MDT 2010: Finish action

Posted on May 18, 2011 by Andrew Barnes

One importing thing when deploying images is ensuring there is some sort of indication that Lite-Touch has ended and the machine is ready for use. For security, you may wish to shut the machine down at the end or log the machine off. This behaviour is optional by using the FinishAction property in the customsettings.ini.

Use this to log the current user off at the end of a deployment:

FinishAction=LOGOFF

Use this setting to turn the computer off at the end of a deployment:

FinishAction=SHUTDOWN

To reboot the computer at the end of a deployment use either

FinishAction=REBOOT

or

FinishAction=RESTART

These settomgs can be used in the customsettings.ini or as a Task Sequence Variable.

Posted in Deployment, MDT 2010 | Tagged , , , , , , | 3 Comments

MDT 2010: Network Share Credentials

Posted on May 17, 2011 by Andrew Barnes

When performing Lite-Touch Deployments MDT will need to connect to shares for various purposes. For example, to access a deployment share, backup share or a user state migration share. Naturally, this process will require credentials. The account can be either a domain or local account. Below is an example on how to automate this:

UserDomain=scriptimus.local
UserID=ScriptimusPrime
UserPassword=V3ry_H4rd_p4$$w0rd

To start your Lite-Touch deployments automatically, enter the credentials in the bootstrap.ini file. This will automate the initial deployment share login.

To automate login to the backup share or user state migration shares during deployments, enter the credentials in the  customsetting.ini file.

In a workgroup environment you would use a local account, like in this example:

UserID=PC01\ScriptimusPrime
UserPassword=V3ry_H4rd_p4$$w0rd

In this workgroup scenario UserDomain can be omitted.

Remember, if you use the bootstrap.ini setting these credentials are stored in clear text format of every LiteTouchPE_x86.wim. Also, if you use the customsettings.ini settings, the credentials are visible in the deployment share, so just be aware of the security risk. I would try to work around the principle of least privilege.

For a successful deployment the service account will only need to access the user shares and in some cases to join machines to the domain. The account can be restricted in AD to only log on to the specific deployment server.

Posted in Deployment, MDT 2010 | Tagged , , , , , , , | 7 Comments

MDT 2010: Targeting Image Destinations

Posted on May 16, 2011 by Andrew Barnes

Many people encounter an issue applying their WIM images to the correct partition. I’ve seen this many times in the forums when people say that their images are not deploying to various disks or partitions etc as they want/expect. Although I have never experienced this phenomenon myself the property definitions listed below should help. You can use the property definitions to target the correct disk, volume and partition.

Use this example in your task sequences or customsettings.ini to correctly target your image destinations:

DestinationDisk=0
DestinationLogicalDrive=0
DestinationPartition=1

You can use the Diskpart tool to locate the correct disk/volume id’s. For example, run Diskpart from an elevated command prompt and type:

List disk
List Volume

You can find the Diskpart technical reference on Technet here.

Posted in Deployment, MDT 2010 | Tagged , , , , , , | 2 Comments

MDT 2010: Skipping Summary Pages

Posted on May 13, 2011 by Andrew Barnes

When performing your deployments the summary pages will cost you an extra click each. This is somthing you can’t afford in a fully automated deployment.

To hide the summary panes during the Lite-Touch Deployment wizard use the SkipSummary variable. For the final box that appears when a deployment ends use SkipFinalSummary. enter the following in the customsettings.ini or add them as Task Sequence Variables:

SkipSummary=YES
SkipFinalSummary=YES

This willl not stop the red boxes that appear in the case of a failure.

Posted in Deployment, MDT 2010 | Tagged , , , , , , | 4 Comments

MDT2010: Automation – Getting Started

Posted on May 12, 2011 by Andrew Barnes

Once you get to grips with MDT 2010 you’ll want to start streamlining your deployments by removing unnecessary wizard panes. To begin with, you can have your Lite-Touch deployments auto login and skip the welcome screens.

To start the deployment wizard without having to enter the passwords you will need to enter the credentials as variables using UserID, UserDomain and UserPassword in your Bootstrap.ini:

[Settings]
Priority=Default

[Default]

SkipBDDWelcome=YES
DeployRoot=\\PC-01\DeploymentShare$

UserID=ScriptimusPrime
UserDomain=scriptimus.local
UserPassword=P4ssw0rd

Remember, the user credentials are stored in plain text in your bootstrap.ini so it’s good practice to ensure that the account used has only access to the resources that it needs. My MDT service accounts have rights to access the deployment share only and have delegated rights to create computer accounts.

The example below will login using a local account on PC-01.

UserID=PC-01\Scriptimus

To skip the welcome panes, put this below in your bootstrap.ini also:

SkipBDDWelcome=YES

The manual says that the SkipBDDWelcome needs to be in the CustomSettings.ini but in my environments the bootstrap.ini alone will suffice.

Posted in Deployment, MDT 2010 | Tagged , , , , , , , | Leave a comment

MDT 2010: Automate Application Deployment

Posted on May 11, 2011 by Andrew Barnes

The installation of applications can be automated as part of a Lite-Touch deployment. There are times when you want to install an application after the operating system has been deployed. For example you may want to install an antivirus client or an SCCM client agent.

Firstly your applications will need to be added to the deployment workbench and configured to run silently. Once that’s done you can target the applications by obtaining their GUID’s from the Applications node.

The example below is taken from my customsettings.ini and will cause MDT to install 3 applications evertime a deployment is run:

SkipApplications=YES
SkipAppsOnUpgrade=YES

Applications001={1a7b58f6-5de8-4fb0-bcc9-88653ff810f4}
Applications002={e34ff5f1-2a52-43d2-89ff-2d13aef76233}
Applications003={c1ac9665-b9da-4db3-9e14-b729a9e09859}

You should list all your applications in the order that you want them installed (for example, Applications001, Applications002, Applications002 etc). followed by their GUID in curly brackets.

If you have many applications to automate, you can save time and obtain the GUIDs from the Applications.xml file in the Control folder of your deployment share.

You may not want your applications to install for every single task sequence in which case you can add the variables as Task Sequences Variables. More on that another day.

Posted in Deployment, MDT 2010 | Tagged , , , , , , | 13 Comments

MDT 2010: Joining a Domain

Posted on May 10, 2011 by Andrew Barnes

When deploying an operating system, automating the domain join process is pretty straightforward. There is a task sequence step called Recover from Domain that runs a script called ZTIDomainJoin.WSF. This script automates the whole process. It uses variables that can be set in a task sequence or in the customsettings.ini like in this example:

JoinDomain=scriptimus.local
DomainAdmin=ScriptimusPrime
DomainAdminDomain=scriptimus.local
DomainAdminPassword=H4rdP4$$0rd

If you upgrade or replace a machine it will use the same computername and stay in the same OU where the current computer account exists. For new machines you can specify the Organization to which you new machine will be placed. For example:

MachineObjectOU=OU=testlab,OU=computers,DC=scriptimus,DC=local

When creating reference images I dont usually join the domain unless I have to. In those cases I use an isolated OU as above.

In other instances to join a custom workgroup you can use these settings:

JoinWorkGroup=Scriptimus
Posted in Deployment, MDT 2010 | Tagged , , , , , , , | 13 Comments

USMT: Video Walkthrough

Posted on May 9, 2011 by Andrew Barnes

There’s loads of online resources available for the User State Migration tool. There’s a printable walkthrough on Technet and a series of  video walk-throughs by John Baker.

TechNet Video: (Part 1 of 5) Overview of User State Migration Tool
TechNet Video: (Part 2 of 5) What’s New in the User State Migration Tool 4.0
TechNet Video: (Part 3 of 5) User State Migration Tool Scenarios
TechNet Video: (Part 4 of 5) Hard-link Migration in the USMT 4.0
TechNet Video: (Part 5 of 5) Offline User State Capture in the USMT 4.0

Posted in Deployment, Video Walkthroughs | Tagged , , | Leave a comment

MDT 2010: Skipping Deployment Wizard Pages

Posted on May 6, 2011 by Andrew Barnes

For MDT 2012 version of this post read here.

When I first began deploying images using Microsoft Deployment Toolkit 2010, the most useful resource at my disposal was this table.

It lists the Deployment Wizard pages shown during a Lite-Touch deployment and the customsettings.ini and bootstrap.ini propertys needed to skip them.  It will help you achieve the semi or fully automated LTI Deployment Scenario. You’ll also learn pretty much everything else in between.

Skip this wizard page

Using this property

Configure these properties

Administrator Password

SkipAdminPassword

· AdminPassword

Welcome to the Windows Deployment Wizard

SkipBDDWelcome

 

Choose a migration type

SkipDeploymentType

· DeploymentType

Configure the computer name

SkipComputerName

· OSDComputerName

Configure the target partition

SkipDestinationDisk

· DestinationDisk

· DestinationPartition

Join the computer to a domain or workgroup

SkipDomainMembership

· JoinWorkgroup

      or

· JoinDomain

· DomainAdmin

· DomainAdminDomain

· DomainAdminPassword

Language and other preferences

SkipLocaleSelection

· KeyboardLocale

· UserLocale

· UILanguage

Operating system deployment completed successfully

SkipFinalSummary

 

Operating system deployment did not complete successfully

SkipFinalSummary

 

Packages

SkipPackageDisplay

· LanguagePacks

Ready to begin

SkipSummary

 

Select a task sequence to execute on this computer

SkipBuild, SkipTaskSequence

· TaskSequenceID

· BuildID

Select one or more applications to install

SkipApplications

· Applications

SkipAppsOnUpgrade

 

Set the Time Zone

SkipTimeZone

· TimeZone

      or

· TimeZoneName

Specify credentials for connecting to network shares

by providing properties in next column

· UserID

· UserDomain

· UserPassword

Specify the BitLocker configuration

SkipBitLocker

· BDEDriveLetter

· BDEDriveSize

· BDEInstall

· BDEInstallSuppress

· BDERecoveryKey

· TPMOwnerPassword

· OSDBitLockerStartupKeyDrive

· OSDBitLockerWaitForEncryption

Specify the product key needed to install this operating system

SkipProductKey

· ProductKey

      or

· OverrideProductKey

Specify where to save a complete computer backup

SkipComputerBackup

· BackupDir

· BackupShare

· ComputerBackupLocation

Specify where to save your data and settings

SkipUserData

· UDDir

· UDShare

· UserDataLocation

Specify whether to capture an image

SkipCapture

· ComputerBackupLocation

Specify whether to restore user data

SkipUserData

· UDDir

· UDShare

· UserDataLocation

 

Posted in Deployment, MDT 2010 | Tagged , , , , | 10 Comments

Missing Drivers

Posted on May 5, 2011 by Andrew Barnes

Nick Moseley has inspired me to write today’s blog with my own efforts.

When I’m testing a new machine to add to MDT I have a time saving script that outputs the missing drivers for me.

I kept losing this script it so I posted it online about a year ago and I usually google ‘Andrew Barnes missing Drivers’ and poof! It’s here in the Microsoft Script Repository.

The script creates a report like this:

Computer Details: 

Manufacturer: Dell Inc.
Model: Latitude D610                  

Hardware that's not working list

Service Tag: HRXXXXX

Description: Texas Instruments PCI-x515 CardBus Controller
Device ID: PCI\VEN_104C&DEV_8036&SUBSYS_01821028&REV_00\4&2CB2952F&0&08F0
Description: Unknown Device
Device ID: PCI\VEN_104C&DEV_8038&SUBSYS_01821028&REV_00\4&2CB2952F&0&0DF0
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01821028&REV_01\4&521ADAE&0&00E0
Description: Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4319&SUBSYS_00051028&REV_02\4&2CB2952F&0&18F0

This line outputs the report in a text file to the same folder that the script is run from. You can change the .\ to \\server\share\folder\

Set objLogFile = objFSO.CreateTextFile(".\" & strComputer &
" missing drivers.txt", ForWriting, True)

Some guy’s commented that it returns all devices that have a non zero error code (He a hater!) and that’s right, this will show all the devices in the device manager that are not working (even disabled) so they should be remediated in your build images.

You can download your missing drivers from the Microsoft Update Catalog by just pasting the Device ID into the search engine.

For futher reading check out MSDN here. Also Sample hardware scripts here.

Posted in Deployment, MDT 2010, Scripting | Tagged , , , , , , , , | 1 Comment