Still Writing Scripts to Copy Files? Yeah, Don’t Do That.

I’ve received two e-mails regarding my post from 2014:
https://mdtguy.wordpress.com/2014/07/30/how-to-copy-folders-in-mdt-like-a-boss-the-easy-way/ this week, so I need to clarify the easier use of this script.

This is how you can use the coretech script to copy files and folders in MDT as applications.

Again, I used to write scripts every time I needed to copy some folder or some stupid ini to some random folder, but once I found this script: http://blog.coretech.dk/mip/making-file-copy-easy/ I just drop the script into a folder and call it as needed. You basically create a folder with what you want copied, dump coretech’s script in there and create an application. In the wizard you use to create the application, add an application with source files, and for the command line, you’re just calling cscript.exe to run that script and all you have to pass is the parameters such as the folder as needed.

Setup

This just saves me the hassle of writing a script to copy a folder, this is just drag, drop, done. I like to use stuff like this as an application, since most the time Its just a config folder, an ini or something I need to make a dependency anyway.

Essential Powershell Resources

Fresh out of GeekWeek in Redmond, It never ceases to amaze me how much we can do with powershell. In fact, one of the most impressive things that I have ever seen as an IT pro was watching Mikael Nystrom firing up a brand new VM of Server 2016 Nano from scratch entirely via powershell. The best advice from this article regards something that I will be really trying to do, and that is trying to do something new in powershell every day. Powershell Por Vida!

http://jdhitsolutions.com/blog/essential-powershell-resources/

MDT Por Vida! Geek Week Edition

Had the privilege of hanging out with Johan and Mikael at the Microsoft Museum in somewhat sunny Redmond today during GeekWeek. I’ve been taking notes furiously and learning as much as I can! I mean, its not like everyday you get to meet real life MDT Jedi Masters. 🙂

wp-1468464480730.jpg

Today in class, Mikael showed us this script: https://deploymentbunny.com/2013/12/09/nice-to-know-dumping-mdt-monitor-data-to-a-webpage-using-powershell/

This script effectively allows non MDT people to see what’s being deployed, as it uses Powershell to dump the monitoring info to HTML and as Mikael says, its not a security risk, because if a ‘Hacker’ gets in, all he can see is that you’re using MDT to deploy computers. Big Woop. 😉 You can also edit the monitoring config file to as shown here to hold data longer if need be.

I had seen this before but once it was clear to me that all we had to do was change the first line to include the name of our MDT Server, I realized this was basically the first thing I am doing when I get back to home in Albuquerque, where the photo of the original Microsoft crew below was taken BTW…

Also want to thank both Johan and Mikael for all their insight this week and encourage any other deployment geeks to come out to GeekWeek if you ever get the chance! Powershell Por Vida!

Installing Applications based on Hardware Present on Device Using WMI Queries

As you may or may not know, MDT has an excellent feature where you can add basic if conditions to a task sequence’s steps. This comes in really handy for specific application installs as you can add these if conditions to those installs based on the presence of certain things such as task sequence variables or better yet, specific hardware queries.

I’ve known for sometime now that this was possible due to this post from Andrew “Scriptimus” Barnes.

Unfortunately, I’m nowhere near an expert on WMI and WQL queries, so I just left it alone for a while. Until I finally got tired of installing a certain program by hand on the roughly 20% of PCs in my environment that need it. Thankfully this program only needs to be installed on PCs that have a specific USB device attached.

Started googling around and then stumbled across this, that I realized that for a USB device, ‘Win32_PNPEntity’ is what I would need to query.

See, if you need program X installed when and only when USB hardware Y is present, MDT can do that, it’s just a matter of writing the correct WMI query. Here’s what worked for me after more trial and error than I’d like to admit.

Get the Hardware ID from device manager. In this case, it’s a USB device. So when I add the If statement, use the PNPEntity and the correct DeviceID

Namespace: root\cimv2
Query: Win32_PNPEntity WHERE DeviceID LIKE ‘%VID_123A&PID_1000%’

Conditional

Your mileage may vary. Just make sure the Device ID matches what’s in the Device Manager.

Bitlocker fail 0xc0210000

I got a very strange error last week that I’m going to throw out in the hope that if anybody else ever sees this one, they’ll just skip all the nonsense I tried and go straight to the solution, which is to uninstall and reinstall ADK10 and rebuild your wim.

FAIL

So, I unboxed some brand spankin’ new Surface Pro 4 tablets and when I went to image them I got this after the first reboot:

The operating system couldn't be loaded because the Bitlocker key required to unlock the volume wasn't loaded correctly.

File:\Windows\system32\config\system

Error code: 0xc210000

Eventually when it was all said and done I had to disable the TPM on the surfaces, image, and turn the TPM back on by hand. Weird I know. Anybody else seen this?

SEE: https://www.reddit.com/r/SCCM/comments/3wa2ni/2012_r2_sp1_osd_bitlocker_preprovision_cannot/

 

 

 

Editing an MSI? Use ORCA! or (How I use ORCA to edit Steady State to install in Windows 7 )

This is an old trick, not exactly an MDT trick per say, but it’s still deployment related and still works like a charm. If you’re deploying software, you’re probably using MSIs. Sometimes there’s just no easy way around it – you need to edit said MSIs, or you need to build a transform file. There’s lots of ways to do this, but I prefer the easy way. The easy way is ORCA, it’s an old tool that’s been around for a while, and yes you can get old versions from some pretty shady locations, but the best thing to do is to get the latest and greatest from MS via the latest Windows SDK.

Capture

https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

Don’t panic, you don’t need the whole thing. When you run the wizard, just install the MSI tools. Once that’s completed, browse to:

C:\Program Files (x86)\Windows Kits\10\bin\x86

Capture.PNG

What do we have here? The MSI installer for ORCA!

ORCA

And yes, now I can install and Steady State in Windows 7 now because I removed the Launch Conditions that only allow it to install in XP or Vista, granted this is highly unsupported, but it works, and makes MacGyver proud.

Questions? Comments? Contact Me on The ASKMDT Guy Page.

ASKMDTGuy! Ditching Clonezilla for MDT? Good for You!

Got a good e-mail from a reader asking a bunch of questions about  moving from Clonezilla to MDT.

First, just focus on getting MDT up and running. WDS can always come later. To be honest WDS isn’t even all that necessary, most people don’t know that you can actually image as a “refresh” by kicking off litetouch.vbs from \\Server\Share$\Scripts. PXE booting is really only necessary when doing “bare-metal” and even then, 1GB USB drives are a dime a dozen these days. WDS is cute, but by no means a deal breaker.

The other thing is that you should use MDT to build the images for you. I use two shares, a build share, and a production share. The build share is designed to build an image using a standard client tasksequence, and the production share is for imaging desktops. The build TS has a step called LTISuspend that pauses, so you can do customizations. The Production share will have copy profile enabled so that your tweaks to the build image get copied to all users.

Obviously the build share won’t have any drivers, but the production share will. Just use the DriverGroup001 variable and use a OS\Architecture\Make\Model Hirearchy and the driver injection is automatic. (Assuming you have driverpacks to play with). If you don’t have driver packs, then you get to play guess and check which is time consuming, tedious, and just plain sucks-ass.

Most programs can be silently installed with a /q or a /s. Little bit of googling can go a long way on that one, usually the words “silent install” or “unattended install” will do the trick when combined with the name and lots and lots of trial and error. Remember, if it’s an MSI it’s all but guaranteed that you can do a silent install, installseheild is 50/50 and with random .exe files, sometimes you can use a /? or a /h to get it to tell you what to type to get it to run silently.

If you have a copy of Win-8.1 or Win10 Pro or above you can install Hyper-V. I don’t recommend doing this on less than 8GM of RAM, but Hyper-V is free on Pro or Enterprise. I build all my images in Hyper-V and it makes my life so much easier. A truly “hardware independent” image will always be built in a VM on a build share and then imported into a production share.