Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Aside

Working with Task Sequence Variables, a Conditional Reboot

I recently had someone contact me that was looking for a way to add a conditional restart to a Task Sequence, but only if an application was successfully installed.  Figured this would make a nice blog post, since if someone asked about it, chances are someone else also would like that information.

The first thing we need to do is to set a Task Sequence Variable that we can use for the Restart Computer step.

First, lets create a new Task Sequence variable and call it AppInstalled1 and set it to True.

image

Next we want to set a condition on the set TS Variable step, so that it only sets the variable to True if the application is installed. In this example, I’m going to check for the existence of something.exe, however you could also use a MSI product code, or check for a folder, or any number of available conditions.

image

Available options you could use to detect for the installation of software. Most common would be file, folder, registry, or installed software (MSI).

image

Next, we would add our Restart Computer Task Sequence step. Make sure you configure it to boot into the appropriate OS, be that WinPE or the currently installed OS, depending on where you are running this step.  Typically if we are talking about software installs, then we are running in the full OS.

image

On the Restart Computer Task Sequence step, we need to set a condition that looks for the existence of our custom variable AppInstalled1, being set to True. This way the reboot will only run if we detected the application to be installed and the variable was set to True.

image

This just a really quick of way of basing a restart task on the condition of a variable. There are other ways to accomplish similar behavior as well.

Hope it helps!

Aside

How To: Inject Drivers from USB During a ConfigMgr Operating System Task Sequence

Fellow MVP Greg Ramsey has put up a really great post on injecting drivers from USB during a Task Sequence.

Read the full post here.

ConfigMgr OSD does a great job of injecting drivers ‘on the fly’ into your OS Deployment process. For example, you can create task sequence steps with conditional statements to apply drivers for a specific model. That’s great for your standard build, but how do you handle those one-offs, those non-standard builds? Here’s a process that you can you for those non-standard builds, or for that hardware that you’re testing, but haven’t quite committed to being a standard yet.  All we need is a vbScript, raw drivers, and an additional step in your task sequence (haven’t tested with MDT, but should work there as well). The following process ONLY works on Windows 7 and Windows Server 2008 R2. If there is enough demand, I’ll create a similar script for previous Operating System versions.

…..

Aside

PowerShell: Report / Check the Size of ConfigMgr Task Sequences

Trevor Sullivan has created a nice post on checking the size of your Task Sequence’s.  This is useful, since there is a 4mb limit to your TS.  If you have too many steps, you can run into this issue.

Read the full post here.

Aside

ConfigMgr–Building A Reference Image-Installing Hotfixes/Updates Offline

If you build your reference image using Microsoft Deployment Toolkit Lite-Touch, it’s fairly easy to incorporate OS level hotfixes and updates offline, some good examples are the following:

A "Set Network Location" dialog box appears when you first log on to a domain-joined Windows 7-based client computer

An update that improves the compatibility of Windows 7 and Windows Server 2008 R2 with Advanced Format Disks is available

These types of updates aren’t available typically from Microsoft Update, so your normal Software Update steps in ConfigMgr don’t do the trick.  When we use Lite-Touch, we have a “Packages” node where we can import these types of hotfixes, updates or Language packs and they will be installed automatically for us by the ZTIPatches script. 

image

image

What I’ve seen most people do in ConfigMgr is they will create an individual package for each hotfix and then install them like an Application in the Task Sequence using a wusa.exe command line. 

image

This works just fine, however, you are installing the hotfixes while in the full OS and you need multiple steps for each update.  I’m sure you could come up with a fancy way to use a single step to install multiple updates via a script, but, MDT already can do that for you, so why reinvent the wheel!

Installing Multiple Hotfixes/Updates Offline Using a MDT Task Sequence

Using a MDT integrated Task Sequence, we can install multiple hotfixes/updates in a single step for multiple architectures using a single package.

First we need to get the CAB files for the hotfixes/updates we want to work with.  You can use your favorite extractor to get the files out of the MSU’s. 7-Zip did the trick for me and allowed me to do multiple files at once.

image

Once extracted, you only need the CAB, so I removed the other files from the folder.

image

Next I created a package source folder called “Windows 7 Hotfixes” and placed the extracted files in that folder. This folder contains both x86 and x64 hotfixes.

image

Create a Package that references those source files and distribute it to your Distribution Points.

image

Next, open up your Build and Capture Task Sequence. We want to add a new action to our Post Install phase, “Install Language Packs Offline”.  This step actually calls ZTIPatches.wsf, so it’ll do what we want, just like in MDT Lite-Touch.

image

Select the Package you created earlier called “Windows 7 Hotfixes”.

image

Name the Task Sequence step appropriately.

image

Make sure your Task Sequence step is BEFORE the Configure step in the Post Install section.

image

Now when you run your Build and Capture Task Sequence, we will install the hotfixes offline and we’ll scan through the package and grab any applicable hotfixes/updates. If we find a x64 update and we are building an x86 OS, we’ll just skip it and only grab the x86 hotfixes that match.

Here we can see them installed on a system I deployed my captured image to.

image

Aside

System Center Configuration Manager Shutdown Utility

Kent Agerlund posted a new blog post where Coretech developed a really nice shutdown utility for use with ConfigMgr. 

Read the full post and download the tool here.

To suppress or not suppress a computer restart when deploying software and software updates that is the question. No matter what you do, you most likely will not win the “best colleague of the Month” award.

If you do not force a computer restart you might face problems like:

  • Non-compliant computers
  • Computers being in reboot pending mode which might prevent them from installing new software and software updates

If you do force a restart you might face problems like:

  • Very unhappy users
  • Scenarios where you restart while the end-user is using the computer for a demo or presentation
  • End-users calling Servicedesk and complaining about a virus that’s shutting down their computer
  • Restarting computers that are already compliant

image_thumb188

Aside

Message Box Script for Lite Touch Task Sequences

Michael Murgolo has a new post over on The Deployment Guys Blog.

Read the full post here.

I recently had the need to pop up a message box duing an LTI task sequence.  I was creating a stand-alone wizard to allow a manually-initiated launch of a task sequence that would install the Service Pack 1 update on Windows Server 2008 R2.  As part of this task sequence, if a certain software package was of a certain version or earlier we had to reinstall this software after the service pack installation.  If this installation was not going to happen because a newer version was already installed, the customer wanted to notify the technician at the end of the process.  Since this was to be a simple notification, a message box was sufficient.  I could have simply created a VBScript that had a static MsgBox function call for this purpose.

However, I decided that I would make it more reusable than that.  Instead I created an MDT script that would take the input arguments for the the MsgBox function as command line parameters.  That way the script could be reused any time a message box was needed.  The script can also optionally use the MsgBox return value as the script exit code and/or use it as the value for a task sequence variable.

……

This post was contributed by Michael Murgolo, a Senior Consultant with Microsoft Services – U.S. East Region

Aside

Back To Basics 5: Restricting Task Sequence Usage

Great post over on The Deployment Guys by Daniel Oxley.

Read the full post here.

This post was contributed by Daniel Oxley, a Senior Consultant with Microsoft Services UK

Often the simplest tips are the best ones, so here is one I have been using pretty much ever since I started working with MDT.

When working as part of a team in the same MDT environment, you can often run into issues when various people are modifying the task sequence, or debugging a process that is part of it. My own method to mitigate this issue is to fork the "official" task sequence, creating my own one, in order to separately realise testing or to simply try something out, before feeding changes back into the main task sequence.

The downside to this method is that, by forking the task sequence, the new forked one also appears in the list of task sequences and thus allows somebody to accidentally run it, possibly causing undesired results to their computer (such as formatting it!). Therefore, in order to prevent this situation, I always introduce some simple validation tasks into the task sequence, typically right at the start. These validation steps perform a simple query to check if a computer is "authorised" to run the task sequence or not. My authorisation method is usually based on the MAC address of the computer, but it really can be any value that you like.

The best thing about this tip is it’s simplicity. As you can see in the screenshot below, it only consists of two tasks (the Gather task is actually only required if you have not already run a previous Gather task), and a Run Command Line task. You’ll notice that the command line is incorrect. This is intentional and not an error, and if MDT attempts to run this command line it will fail the task sequence execution.

Here are the steps I use to implement this:

  1. Create a new Task Sequence Group called "Authorised Computer Verification".
  2. Add a Gather task (if necessary).
  3. Add a Run Command Line task, with a command line like the one shown above.
  4. On this same task, switch to the "Options" Tab. On this screen you can add your own personalised conditions, or use the same MAC address conditions that I have used, as shown below.

Notice that the condition is actually a negative. Consequently, when a computer runs the task sequence, this task will only execute if the MAC address of the computer does not match one that is in the list. And because the command line of the task is erroneous, MDT will fail at this point, thus preventing the unknown, or unauthorised, computer from continuing.

When working with MDT and Configuration Manager, you could restrict use of a task sequence by only advertising it to a collection built using direct membership. However, there might be situations where you can’t or don’t want to use this collection method. This tip works equally well in a ZTI environment if you wish to use it that way, however you might need to add an additional "Use Toolkit Package" task before the Gather step.

Finally, there are other methods to achieve the same result, such as using the CustomSettings.ini file; the reason I do it this way is because its implementation is so quick and simple.

Aside

New Hotfix: Task sequence does not run if it has lots of Install Software steps in System Center Configuration Manager 2007 SP2

Read the original link here.

Consider the following scenario:

  • You create a task sequence on a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
  • You add lots of Install Software steps to the task sequence.
    For example, you add more than 100 Install Software steps to the task sequence.
  • You create an assignment that makes the task sequence mandatory when you advertise the task sequence to a client computer.

In this scenario, the task sequence does not run on the client computer.
Note This issue does not occur if the task sequence is assigned as an optional advertisement.

This issue occurs because the large number of Installing Software steps in the task sequence creates a heavy workload for the location service.
When the location service has a heavy workload, it cannot process all the callbacks for the location requests in a 10-minute window. Therefore, the issue that is mentioned in the "Symptoms" section occurs.

The following hotfix package resolves this issue in client roles. To resolve this issue, you must install the following hotfix package on the System Center Configuration Manager 2007 SP2 site server, and then you must deploy the generated packages to clients. After you install the following hotfix package, the hardcoded time-out is changed to 50 minutes.
For more information about how to deploy a hotfix package to the System Center Configuration Manager 2007 SP2 site server, click the following article number to view the article in the Microsoft Knowledge Base:

2477182 (http://support.microsoft.com/kb/2477182/ ) System Center Configuration Manager 2007 Hotfix Installation Guidance

Note The following hotfix package can be installed on a System Center Configuration Manager 2007 SP2 site server that is running an x86-based or x64-based version of an operating system:

SCCM2007-SP2-2516517-X86-ENU.msi

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have System Center Configuration Manager 2007 Service Pack 2 (SP2) installed.

Restart requirement

If you close the Configuration Manager administrator console before you install this hotfix, you do not have to restart the computer.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Note Some other files might be updated because of dependencies. However, their binaries are not changed.

Aside

Task sequence that installs many updates stops responding on a System Center Configuration Manager 2007 SP2 client

Read the original KB here.

SYMPTOMS

Consider the following scenario: You create a task sequence on a Microsoft Syste…

Consider the following scenario:

  • You create a task sequence on a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server to install many updates.
    For example, the task sequence installs 80 updates.
  • You advertise the task sequence to a client computer.

In this scenario, the task sequence stops responding when the "Download <sequence number> of <total number> updates" message is displayed on the screen of the client computer.
Notes

  • <sequence number> is a placeholder that represents the update number for the update that is currently being downloaded.
  • <total number> is a placeholder that represents the total number of updates that are scheduled to be downloaded.

CAUSE

This issue occurs because a deadlock occurs when the task sequence retrieves con…

This issue occurs because a deadlock occurs when the task sequence retrieves content locations for the updates.

RESOLUTION

To resolve this issue, you must install the following hotfix package on the site…

To resolve this issue, you must install the following hotfix package on the site server, and then you must deploy the generated packages to the client computer.
Note You can install this hotfix package (Sccm2007-sp2-2509007-x86-enu.msi) on a System Center Configuration Manager 2007 SP2 site server that is running an x86-based or x64-based version of a Windows operating system.
For more information about how to install a hotfix, you can click the following article number to view the article in the Microsoft Knowledge Base:

2477182 (http://support.microsoft.com/kb/2477182/ ) System Center Configuration Manager 2007 Hotfix Installation Guidance

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running System Center Configuration Manager 2007 Service Pack 2 (SP2).

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this hotfix.
Note Before you install this hotfix package, you have to close the Configuration Manager administrative console.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Aside

Incorporating KB2028749 Into Your Microsoft Deployment Toolkit Reference Image Build Process

http://support.microsoft.com/kb/2028749

A "Set Network Location" dialog box appears when you first log on to a domain-joined Windows 7-based client computer

First download the KB from the above link.  Once you have the files extracted out, we will need to import those updates into the Deployment Workbench.

image

Open up your deployment share, and then expand to the packages node.  Right-click and select “Import OS Packages”.

image

Point the package source directory to the location containing the 2 hotfixes.

image

image

Once you have imported the updates.  Create a new folder called “Windows 7”.

image

Move the updates into the Windows 7 folder.

image

Expand Advanced Configuration, then right click on Selection Profiles and select “New Selection Profile”.

image

Create a Selection Profile called “Windows 7 Hotfixes”.

image

Select the Windows 7 folder that we previously created.

image

Next we need to open our Windows 7 Task Sequence and expand “Preinstall”. Click on the “Apply Patches” step.

image

We need to change our selection profile to match the new “Windows 7 Hotfixes” Selection Profile that we created.

image

Now you can rebuild your reference image to include KB2028749 and eliminated the “Set Network Location” prompt.

Hope that helps.