will do a post about deploying the recent released UE-V 1.0 Agent. Even though there is a great guide, named UE-V Deployment Guide, included with the installation files, I noticed that there is a small piece “missing” for a deployment, with Windows 8, via a task sequence. When I just added the agent to my task sequence, to deploy Windows 8, I noticed that the agent wasn’t installing during the deployment.

After looking at the Installation log file and after running the installer on a clean system, I saw that the Offline Files Service (CscService) needs to be running before the installation will run (see screenshot). It seems that the Offline Files Service on Windows 8, by default, is set to Automatic (Trigger Start), which means that it’s not running during the deployment. Of course there are multiple methods to work with this. In this post I will show one method and to be complete I will show the creation of the application and the “new” configuration of the task sequence.

Create Application

  • In the Configuration Manager Console, navigate to Software Library > Overview > Application Management > Applications.
  • In the Home tab click Create > Create Application and the Create Application Wizard will show.
  • On the General page, select Manually specify the application information and click Next.
  • On the General Information page, fill in the information about the application, select Allow this application to be installed from the Install Application task sequence action instead of deploying it manually and click Next.
  • On the Application Catalog page, click Next.
  • CAWUE-VOn the Deployment Type page, click Add and the Create Deployment Type Wizard will show.
    1. On the General page, Browse to AgentSetupx64.msi and click Next.
    2. On the Import Information page, click Next.
    3. On the General Information page, add /norestart to the Installation program and click Next.
    4. On the Requirements page, click Add and the Create Requirement will show.
      1. Select as Category Device.
      2. Select as Condition Operating System.
      3. Select as Rule Type Value.
      4. Select as Operator One of.
      5. Select the used 64-bit Operating Systems.
    5. Back on the Requirements page, click Next.
    6. On the Dependencies page, click Next.
    7. On the Summary page, click Next.
    8. On the Completion page, click Close.
  • Back on the Deployment Type page, click Add, the Create Deployment Type Wizard will show again and walk through step 1-8 again for AgentSetupx86.msi and click Next.
  • On the Summary page, click Next.
  • On the Completion page, click Close.

Distribute Content

  • In the Configuration Manager Console, navigate to Software Library > Overview > Application Management > Applications and select the new application.
  • In the Home tab click Deployment > Distribute Content and the Distribute Content Wizard will show.
  • On the General page, click Next.
  • On the Content page, click Next.
  • On the Content Destination page, Add the Distribution Point(s) and click Next.
  • On the Summary page, click Next.
  • On the Completion page, click Complete.

Edit Task Sequence

  • TSEditOfflFileIn the Configuration Manager Console, navigate to Software Library > Overview > Operating Systems > Task Sequences and select the task sequence.
  • In the Home tab, in the Task Sequence group, click Edit and the Task Sequence Editor will show.
  • Select Add > General > Run Command Line and fill in as Command line Powershell.exe Start-Service CscService.
  • Select Add > General > Install Application, or use an existing Install Application –step, click New, select the new application and click Ok.

Result

As always, now it’s time to look at the results! There are lot’s of places to look, like the Programs and Features, the SMSTS.log and the installation log of the UE-V 1.0 Agent. In this case I like to show the Offline Files Service –check in the installation log of the UE-V 1.0 Agent.InstUEV

How to perform an action directly after the task sequence is finished with ConfigMgr 2012

Last week I already did a post about a new task sequence variable and this week my post will be about another new task sequence variable. This one will probably be used a little less, but can be very useful in some specific situations. Think about situations where an action needs to be performed directly after the task sequence is finished, without impacting the status of the task sequence. In this post I will use a situation where I want the machine to shutdown at the end of the task sequence, as an example.

Configuration

TSEdiSMSTSPosActJust like last week, the configuration is actually very easy and it’s just more about knowing that the task sequence variable exists. This is another new task sequence variable in ConfigMgr 2012 SP1, which is currently still in BETA, named SMSTSPostAction. This task sequence variable can be used to configure a post action for a task sequence. To configure this, follow the next steps:

  • Open a task sequence in the Task Sequence Editor.
  • Add a Set Task Sequence Variable –step to the task sequence.
  • Fill in as Task Sequence Variable SMSTSPostAction and, in this example, as Value cmd /c shutdown /s /t 0 /f.
  • Close the Task Sequence Editor.

Result

Normally adding a shutdown action to a task sequence would cause the task sequence to fail, but now the task sequence will first end successfully and then it will perform the shutdown. A look at the deployment status will show this result. And of course I can show a screenshot of that or of a turned off machine, but I think the SMSTS.log will show some more useful information. As the SMSTS.log will also log the post action.SMSTSLogAct_1SMSTSLogAct_2

Note

Keep in mind that the SMSTS.log will register the action, but does not register a success or failure of the action.

How to apply the default install.wim of Windows 7 to C:\ with ConfigMgr 2012

It’s already known that the default install.wim of Windows 8, by default, applies to C:\, but wouldn’t it be great if there was this same functionality for Windows 7? That way there is no need for a Build and Capture task sequence anymore to maintain a thin image. Applying the default image to C:\ in combination with offline servicing of updates will do the trick. Well… I’ve got good news! In this post I will show how to apply the default install.wim of Windows 7 to C:\!

Configuration

TSEdiOSDPreDriLetThe configuration is actually very easy, it’s more about knowing that it exists. ConfigMgr 2012 SP1, which is currently still in BETA, brings a set of new task sequence variables. One of these variables can be used to apply the install.wim to any drive of choice. To configure this, follow the next steps:

  • Open a task sequence, to deploy Windows 7, in the Task Sequence Editor.
  • Add a Set Task Sequence Variable –step anywhere before the Apply Operating System –step.
  • Fill in as Task Sequence Variable OSDPreserveDriveLetter and as Value False.
  • Close the Task Sequence Editor.

Result

By default the install.wim of Windows 7 would have applied to D:\, but by setting OSDPreserveDriveLetter to False it will apply to any drive of choice. Of course I can show this result with a screenshot of an Windows Explorer, but I think, in this case, a look at the SMSTS.log file will show more information of this success.OSDPreDriLet

Using the power of Orchestrator to move a computer to a different OU via ConfigMgr 2012

The power of Orchestrator 2012 to automate actions is getting bigger and bigger, as the community for it grows and by that the number of Integration Packs (IPs). Of course there are also IPs for ConfigMgr, from both Microsoft itself and the community (via CodePlex). Besides that there wasn’t a real integration between ConfigMgr and Orchestrator, yet, but with MDT 2012 Update 1 a really nice new cool feature was introduced. This feature is the Execute Runbook –step during a Task Sequence. It gives anyone, with or without real programming skills, more robust options during a Task Sequence, as long as an IP exist for the action anyone wants to perform. Just remember, lots of these IPs are created by the community. So deliver useful feedback on them, or even better add your own actions, or IPs.

Prerequisites

In this post I want to show this new feature by creating a runbook for, an often requested script, or step, to move a(n existing) computer to a different OU. For the rest of the post the following points are prerequisites:

  • A Microsoft Deployment Toolkit 2012 Update 1 –package. This package contains the necessary scripts to execute a runbook during a task sequence.
  • The Nework Access Account needs to be “Orchestrator User”. By default the Execute Runbook –step will use the credentials of the Network Access Account to connect with Orchestrator.
  • Register, Deploy and Configure the Active Directory IP from Ryan Andorfer. I used this one, because it was easy to set up and, even more important, it works (even with Orchestrator 2012 SP1 BETA)!
  • The account used in the Connection Credentials needs to be at least member of the Account Operators –group in the Active Directory (AD). Otherwise it can’t move an object in the AD.

Runbook

RunBooMovCom

Let’s start with configuring this nice and basic runbook. This runbook will contain three steps with the following configuration:

  • Add an Initialize Data –activity and double-click it. In the Details Information click Add and a new parameter named Parameter 1 will be added. Now click Parameter 1 and change the name to ComputerName click Ok and click Finish.
  • Add a Get Object DistinguishedName –activity, link it with the previous activity and double-click it. In the Properties, fill in with DomainName <aDomainName> and fill in with Object Class computer. Then right-click the field next to Object Name select Subscribe > Published Data. In the Published Data –popup, select with Activity Initialize Data, select ComputerName, click Ok and then click Finish.
  • Add a Move AD Object –activity, link it with the previous activity and double-click it. In the Properties right-click the field next to Source Object LDAP Path select Subscribe > Published Data. In the Published Data –popup, select with Activity Get Object DistinguishedName, select Object_LDAP_Path and click Ok Then fill in with Destination Container OU LDAP Path <aOULDAPPath> and click Finish.
    • Note: Of course the Destination Container OU LDAP Path can also be (partly) filled with a Published Data. This basic sample is just to show the possibilities.

Task Sequence

TasSeqEdiMovComNow let’s start with the configuring the task sequence. To execute the runbook from the task sequence add the following steps and configuration:

  • Add an Use Microsoft Deployment Toolkit Package –step and Browse to the Microsoft Deployment Toolkit 2012 Update 1 –package.
  • Add and Execute Runbook –step, fill in with Orchestrator Server <aOrchestratorServer> and Browse with Runbook to the just created runbook. Then select Specify explicit runbook parameters, fill in with ComputerName %_SMSTSMachineName% and click Ok.
    • Note: By doing this the ComputerName –parameter from the Initialize Data –activity will be set to the computer name of the system running the task sequence.

Result

The default ConfigMgr task sequences are not able to move a computer object to an OU when it already exist in the AD. Running this task sequence will now result in the computer object being moved to the OU specified in the Move AD Object –activity, even when the computer object already existed in the AD. There are multiple places to look for the results of this action. Think about the log files (smsts.log and ZTIExecuteRunbook.log), the AD and the Orchestration Console. Of this last option I’ll show the results here:ActDetMovCom

Reporting about all the different OS Deployment Versions with ConfigMgr 2012

One of the biggest challenges with OS Deployment is keeping track of all the different deployments and everything that changed between the deployments. This post will focus on the first part, keeping track of all the different deployments. I will do that by showing a way to write information to the registry, creating a hardware inventory for those registry keys and building a report on the inventory data. For the second part, keeping track of all the changes, take a look at this great post of Maik Koster.

Create registry keys

Reg_DepVerThe first thing is to create a script that will write information about the deployment to the registry. As a deployment is much more then just the image, we need information about the task sequence. There are multiple ways to put a version number somewhere in the task sequence. I choose to write a version number in the task sequence name. Besides that I also write some extra information to the registry about the different Id’s and how it was deployed (see picture). To do this I use a very basic script like this (change PETERTEST to something different, like a company name):

Dim strAdvertisementID, strOrganisationName, strTaskSequenceID, strPackageName, strMediaType, strInstallDate, strKeyPath
Dim objEnv, objReg

Set objEnv = CreateObject(“Microsoft.SMS.TSEnvironment”)
Set objReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv”)

Const HKEY_LOCAL_MACHINE = &H80000002

‘Set variables
strAdvertisementID = objEnv(“_SMSTSAdvertID”)
strOrganisationName = objEnv(“_SMSTSOrgName”)
strTaskSequenceID = objEnv(“_SMSTSPackageID”)
strPackageName = objEnv(“_SMSTSPackageName”)
strMediaType = objEnv(“_SMSTSMediaType”)

‘Tattoo information in registry
strKeyPath = “SOFTWARE\PETERTEST”
objReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strValueName = “AdvertisementID”
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strAdvertisementID

strValueName =”InstallDate”
strInstallDate = FormatDateTime(date,2) & ” ” & FormatDateTime(time,3)
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strInstallDate

strValueName = “MediaType”
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strMediaType

strValueName = “OrganisationName”
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strOrganisationName

strValueName = “PackageName”
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strPackageName

strValueName = “TaskSequenceID”
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strTaskSequenceID

‘Clean up
Set objEnv = Nothing
Set objReg = Nothing

TSEd_DepVerNow to run this script, save it as a vbs file and add it to a package. In the  task sequence (see picture) add a Run Command Line –step, select Package and Browse to the package with the new script. In the Command line add cscript.exe <ScriptName> and select Disable 64-bit file system redirection. This last action makes sure that the registry information will be written to the same key on all systems, so there is no need for multiple inventory classes.

Extend Hardware Inventory

RegKeyToMofThe second thing is to create a hardware inventory for the newly created registry keys. There are two ways to do this. The first one is to create our own extensions and the second one is to use the tool RegKeyToMof. I choose to use the second way, as that tool makes my life a whole lot easier. On a computer, which has run the task sequence, open the tool RegKeyToMOFv31 and browse in the top screen to the new registry key. In the bottom screen it will now show the necessary extensions for the different MOF files. Also fill in a good Class Name (I use DeploymentVersion), as this will also be part of the table and view names in the database.

Now go to <InstallDir>\inboxes\clifiles.src\hinv, open the configuration.mof, go all the way to the bottom of this file and add the content of the configuration.mof –tab between the lines Added extensions start and Added extensions end. Assuming this is the first extensions, it will make it look similar to this (remember that PETERTEST might be different, when it’s changed in the initial script):

//========================
// Added extensions start
//========================

#pragma namespace (“\\\\.\\root\\cimv2”)
#pragma deleteclass(“DeploymentVersion”, NOFAIL)
[DYNPROPS]
Class DeploymentVersion
{
[key] string KeyName;
String AdvertisementID;
String InstallDate;
String MediaType;
String OrganisationName;
String PackageName;
String TaskSequenceID;
};

[DYNPROPS]
Instance of DeploymentVersion
{
KeyName=”Deployment_Version”;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|AdvertisementID”),Dynamic,Provider(“RegPropProv”)] AdvertisementID;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|InstallDate”),Dynamic,Provider(“RegPropProv”)] InstallDate;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|MediaType”),Dynamic,Provider(“RegPropProv”)] MediaType;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|OrganisationName”),Dynamic,Provider(“RegPropProv”)] OrganisationName;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|PackageName”),Dynamic,Provider(“RegPropProv”)] PackageName;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\PETERTEST|TaskSequenceID”),Dynamic,Provider(“RegPropProv”)] TaskSequenceID;
};

//========================
// Added extensions end
//========================

After this go to the to import in Admin/AgentSettings/HardwareInventory/SetClasses/Import –tab and add the content to a new (temporary) MOF file. This will create a MOF file with the following content:

#pragma namespace (“\\\\.\\root\\cimv2\\SMS”)
#pragma deleteclass(“DeploymentVersion”, NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name(“DeploymentVersion”),SMS_Class_ID(“DeploymentVersion”)]
Class DeploymentVersion: SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE)] String AdvertisementID;
[SMS_Report(TRUE)] String InstallDate;
[SMS_Report(TRUE)] String MediaType;
[SMS_Report(TRUE)] String OrganisationName;
[SMS_Report(TRUE)] String PackageName;
[SMS_Report(TRUE)] String TaskSequenceID;
};

HarInvClaNow open the Configuration Manager Console and navigate to Administration > Client Settings. Open (for example) the Default Client Settings, go to Hardware Inventory and click Set Classes. In the Hardware Inventory Classes, click Import and Open the new (temporary) MOF file. This will show the new class for the inventory.

Create report

The third, and last, thing to do is to create a report based on the new registry information. This is probably a lot easier then you might think, because adding a new class to the hardware inventory also creates new tables and views in the database. As I used DeploymentVersion, as the class name for the extension of the hardware inventory, the view in the database with the information is named v_GS_DeploymentVersion. So to get the new information in a report, including computer name, we need the following query:

SELECT     v_R_System.Name0, v_GS_DeploymentVersion0.AdvertisementID0, v_GS_DeploymentVersion0.InstallDate0, v_GS_DeploymentVersion0.MediaType0,
                      v_GS_DeploymentVersion0.OrganisationName0, v_GS_DeploymentVersion0.PackageName0, v_GS_DeploymentVersion0.TaskSequenceID0
FROM         v_GS_DeploymentVersion0 INNER JOIN
                      v_R_System ON v_GS_DeploymentVersion0.ResourceID = v_R_System.ResourceID
ORDER BY v_R_System.Name0

Now to put all the pieces together, open SQL Server Report Builder 3.0 and create a new report. Add a Data Source to the ConfigMgr database and create a DataSet with the previously mentioned query. The last things to do is add a table to report, add the necessary fields and save the report between the other ConfigMgr Reports. Open the Configuration Manager Console, navigate to Monitoring > Overview > Reporting > Reports and that’s where the new report will show up.

Result

Wondering what the end result looks like? Well, here is a basic example of what it will look like:

Rep_DepVer

Migrating to Windows 8 by using hard-links with ConfigMgr 2012

After the release of Windows 8 last week we can already start thinking about migrating. When I’m thinking about migrations I always like the computer-refresh scenario’s where we can use hard-links. In this post I will show a basic task sequence to capture user files and settings, either offline or online, with help of hard-links. I already showed the basics of that in an earlier post last year when ConfigMgr 2012 was still in Beta. Since then the Wizard screens have not changed so I will not show that again, but  I will show some more information about what happens.

Prerequisites

To support migrating to Windows 8 we need ConfigMgr 2012 SP1 (which is currently still CTP) in place with at least the following packages:

  • Boot Image package, of at least version 6.2.xxxx
  • ConfigMgr client package
  • USMT 5.0 package, of at least version 6.2.xxxx
  • Image package, which can be the default install.wim of Windows 8

Basic steps

To create a task sequence that can migrate to Windows 8 we can use the following steps (for screenshot see my earlier post of last year):

  • Right-click the Task Sequence node and select Create Task Sequence.
  • On the Create a New Task Sequence page, select Install an existing image package and click Next.
  • On the Task Sequence Information page, fill in a Task sequence name, Browse for the Boot image and click Next.
  • On the Install Windows page, browse for the Image package, uncheck Partition and format the target computer before installing the operating system, (optional) uncheck Configure task sequence for use with Bitlocker, (optional) fill in a Product key, (optional) select Always use the same administrator password and click Next.
  • On the Configure Network page, (optional) select Join a domain, Browse for the Domain and Domain OU, Set an Account and click Next.
  • On the Install ConfigMgr page, Browse for the ConfigMgr client Package, (optional) fill in the Installation Properties and click Next.
  • On the State Migration page, select Capture user settings, Browse for the USMT Package, select Save user settings locally, (optional) uncheck Capture network settings, (optional) uncheck Capture Microsoft Windows settings and click Next.
  • On the Install Updates page, click Next.
  • On the Install Applications page, click Next.
  • On the Summary page, click Next.
  • On the Progress page, just wait…
  • On the Confirmation page, click Close.

Advanced steps

The basic steps will create a task sequence that will only perform it’s capture while the task sequence is running online (Full OS). Also notice that the task sequence already sets the ‘extra’ task sequence variable OSDStateStorePath to the value %_SMSTSUserStatePath%. But when we also want to be able to perform an capture while the task sequence is running offline (WinPE), we need to make the following small adjustments.

  • TSEd_RemConSelect the Capture Files and Settings Group, go to the Options tab and Remove the Conditions (or remove the whole top Group).

    Explanation: This is necessary to make it possible to also capture user files and settings in WinPE.

  • Select the Capture User Files and Settings Step (optional: change the name), go to the Options tab and add the condition of _SMSTSInWinPE equals FALSE.

    TSEd_FullOSExplanation: This is necessary to make this step only run in FullOS. This step will run the following scanstate command: C:\_SMSTaskSequence\Packages\<ID>\amd64\scanstate.exe C:\_SMSTaskSequence\UserState /o /localonly /efs:copyraw /c /hardlink /nocompress /l:C:\Windows\CCM\Logs\SMSTSLog\scanstate.log /progress:C:\Windows\CCM\Logs\SMSTSLog\scanstateprogress.log /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migdocs.xml /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migapp.xml

  • TSEd_WinPEAdd an extra Capture User State Step (optional: change the name), select Copy by using file system access and check Continue if some files cannot be captured, Capture locally by using links instead of copying files and Capture in off-line mode (Windows PE only). Now go to the Options tab and add the condition of _SMSTSInWinPE equals TRUE.

    Explanation: This is necessary to make this step only run in WinPE.This step will run the following scanstate command: C:\_SMSTaskSequence\Packages\<ID>\amd64\scanstate.exe C:\_SMSTaskSequence\UserState /o /localonly /efs:copyraw /offlineWinDir:C:\WINDOWS /c /hardlink /nocompress /l:X:\WINDOWS\TEMP\SMSTSLog\scanstate.log /progress:X:\WINDOWS\TEMP\SMSTSLog\scanstateprogress.log /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migdocs.xml /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migapp.xml

  • TSEd_RestTo complete the overview, I’ll show here the default values of the restore settings. (Optional) Select Restore local computer user profiles and give in a password.

    Explanation: This step will run the following loadstate command: C:\_SMSTaskSequence\Packages\<ID>\amd64\loadstate.exe C:\_SMSTaskSequence\UserState /ue:<computername>\* /c /hardlink /nocompress /l:C:\WINDOWS\CCM\Logs\SMSTSLog\loadstate.log /progress:C:\WINDOWS\CCM\Logs\SMSTSLog\loadstateprogress.log /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migdocs.xml /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migapp.xml

I still remember creating all batch files to perform these actions. Now they are possible out of the box!

Result

Now running this task sequence from either Full OS or WinPE will result in something like the example under here. In this example I migrated some files, folders and background. This last one will show as first in the new Windows 8 machine.

Before After
Before After