Decomissioning PCs with MDT

Now, I’ve known for a while there’s a way you can use MDT to wipe systems after you’re done with them. I know this isn’t some kind of KGB/CIA proof standard of wiping things, but it does the trick since I have PCs we were evaluating and I just need to send them back to the reseller. In this case, I’m dealing with systems that simply won’t boot to USB thanks to our wonderful secure boot technology, bargain bin USB flash drives so I need a task sequence based solution.

A while back I found this…
https://scriptimus.wordpress.com/2011/06/08/mdt-2010-wiping-disks/

Googling the issue, I found this…
https://social.technet.microsoft.com/Forums/en-US/f066e0b5-013a-4baa-9566-7eef8a50e177/wiping-a-disk-with-mdt-task-sequence

So, it really is pretty straight forward, just use the replace task sequence, and create a task sequence that’ll reboot into WinPE and wipe the disk. At first it didn’t work, buy

crts3
Create a Standard Client Replace TS
crts2
Note that by default there are conditions to running these steps. I added WipeDisk=True
crts
Now, just browse to your share and run your shortcut to the wizard. Don’t run MDT from UNC? You’re doing it wrong.
crts4
Yeah, We got a task sequence for that!
crts5
WinPE is downloading! Reboot is Next!
crts6
Really I just wanted an excuse to show my WinPE wallpaper…

Okay, I know this wouldn’t fly at the DoD and all you tinfoil hat wearing mouth breathers are yelling “BUT THE GUBMENT CAN STILL GET MY DATA!” Okay, Okay, If three wipes of zeros don’t assure the Fox Mulder in the back of your head. We need to look into some serious data sanitation napalm. This is where sDelete comes in handy.

http://syswow.blogspot.com/2012/05/secure-dod-drive-wiping-with-sccm.html

For you security types: check that out, it’s a SCCM task sequence, but it’s the same idea, no reason why it wouldn’t work with MDT. If you’re still that opposed to writing zeros or using sDelete and insist on using a DoD certified solution by hand, look into DaRT, Microsoft’s free¹ USB repair utility for Software Assurance Users.

¹ Free as in your employer pays lots and lots of money for a Volume Licensing Service Agreement or are a bad person that downloads software from bad places.

Advertisements

Quick Trick: Configure Adobe Flash AutoUpdate

In a perfect world, Adobe Flash would have died a long time ago. In this hypothetical perfect world, we’d also have everybody on Windows 10, but we don’t live in a perfect world, and so consequently, in 2016 we’re still installing Flash ActiveX in 32bit Windows 7 installs. I don’t like it anymore than you do, but at least we can make sure that the copy of flash we’re installing is updating, and doing so silently; automagically and checking EVERY time it starts.

This is simply done by using a MMS.cfg file. Two settings will need to be set, SilentAutoUpdateEnable to 1 and AutoUpdateInterval to 0 (Everytime, No Interval). To be OCD, I also explicitly set AutoUpdateDisable to 0 from the start. This file then needs to be in the System32\Macromedia\Flash folder for 32-bit systems. 64bit will need it copied to SysWOW64\Macromed\Flash (thanks Sean!). To do this we need a script that we can bundle with the Adobe Flash install.

MMS

Back in the day anytime I needed to copy a file from server to client during a deployment, I was creating a new script from scratch. Eventually, I just started using a basic template. This was all of course, before I found the CoreTech file copy script.

Once you have created this MMS.cfg file, create a folder with the Flash folder, place the cfg file inside, and copy the coretech folder inside like below.

Flash

Import this into the share as an application. Use The syntax below and bundle with Adobe Flash installer.

CopyFIles

SEE ALSO: http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html

Where’s the Any Key?

In a perfect world we’d all have WDS servers configured everywhere, just laying around ready to feed us .wim files at a moment or F12’s notice, but that’s not always the case.

Problem: When booting to an MDT boot ISO there’s not always somebody to press any key, and well, sometimes, end users really will look for the ‘any key’. So the question is: How do we disable the press any key to boot prompt on MDT ISO files?

Solution:To disable the press any key prompt in your ISOs you’ll need to rename the file that MDT uses for this ‘feature’. Just be advised this can cause problems with physical boot media and is really only for specific situations, like USB or one time PXE boot actions with third party systems.

Rename the following files accordingly.

32-bit
C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\Media\Boot\bootfix.bin
64-bit
C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\Boot\bootfix.bin

Once you’ve renamed your bootfix.bin files to bootfix.old. Update your share and have MDT regenerate the ISOs.

Rebuild01

Now these ISOs will no longer prompt for the any key.

How to Copy Folders in MDT Like a Boss (The Easy Way) !

Yeah, This script is hella cool. Ever need to get MDT to copy folders? Course you do: That’s why you’re here. Instead of writing a separate and new script every time you need a folder copied, just use this script I found last week. It really does make this part easy.

SEE: http://blog.coretech.dk/mip/making-file-copy-easy/

Thanks to this glorious, glorious script courtesy Mr. Michael Petersen’s brilliant site: blog.coretech.dk, You Too Can Copy Folders in MDT Like a Boss! (The Easy Way).

So, since half of what makes building images a pain is that half of what you’re doing is nothing more than copying folders; make it easy. Sometimes, these folders don’t already exist (Bummer)

Here’s what you need. The greatest MDT Folder Copy Script Ever Written: http://blog.coretech.dk/download/CopyFiles.zip

Then copy the folder to %SCRIPTROOT%\ and rename the folder to whatever, in this case, I am moving a folder of backgrounds for the UseOEMBackground Feature in a Windows 7 image building task sequence.

CopyWallpapers

Copy it to your folder that needs to be copied on your Deployment Share.

Run it from your task sequence by adding a custom step or just copy any step that calls from scriptroot.

To copy an entire folder…

cscript.exe %ScriptRoot%\Folder\CopyFiles.vbs c:\TEST

Simply change C:\Test to whatever folder you need to create in the deployed system, it’s that easy.

Go get some tacos now that half of your image building process has now been automated.

SEE: 2016 Update: https://mdtguy.wordpress.com/2016/08/03/still-writing-scripts-to-copy-files-yeah-dont-do-that/

Download Slides From ‘Deployment Made Simple’

I’ve received numerous requests over the last week for my PowerPoint presentation entitled ‘Deployment Made Simple’, from my talk last week at the HDI Rio Grande Chapter meeting.

It can be downloaded here.

How To: Enable Monitoring in MDT

I get lots of e-mails from people that are having trouble with MDT, which I don’t mind, they’re usually pretty good questions, and lots of times I learn as much from my readers as they do from me, so I consider it a win/win. Unfortunately, it’s hard for me to help sometimes because monitoring is not enabled on their shares, which really makes it hard to find out exactly where the problem is. Some guides out there referring to MDT 2010 wont show you how to do this as this feature is only available in MDT 2012 and 2013. However, enabling monitoring is pretty easy.

Image

Right click the share in the workbench, select properties.

 

Image

Select the Monitoring Tab

 

Image

Select Enable Monitoring for this share.

Image

Now in the monitoring section in the share, you’re in business.

Image

In that final picture you can see the name, step, overall progress, and time elapsed. If configured properly in your image and/or your domain, you could even use the Remote Desktop feature here to RDP into systems that are having trouble or need things done by hand. Pretty slick if you ask me!

Also check out my post on extending the time MDT will remember systems in the monitoring tab, by default it’s 3 days, which can be a bit short, if you’re in a smaller shop, you could get away with 14 days or maybe even longer. Its an easy tweak to one XML file in the MDT programfiles folder.

MDT Virtual Acadamy Sessions are Now Available.

Last week I had the privilege to catch Michael “Knolledgehaus” Neihaus with both Mikael Nystrom and Johan Arwidmark live during the Windows Deployment Jumpstart on Microsoft Virtual academy. For all you who missed out, don’t fret, the videos are now available below. definitely worth your time. Don’t worry about the name including Win8.1, most (if not all) of the material covered applies to Windows 7 as well for all you luddites out there who refuse to learn Win8.1

Check it Out!

http://www.microsoftvirtualacademy.com/training-courses/windows-8-1-deployment-jump-start