Category: Deployment

Copying $OEM$ files and folders with MDT 2012 Update 1

MDT 2012 Update 1 no longer uses SETUP.EXE to install Windows 7 and above. One side effect of this is that $OEM$ folders are no longer going to be copied, since that was something that SETUP.EXE did that the MDT LTIApply.wsf script doesn’t handle.

I’ve never been a big fan of using the $OEM$ folder structure, as it’s just as easy to add explicit XCOPY steps into the task sequence. But for those of you out there that are using them, you can leverage the attached script (CopyOEM.zip) in your task sequence to do that.

To set this up, first copy the script into your deployment share. Then, add a new step to the task sequence right after the “Install Operating System” step to run the script. It should look like this:

CopyOem

Now, it will follow the original MDT logic for locating the appropriate $OEM$ folder to use, checking in this order:

  • %DeployRoot%\Control\%TaskSequenceID%\$OEM$
  • %SourcePath%\$OEM$
  • %DeployRoot%\%Architecture%\$OEM$
  • %DeployRoot%\$OEM$

where %DeployRoot% is the path to the deployment share, %TaskSequenceID% is the ID of the running task sequence (e.g. WIN8), %SourcePath% is the path within the deployment share for the operating system being used, and %Architecture% is either X86 or X64, depending on the boot image being used.

Once it finds a folder, it will look for two folders in that $OEM$ folder and copy them to the appropriate place for the new OS:

  • $1 will be copied to the root of the volume that the new OS image was applied to.
  • $$ will be copied to the Windows folder on the volume that the new OS image was applied to.

The script doesn’t deal with any other folders because it’s too messy to do that from within Windows PE – drive letters aren’t the same as what they would end up being in the full OS

Download: CopyOEM.zip

Source: Copying $OEM$ files and folders with MDT 2012 Update 1

MDT Displaying the task sequence name

When you configure MDT you could specify an organization name  To specify these, you can configure them in CustomSettings.ini:

_SMSTSOrgName=WardVissers
_SMSTSPackageName=My Package Name

That’s great if you want to hard-code the values, but what I wanted was that _SMSTSPackageName  is set to the name of the task sequence that is being executed. That’s a little harder to do, because the task sequence hasn’t yet been selected when CustomSettings.ini is being processed, and you can’t set these read-only variables once the task sequence has started.

So this is one of those cases where you have to modify one of the MDT scripts, in this case LiteTouch.wsf. Fortunately, it’s a really trivial change. Look for this line:

oEnvironment.Item("_SMSTSPackageName") = "Lite Touch Installation"

And change it like so:

oEnvironment.Item("_SMSTSPackageName") = oEnvironment.Item("TaskSequenceName")

That line is only executed if _SMSTSPackageName is blank after CustomSettings.ini has been processed, so it won’t have any effect if you manually configured a value in CustomSettings.ini.

With that change, you can now see the name of the currently-running task sequence:
IMG_20120903_155124

You can download the file here: LiteTouch.7z (Tested with MDT 2012 Update 1)

Microsoft Deployment Toolkit (MDT) 2012 Update 1

Microsoft Deployment Toolkit (MDT) 2012 Update 1 is the newest version of MDT, a Solution Accelerator for operating system and application deployment. MDT 2012 Update 1 supports deployment of Windows 8, Windows 7, Office 2010 and 365, Windows Server 2012, and Windows Server 2008 R2 in addition to deployment of Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.

Some of the key changes in MDT 2012 Update 1 are:

  • Added support for Windows 8 and Windows Server 2012.
  • Support for System Center 2012 Configuration Manager SP1 CTP: Added support in MDT for deploying Windows 8 and Windows Server 2012 with Configuration Manager 2012 SP1 CTP, while supporting all new Configuration Manager functionality (offline BitLocker, UEFI, and Assessment and Deployment Kit).
  • Support for DaRT 8 Beta: Updated MDT to support DaRT 8 for Windows 8 deployments, while continuing to support DaRT 7 for Windows 7 deployments. Added DaRT support for Configuration Manager scenarios.
  • New “Build Your Own Pages” User-Driven Installation (UDI) feature: Enhanced the UDI wizard and designer to enable IT pros to design their own wizard pages with little effort.
  • New System Center 2012 – Orchestrator support: Provided the ability to add steps into an OS deployment task sequence to execute Orchestrator runbooks as part of the deployment process.
  • Other improvements: Added support for Windows PowerShell 3.0, reworked Roles and Features installation logic for Windows 8, improved “boot from VHD” deployment scenarios, and added support for Configuration Manager monitoring.

Download

MDT 2012 Update 1 Beta 1

The Microsoft Deployment Toolkit team is pleased to announce that Microsoft Deployment Toolkit (MDT) 2012 Update 1 Beta 1 is now available for download!

Download MDT 2012 Update 1 Beta 1 now!

Download the latest release to stay up-to-date on your deployment needs. New features and enhancements make large-scale desktop and server deployments smoother than ever!

This release expands your deployment capabilities with support for the latest software releases, including Windows 8 Release Preview, Windows Server 2012 Release Candidate, and System Center 2012 Configuration Manager SP1 Community Technology Preview. Other notable new features include:

  • Support for using the DaRT 8 Beta with the Windows 8 Release Preview version of the Assessment and Deployment Kit (ADK).
  • New "Build Your Own Pages" support for User-Driven Installation (UDI), enabling IT pros to create new wizard panes using simple drag-and-drop operations – no coding required.
  • Integration with System Center Orchestrator, enabling task sequences to invoke Orchestrator runbooks at any point in the deployment process.
  • Completely reworked "Roles and Features" logic, supporting both installation and removal, as well as providing a new Lite Touch wizard pane for selecting roles and features to install at deploy time.
  • Support for PowerShell 3.0 to make it easier to run PowerShell scripts inside task sequences on Windows 8, Windows Server 2012, and Windows PE 4.0.
  • Simple monitoring functionality for Configuration Manager task sequences, leveraging the monitoring capabilities provided initially in MDT 2012 for Lite Touch deployments.
  • Improved "boot from VHD" deployment capabilities, supporting both bare metal and refresh deployments.

Enable Bitlocker with MDT

Bitlocker is a password centered disk encryption system built into Windows which encrypts your volumes and server platforms.

When your do a new deployment on a new computer with MDT you want automatically enable the TPM chip and encrypt the disk.

On 1 Feb 2012 a wrote an article about how to Enable TPM devices on HP Laptops trough MDT.

When you create a new client task sequence enable Bitlocker is default on.

After that I found a bug in MDT 2012 witch cost me al lot of time finding the answer.
MDT 2012 – Settings Per Task Sequence

So let’s begin.

Open Customsettings.ini

Change the following

[Settings]
Priority=Default
Properties=MyCustomProperty

to

[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty

Add the following text.

[HP6560B] = TaskSequenceID in my Case
MachineObjectOU=ou=laptops,ou=ward,dc=wardvissers,dc=local
BdeInstallSuppress=NO
BDEDriveLetter=S:
BDEDriveSize=300
SkipBitLocker=NO
BDEInstall=TPM
BDERecoveryKey=AD
OSDBitLockerWaitForEncryption=TRUE
BDEKeyLocation=\\ward-bh01.wardvissers.local\Bitlocker$

And change the following SkipBitLocker=YES under [DEFAULT]

In my case on the OU Laptops I created the following Bitlocker Group Policy

image

Important:

Group Policy’s will break deployment’s

MDT 2012 Settings Per Task Sequence

I recently converted to MDT 2012 after running MDT 2010 for awhile. 10 December 2010 I blogged about MDT 2010 Automatically Move Computers to the Right OU.

After I upgraded from MDT 2010 to MDT 2012 this did not work anymore.

After a lot of searching a found the following on the Technet Forum at the MDT section: MDT 2012 – Settings Per Task Sequence

I changed DeployWiz_SelectTS.vbs file and it work again Glimlach

1. Edit DeployWiz_SelectTS.vbs
2. Add after "Dim sTemplate"
Dim sCmd
Set Oshell = createObject("Wscript.shell")
3. Add before "End Function" (bottom of page)
sCmd = "wscript.exe """ & oUtility.ScriptDir & "\ZTIGather.wsf"""
oItem = oSHell.Run(sCmd, , true)

You can download the changed  file here: DeployWiz_SelectTS.7z

Update 12-09-2012
In beta 1 MDT 2012 Update 1 this was fixed Glimlach. But in de final release MDT 2012 Update 1 this is still a issue….. Bedroefde emoticon but no error anymore at the final page Glimlach.

Microsoft Deployment Toolkit (MDT) 2012 – RTM

A couple of hours ago, Microsoft released MDT 2012

In contains numerous bug fixes as well as support for SCCM 2007 and SCCM 2012.

Improvements for All MDT Technologies

The MDT improvements that affect all MDT technologies, which are discussed in a subsequent section, are as follows:

  • Support for upgrading from previous versions of MDT
  • Integration with security and compliance templates generated by Microsoft Security Compliance Manager (SCM) version 2.0
  • Run Windows PowerShell™ scripts within an MDT task sequence
  • Create partitions to support best practice recommendations for deployment of BitLocker® Drive Encryption
  • Automatically configure participation in the Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER)
  • Guidance that describes how to use Microsoft SQL Server® 2008 R2 with Service Pack 1 (SP1) for all database needs within MDT
Improvements for LTI Deployments

MDT includes the following improvements for LTI deployments:

  • Support for Windows 8 Consumer Preview and Windows Server 8 Beta. Note: The deployment of Windows Server 8 Beta roles and features using the Install Roles and Features task sequence action is not supported.
  • Support for the Windows Assessment and Deployment Kit (Windows ADK). Note: Currently, the Windows ADK is only supported for deploying Windows 8 Consumer Preview or Windows 7 in lab environments, not in production environments.

Windows ADK requires the Microsoft .NET Framework version 4.0. If not already installed, the Windows ADK installation installs the Microsoft .NET Framework version 4.0. For more information, see Introduction to the Windows Assessment and Deployment Kit.

  • Monitoring of LTI deployment process. MDT includes the new LTI monitoring feature that allows you to perform centralized monitoring of LTI deployments in the Monitoring node in the Deployment Workbench.
  • Deployment of Windows Recovery Environment (Windows RE). Windows RE helps users troubleshoot and recover from startup-related problems on their computers.
  • Deployment of Microsoft Diagnostics and Recovery Toolkit (DaRT).
  • Deployment to computers that use the Unified Extensible Firmware Interface (UEFI).
  • Deployment to computers that require the new globally unique identifier (GUID) Partition Table (GPT) format.
  • Deployment to virtual hard disks (VHDs) for native boot.
  • Support for Windows Thin PC.
  • Support for Windows Embedded POSReady 7.
  • Add local administrator accounts.
  • Deployment Wizard user experience improvements.
Improvements for Configuration Manager Deployments

MDT includes the following improvements for MDT deployments with Configuration Manager 2012 or Configuration Manager 2007 R3:

  • Support for System Center 2012 Configuration Manager. MDT includes support for System Center 2012 Configuration Manager for ZTI and UDI deployments
  • Support for new application model in Configuration Manager 2012.
  • Support for the user device affinity feature in Configuration Manager 2012.
  • Support for prestart command files.
  • Support for automatically starting a specific task sequence.
  • UDI Wizard user experience improvements.
  • The UDI Wizard has been completely revised to improve user experience.
  • UDI Wizard Designer user experience improvements.
  • The UDI Wizard Designer UI has been improved to make configuring the UDI Wizard even easier than previous versions.
  • Support for enabling BitLocker in UDI.
  • Support for MDT Replace Computer deployment scenario.
  • Localization of UDI Wizard.
  • Guidance for customizing UDI.
  • Upgrade tasks sequences created in Configuration Manager 2007 to Configuration Manager 2012.
  • Guidance for Configuration Manager 2007 R3.

Read more and download it from here 

Special thanks to Mikael Nystrom

What is the best way to migrate PDA’s or Tablets from a legacy version of Exchange to Exchange 2010.

Microsoft released November 2010 a great document: Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010.

One thing that I misted in that document: What is the best way to migrate PDA’s or Tablets from a legacy version of Exchange to Exchange 2010.

In most cases you wil use TMG als a firewall. Between the Internet and your internal Network.

Some weeks ago I did a Exchange 2010 migration en I don’t wanted a big bang scenario.

But I had the all the sort of phone’s that are on the marked today (Iphone, Android, Windows Phone 7.5 and some Windows Mobile phones and all so Ipad’s)

The First thing what is asked my self when design the new infrastructure.

Domain Joining Forefront TMG or Leaving in a Workgroup

In most organizations, the decision whether to domain join the server hosting Forefront TMG your production domain may be one of the most important parts of the deployment.

Forefront TMG deployments are more complex to discuss because Forefront TMG is considered a firewall and can protect the network edge. Domain joining Forefront TMG offers many advantages: it allows certificate based authentication to be used at Forefront TMG, using Kerberos Constrained Delegation to communicate to Exchange; it allows easy use of Active Directory groups and user objects in publishing rules to restrict access; and it provides other benefits. If your are not sure to domain join Forefront TMG, see Debunking the Myth that the ISA Firewall Should Not be a Domain Member.

I thinks that the best practice is to domain join TMG. Because is makes your live a lot easier.

First I created a Exchange 2010 group in the Active Directory.

Second you make the Exchange 2010 group available in TMG

Third you make four rules 2 for Exchange 2010 (OWA & ActiveSync) and 2 for your legacy server of servers (OWA & ActiveSync)

Fourth makes sure that the Exchange 2010 rules are above the legacy rules.

Fith: You change on the Exchange 2010 rules the all authenticated users to Exchange 2010. (After the migration you delete the legacy rules and change on the 2010 rules the Exchange 2010 back to all authenticated users).

pdasync2010pic2

Sixth: When you do a mailbox move you puth the user in de Exchange 2010 group.
Why you thing. When the user is in the Exchange 2010 group the PDA wil use the Exchange 2010 rule. When there user is not in the Exchange 2010 group the legacy rule will do the trick.

I migrated at this way about 300 users with random pda’s and tablets with no downtime at all Knipogende emoticon

Screenshot from the TMG rules.
 pdasync2010pic1

HP takes the next step and provides ready-made driver packages for MDT and SCCM

HP takes the next step and provides ready-made driver packages for MDT and SCCM for the business models of notebooks, desktops and workstations. The packages can be obtained via SoftPaq Download Manager (SDM) or from the HP support website. It appears they are primarily for the current generation of products.
To get the download manager, navigate to the HP manageability website: www.hp.com/go/easydeploy or directly to www.hp.com/go/sdm

Here are screenshots from the new packages in SoftPaq Download Manager and from the HP support website.


Special Thanks to: Deploymentresearch

Translate »