This is part 2 of many! For the most part, this is same content/notes that I had done as part of my SCCM Guru sponsored webcast in early 2012.
Thanks everyone for sticking it out with me through the webcast so far! I hope that I haven’t lost too many folk. Now that we’ve reviewed the fundamentals of task sequences – steps, variables, and conditions – lets now get into some scenarios, examples, and demonstrations of what the power of task sequences can do. As mentioned task sequences are not just for deploying an OS. They can be used for automating any tasks such as deployment of varied software, chaining installations, configuring Windows, performing decision logic, etc.
Prior to task sequences the only way to link together, or chain, execution of different packages was to use the “Run another program first” option with the advanced settings of the program. In such a way, you could chain multiple packages together to ensure exact execution in a precise order of operations. However, this suffers from some limitations such as if one program failed midway in the chain, the remainder of the chain failed. Furthermore, if the chain was rerun, it then needed to rerun from the very beginning of the chain and repeated those programs which were previously successful. Although it was good for what needed to be accomplished, it still had challenges and limitations.
Now with the power of task sequences, chaining programs is almost a thing of the past. In fact task sequences can give you as the administrator so much more control over the end goal.
Demo: MS Office upgrade
A prime example that I always like to demonstrate is an upgrade of Microsoft Office, such as upgrading from 2007 to 2010 along with upgrading any Office 2010 installs to SP1. There are several steps into accomplishing this upgrade. Allow me demonstrate:
- Set the TS shutdown behavior
- Set the message to something friendly
- Set the countdown to 10 minutes
- Restart Windows so that no Office files are locked
- Except if no Office is installed
- Change the restart message
- What to do about the SCCM client cache size? (e.g. since it’s downloaded into _SMSTaskSequence, cache size does not need to change)
- Install Office 2010 (skipping upgrade is Office 2010)
- One configuration with just Word, Excel (such as a kiosk)
- One configuration with all software
- Install Office 2010 Service Pack 1
- Install security updates
- Defrag the hard drive
Demo 11: Office 2010
Demo: detection of 32-bit vs. 64-bit
As mentioned, a typical best practice distribution of software is to build collection where the query is designed to only target computers that are missing a particular application version unless the version is newer. For example, Application A is installed corporate-wide at version 1.0. You’ve been tasked with upgrading it to version 1.1 and any computers missing the application. However, some computers are running 1.2 so they should not be included in the target. So you would be your sub-select query to fulfill these requirements.
Here is a great example of this similar scenario. I recently assisted a customer with creating a task sequence to deploy Microsoft updates to their servers, including an upgrade of VMware Tools to the latest version and to install the software if it didn’t exist at all. Normally this can be moderately simple, but detection of the software requires two different methods since the tools have a 32-bit version and 64-bit version. The detection boils down to:
- On 32-bit Windows
- Install if software not present with 32-bit detection
- Upgrade if software version older than current version using 32-bit detection
- On 64-bit Windows
- Install if software not present with 64-bit detection
- Upgrade if software version older than current version using 64-bit detection
Demo 12: Include an example of the sub-select query so that it translates better into how that looks in a WMI query. Also demonstrate how it could be broken into two different steps of x86 and x64 or combined into one step.
Demo: Workstation Updates
Here’s a situation that you’re all familiar with: keeping the desktops and laptops updated with the most secure software within the environment. Though often times, software is deployed on as-needed basis, more and more companies require a change control process coordinated with a specific period in which the updates can be deployed to computers.
At its most simplistic form, an admin could just assign a package to a collection with the assumption and hope that all computers installed the updates. A better step in the right direction is to create a collection with a sub-select query to only target the computers that actually need the software. However, what does one do if you want the best of both worlds? Turn to the power of task sequences of course! This is a great example if you’re in a situation where all actions need to run in a systematic timeline with very little lag and better visual indicator to users.
- Change the default restart time from 30 seconds to 10 minutes so users have enough time to close documents if necessary.
- Pre-install restart
- Install Adobe Reader update (only if Acrobat not installed)
- Install Adobe Acrobat update (only if Acrobat installed)
- Install Microsoft Security Updates
- Upgrade BIOS for computer model XYZ
- Restart computer into WinPE so as to do the next item:
- Execute a utility to enable Wake On LAN in BIOS
- Force a Group Policy Update with system restart
Miscellaneous Administrative Tasks
Now let’s pretend you have a string of routine administrative tasks to perform against computers on a regular basis. Task sequences are also powerful in this way by not just being limited to installing software or deploying an OS. The example that I’ll use here may not completely be a real world example, but again, it is designed to demonstrate flexibility and get your juices flowing.
- Delete old user profiles
- Cleanup temp files
- Delete SCCM cached files
- Flush/register DNS
- Check the local admins group for unauthorized users/groups (use Sherry’s DCM?)
- Force a Group Policy Update without system restart
- Run SCCM Client Health Check Script
- Defrag hard drive
Demo: Complex Conditions Flows
Along the way with the demos so far, I’ve tried to incorporate different examples of using task sequence conditions. The VMware Tools demo definitely showed some complexity using WMI queries to decipher 32-bit versus 64-bit detection. But now let’s have some fun by taking this a step further! We need deploy a software install which meets the following requirements:
- The post-install restart of Windows for a specific department needs to give a 10 minute countdown (first 3 digits of computer name are the department code)
- Only execute on Windows workstation OS (excluding Windows 2000)
- Cannot execute on computers which live in a specific OU
- A combination of four installation types based upon
- Two different command lines parameters where applicability comes from a value in the registry
- Two different architectures (32-bit vs. 64-bit)
- An additional install occurs for computers which have a special local user account
Demo: Multiple methods to accomplish same thing
I am going to have more fun with the flexibility of task sequences by demonstrating six different ways to accomplish the same thing. In this example, we are going to uninstall Flash v10 and install Adobe Flash v11 either with the 32-bit or 64-bit editions. Keep in mind that some of these exmamples are a little unrealistic, but it does exhibit the flexibility.
Demo: Uninstall Flash 10, install Flash 11
- Easy: individual steps with no checks, just do it regardless
- Easy: WMI queries for existence or architecture
- Easy: step for the Installed Software using an MSI
- Moderate: use a script which sets a custom TS variable to do the uninstall detection
- Moderate: use collection custom TS Variable
- Moderate: multi-application install to do everything at once
Demo: Operations within Windows PE
Here is a cool thing that I’ve done in my experience. There had been a few instances where one of the field offices was being sold to another company, but it was contracted for the new ownership to retain the existing computer hardware. The challenge therein was that we couldn’t allow them to have access to company software licenses or data that may exist on the system. So I developed a task sequence to remotely erase the hard drive.
- Restart in WinPE
- Format the disk
- Restart the TS to boot into the host OS