Similar to a previous post on 10 Tips for a More Successful Windows Image Build & Capture, this post outlines tips to help you successfully deploy ConfigMgr 2012 R2 Applications during OS deployment for an image build/capture on a workgroup computer.
- First, review the top tips for OSD (10 Tips for a More Successful Windows Image Build & Capture)
- Second, if your DP is setup for HTTPS, skip to the last step in this sequence
- Enable anonymous authentication on the DP properties
- Install the latest CU for the ConfigMgr client with the PATCH property
- Ensure the Network Access Account (which is also used by workgroup computers to access resources) has been defined and has the appropriate access to the DP resources
- Install hotfix KB2522623 as a package – for Win7 SP1
- Install hotfix KB2775511 as a package – for Win7 SP1
- Command to enable SWDist Agent via command
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName=”Enable SWDist”, Enabled=”true”, LockSettings=”TRUE”, PolicySource=”local”, PolicyVersion=”1.0″, SiteSettingsKey=”1″ /NOINTERACTIVE
- Command to enable PowerShell Scripts: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 1 /f
Command to enable PowerShell ExecutionPolicy: reg add reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v ExecutionPolicy /d Unrestricted /f
- Application deployment types: set Content > Deployment options – Download content from DP and run locally
- Ensure the property “Allow this application to be installed from the Install Application Task Sequence action” has been enabled (hint: it’s on the General tab for the application’s properties)
- Then if all else fails, ditch applications for doing a build and capture…
In a recent build and capture (b&c) task sequence for ConfigMgr 2012 R2 that I was helping a customer with, I decided it was worthwhile to list the top things that can be overlooked. If these are done prior to beginning the process, then it can help to shorten and troubleshooting time involved. Also, be sure to see my tips for installing apps during OSD.
- Create an IP address range for content boundaries. When doing a b&c, it is a best practice to not join the system to the domain. So if AD Sites are used for the boundaries, then content cannot be found. To workaround this, add a IP address range boundary for the subnet of the virtual system.
- In task sequence step “Setup Windows and Configuration Manager”, include entry “SMSMP=SiteMPServerFQDN”. Example FQDN: CM1.contoso.com.
- Include installation of the latest cumulative update that is installed on the primary site. The easiest trick for ensuring the latest CU is installed during OSD is to do:
- Copy the hotfix install package from “C:\Program Files\Microsoft Configuration Manager\hotfix\KBxxxxxx\Client\” into “C:\Program Files\Microsoft Configuration Manager\Client\hotfix\KBxxxxxx\”.
- In the task sequence step “Setup Windows and Configuration Manager”, include the line “PATCH=’%_SMSTSMDataPath%\OSD\PkgID\hotfix\KBxxxxxx\x64\patchKBinstallname.msp’. Note that the path x64/i386 will need to be updated based upon the target OS.
- ConfigMgr boot media (.iso, USB, etc.) has been configured to allow unknown computers.
- Use the offline servicing functionality to pre-inject / install any Windows and .NET Framework 3.5.x security updates. Doing this to the original Windows image that was imported into the primary site will reduce the deployment time for the b&c. Note that if you are deploying Win7 Hotfix Rollup 1 (KB2775511), it can be helpful to add it into the list for Software Updates (see http://blogs.technet.com/b/brandonlinton/archive/2013/03/13/how-to-deploy-phantom-updates-with-system-center-configuration-manager.aspx).
- Prepare for Software Updates (e.g. MS security updates)
- Use multiple Install Software Updates steps. I like to use one immediately after installing core MS software (newer versions of .NET, MSXML, PowerShell, etc.) and then use two more at the very end of the task sequence.
- Optional: Create a script to which associates Microsoft Office with the Windows update agent so that those patches can be installed.
- Implement fixes and workarounds for installing packages and applications.
- Set additional task sequence variables to prevent “Error 80070002”. This is outlined in a TechNet support tip blog post, but impacts more than just MDT.
- SMSTSDownloadRetryCount = 5
- SMSTSDownloadRetryDelay = 15
- Configure the Windows image to be able to “run from the server”. In this way, the image does not need to download to the disk then finally extract … thereby causing a longer delay and more fragmentation. To do this:
- On the properties of the image, go to the Data Access tab and select the option to “copy the content in this package to a package share on distribution points”.
- In the task sequence’s step for Apply Operating System, go to the Options tab and select “Access content directly from the distribution point”.
- Configure the distribution point to allow anonymous connections.
In general the above items should help you to be more successful when doing an OSD image b&c. So that it’s not left unsaid, the below items could also prove useful.
- Setup the Network Access Account for the ConfigMgr primary site. For security, ensure that the account is a low rights domain user with a complex password and not an account with extended access rights to any systems on the network.
- Deploy the task sequence to All Unknown Computers. In this way an record of the ConfigMgr client will not need to be created first and added into a special collection.
When using stand-alone media to image a computer, you may potentially run into a failure with the Task Sequence with SMSTS.log message “Client installation failed, code 1 – The client GUID must be set in an environment variable”. Checking further into the client.msi.log file, you could see the source problem similar to “Unable to create a temp copy of patch ‘C:\_SMSTASKSEQUENCE\PACKAGES\SMS00002\HOTFIXES\KB2854009\X64\CONFIGMGR2012AC-SP1-KB2854009-X64.MSP’.”
This issue can be caused if you’re installing ConfigMgr 2012 hotfixes (or cumulative updates) as part of the client installation during OSD, which stand-alone media may not be handling properly.
One workaround for this scenario is to create additional tasks which will only install the hotfixes when not running from media as follows:
- On step “Setup Windows and Configuration Manager”, add a condition on the Options where TS Variable “_SMSTSMediaType not equals FullMedia”
- Copy that step and rename as “Setup Windows and ConfigMgr – Standalone Media”, remove the Installation Properties for the hotfix install, then change TS Variable check as “_SMSTSMediaType equals FullMedia”
The following custom HTA can be used during OSD when imaging computers with ConfigMgr. It has been updated from my previous version and will do the following:
- Utilizes a table with 3 columns to go across
- Has examples for text entry, drop-down selections, radial buttons, and checkboxes
- Removed the traditional X close button to prevent incidental closure via mouse (to close app, use Alt-F4)
- Contains the two lines of VBScript code to automatically hide the ConfigMgr Task Sequence progress bar interface
Remember to enable HTA support in your boot images – https://t3chn1ck.wordpress.com/2010/01/28/hta-support-in-sccm-boot-images/
<!-- Created by Nick Moseley https://t3chn1ck.wordpress.com For this script to function, HTA support must have been added into the boot image See for more information - http://technet.microsoft.com/en-us/library/dd799244.aspx This HTA/VBscript is used to present a GUI during imaging of a corporate PC. It prompts for: 1) PC name (automatically populated if the PC already exists in SCCM) 2) Time zone (currently just PST, AZT, and MST) 3) If the PC will be used as a VM parent image or as a physical PC 4) One-off software 5) Additional browsers 6) Department selection 7) Management selection --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>OSD Computer Details</title> <HTA:APPLICATION ID="objNoTitleBar" APPLICATIONNAME="OSD Computer Details" SCROLL="auto" SINGLEINSTANCE="yes" CAPTION="no"> <script language="VBScript"> window.resizeTo 550,255 window.moveTo 3,3 ' Hide the task sequence window 'On Error Resume Next Dim oTaskSequence, oTSProgressUI Set oTaskSequence = CreateObject ("Microsoft.SMS.TSEnvironment") Set oTSProgressUI = CreateObject("Microsoft.SMS.TsProgressUI") oTSProgressUI.CloseProgressDialog Sub PreloadOptions Dim sTSMachineName, bPromptName sTSMachineName = ucase(oTaskSequence("_SMSTSMachineName")) If left(sTSMachineName,6) = "MININT" Then bPromptName = True ElseIf sTSMachineName = "MINWINPC" Then bPromptName = True Else bPromptName = False End If If bPromptName Then ComputerName.value = "" Else ComputerName.value = sTSMachineName End If End Sub Sub FinishClickTasks '==================================== ' Get/set computer name '==================================== Dim sComputerName sComputerName = UCase(ComputerName.Value) ' Check that a PC name was entered Do If sComputerName = "" Then MsgBox "Error: Computer name cannot be left empty!", vbCritical, "Error" sComputerName = InputBox ("Please enter a computer name to continue", "", , 30,30) End If Loop Until sComputerName <> "" oTaskSequence ("OSDComputerName") = sComputerName '==================================== ' Get/set department configuration '==================================== For Each oSelection in DepartmentChooser.Options If oSelection.Selected Then oTaskSequence ("OSDDepartment") = lcase(oSelection.InnerText) End If Next '==================================== ' Get/set managerial position '==================================== For Each oSelection in ManagerRole.Options If oSelection.Selected Then oTaskSequence ("ManagerRole") = lcase(oSelection.InnerText) End If Next '==================================== ' OSConfig selection '==================================== For Each oSelection in OSConfig If oSelection.Checked Then oTaskSequence ("OSDOSConfig") = lcase(oSelection.value) End If Next '==================================== ' Get/set Other Apps '==================================== If SevenZip.checked Then oTaskSequence ("OSD7zip") = "true" End If If Firefox.checked Then oTaskSequence ("OSDFirefox") = "true" End If If NotepadPlusPlus.checked Then oTaskSequence ("OSDNotepadPlusPlus") = "true" End If If GoogleChrome.checked Then oTaskSequence ("OSDGoogleChrome") = "true" End If If PaintNet.checked Then oTaskSequence ("OSDPaintNet") = "true" End If If Safari.checked Then oTaskSequence ("OSDAppleSafari") = "true" End If '==================================== ' Get/set Time Zone configuration '==================================== For Each oSelection in TZChooser.Options If oSelection.Selected Then oTaskSequence ("OSDTimeZone") = oSelection.id End If Next '==================================== ' Terminate the HTA '==================================== window.close End Sub </script> </head> <!------------------------------------------------> <!---------------- HTML goes here ----------------> <!------------------------------------------------> <body STYLE="font:12 pt arial; color:white; background-color:#006699" onload="PreloadOptions"> <table cellpadding="3" border=1> <tr valign=top> <td> <p> <b>Computer Name</b><br> <input type=text id="ComputerName" name=ComputerName size=22> <p> <b>Time Zone</b><br> <select size="1" name="TZChooser"> <option value="00" id="Mountain Standard Time">MST (US Mountain)<BR> <option value="01" id="Pacific Standard Time">PST (US West Coast)<BR> <option value="02" id="US Mountain Standard Time">AZT (US Arizona)<br> <!--<option value="03" id="Central Standard Time">CST (US Central)<BR>--> <!--<option value="04" id="Eastern Standard Time">EST (US East Coast)<BR>--> </select> <p> <b><u>OS Configuration</b></u><br> <input type="radio" value="standalone" name="OSConfig" checked="True"> Standalone PC/VM<br> <input type="radio" value="vmparent" name="OSConfig"> VM Parent </td> <td> <b><u>Software Options</b></u><br> <input type="checkbox" name="SevenZip"> 7-zip Utility<br> <input type="checkbox" name="NotepadPlusPlus"> Notepad++<br> <input type="checkbox" name="PaintNet"> Paint.Net<br> <p> <b><u>Internet Browsers</b></u><br> <input type="checkbox" name="Safari"> Apple Safari<br> <input type="checkbox" name="Firefox"> Firefox Browser<br> <input type="checkbox" name="GoogleChrome"> Google Chrome<br> </td> <td> <p> <b><u>Department Selection</b></u><br> <select size="1" name="DepartmentChooser"> <option value="00"> Standard PC</option> <option value="01"> Accounting</option> <option value="02"> Human Resources</option> <option value="03"> Information Technology</option> </select> <p> <b><u>Management Role</b></u><br> <select size="1" name="ManagerRole"> <option value="00"> n/a</option> <option value="01"> Supervisor</option> <option value="02"> Manager</option> <option value="03"> Director</option> <option value="03"> VP</option> </select> <p> <button accesskey=N type=submit id=buttonFinish onclick=FinishClickTasks>Finish</button> </td> </tr> </table> <!------------------------------------------------> <!------------------ End HTML --------------------> <!------------------------------------------------> </body> </html>
One of the “gotchas” of BitLocker security is that by not having the hard drive first in the boot order within BIOS, can cause BitLocker security to become enacted and thus needing manual entry of the 48-character key upon the next system restart. This can be a frustration for users who have this happen to them, especially while travelling and unable to reach the help desk. So, during an OS deployment, make efforts to change the boot order in BIOS.
To do this with HP
- Obtain the BIOSConfigUtility in the Systems Software Manager
- Create a text file named “BootOrder.REPSET”. The text file contains the below content. Note that I found it is necessary to define two devices to modify the boot order.
English Boot Order Hard Drive(C:) Notebook Upgrade Bay
- Run command
To do this with Dell
- Obtain the Client Configuration Toolkit
- Run command
cctk.exe bootorder --sequence=hdd
If you find yourself in a position that you did not do this during the initial deployment of the OS, never fear, SCCM is here! Using task sequences, you can automate the process as to set the hard drive to be first in the boot order and re-seal the TPM by performing the following steps:
A challenge with installing software updates during a task sequence is that it may occur where not all updates are applied on the first pass. The workaround is run software updates, run a VB Script or PowerShell script to force another scan, then run a software updates task again. Others have posted their scripts on this before, so it’s nothing new. However, I failed trying to quickly locate those scripts. So I’m just posting my own of what I use….
'========================================================================== ' AUTHOR: Nick Moseley , https://t3chn1ck.wordpress.com ' DATE : 7/30/2010 ' COMMENT: Initiates an SCCM client scan ' Script from http://msdn.microsoft.com/en-us/library/cc144313.aspx ' Updated 7/15/11 to include a sleep before exiting script '========================================================================== ' Set the required variables. actionNameToRun = "Updates Source Scan Cycle" ' Create a CPAppletMgr instance. Dim oCPAppletMgr Set oCPAppletMgr = CreateObject("CPApplet.CPAppletMgr") ' Get the available ClientActions object. Dim oClientActions Set oClientActions = oCPAppletMgr.GetClientActions() ' Loop through the available client actions. Run the matching client action when it is found. Dim oClientAction For Each oClientAction In oClientActions If oClientAction.Name = actionNameToRun Then oClientAction.PerformAction End If Next ' Wait for 3 minutes for scan completion before exiting script wscript.sleep(180000)
For those whom need to add language packs to a Win7 image build/deployment, but only have SCCM infrastructure (without MDT integration), a TechNet forum posting gives the answer (which I’ve posted below).
- Create a package and copy each lp.cab file into the root (Just rename each cab so they can all exist in the same folder e.g. de-de.cab for German etc…)
- In your task sequence, after the Setup windows and ConfigMgr step and before you apply any updates (important) add a Run command line step with the following properties:
- Package: The package from step 1
- Disable 64-bit file system redirection: Enabled
- Command Line: cmd.exe /c dism.exe /online /add-package /PackagePath:”%CD%”
This will add all language packs that exist in the package directory to the installed OS. If you need to add more languages later, just drop a CAB file in the package and update it the command line stays the same. This also has the added benefit of only downloading the package once to install all the required languages. If you specify multiple tasks to do this in the task sequence it has to download each one separately which can add some additional overhead to the time to install.