Tuesday, 25 November 2014

Using MDT to create an App Store

I thought I would share this as some people might find it useful. I maintain our deployment system and have recently overhauled it based on some excellent examples from John Arwidmark http://deploymentresearch.com and Mikael Nystrom http://deploymentbunny.com

Other I.T. staff need to deploy software to PC's and unfortunately we don't have access to SCCM or equivalent software so I combined an AutoIT script which runs the Litetouch.vbs with elevated rights and a specific customsettings.ini and TaskSequence to allow people to select applications available on MDT and install them with just a simple password. It works well for us.

If you don't have any licence issues with your software the same idea could be used to allow users to install software themselves.

Create the Task Sequence:

I created a task sequence with nothing other than State Restore and Install Applications enabled



Create the Customsettings.ini

Here you just need to specify anything you want to be automated.

[Settings]
Priority=Default,TaskSequenceID
[Default]
;SkipBDDWelcome=YES
UserDomain=domain.com
UserID=user with access to deployment share
SkipLocaleSelection=YES
SkipComputerName=YES
SkipComputerBackup=YES
SkipDomainMembership=YES
Skiptasksequence=Yes
SkipAppsOnUpgrade=YES
SkipCapture=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipBitLocker=YES
KeyboardLocale=en-GB
InputLocale=en-GB
UserLocale=en-GB
UILanguage=en-US
SkipTimeZone=YES
TimeZoneName=GMT Standard Time
ApplyGPOPack=NO
KeyboardLocalePE=0809:00000809
KeyboardLocale=0809:00000809

[NAMEOFTASKSEQUENCE]
OSInstall=N
SkipCapture=NO
ComputerBackupLocation=AUTO

AutoIT Scripting:

This runs as an admin (If the user isn't already one) and picks the local deployment server based on subnet (3rd octet).

If Not IsAdmin() Then
  If $CMDLINE[0] = 0 Or $CMDLINE[1] <> "ReRun" Then
   If Not RunAs("username", "domain", "password", 1, """" & @ScriptFullPath & """ ReRun", @ScriptDir) Then Exit 1
   Exit 0
  Else
   Exit 1
  EndIf

;GET IP Subnet
$sVal = StringRegExpReplace(@IPAddress1, "\d+\.\d+\.(\d+).+", "$1")
 If $sVal > 0 Then
  Select
   Case $sVal = 135
    $Server = "server1"
   Case $sVal = 171
    $Server = "server2"
   Case $sVal = 2
    $Server = "server3"
 Case Else
    $Server = "defaultfailoverserver"
EndSelect

 run(@comspec & ' /c ' & @WindowsDir & '\system32\cscript.exe "' & $server & '\deploymentshare$\scripts\LiteTouch.vbs" "/TasksequenceID:|NAMEOFTASKSEQUENCE /rulesfile:\\pathtocustomsettings.ini""')

Non AutoIT:

If you aren't using AutoIT the key things to know are the variables to pass to Litetouch.vbs

/TasksequenceID - Name of Tasksequence
/Rulesfile - Path of Rules file to process (Instead of the server default)
Posted by at No comments:

Disabling UAC from the command line

This is a useful command for those of you creating task sequences, I turn UAC off early in the task sequence to prevent it causing problems. As we have a controlled environment (No users are administrators of their devices) I leave it off permanently as we use a lot of AutoIT scripts and UAC causes problems.

CMD /C REG.EXE ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

It will take effect after the next restart.
Posted by at No comments:

Thursday, 12 September 2013

Windows Phone Desktop Silent Install

I couldn't find any pages on silently installing the windows phone desktop app. The file is downloaded as an exe and the /s -s or /silent or -silent don't appear to work.

http://www.windowsphone.com/en-gb/How-to/wp8/windows-phone-app-for-desktop

However if you want a silent install you can retrieve the msi file by running the exe, the msi can then be found in C:\ProgramData\Applications\Cache mine was titled {E786AE85-8A30-4CF2-BF70-57404A5CD684}v1.0.1720.1.msi

You can then just use msiexec /i "{E786AE85-8A30-4CF2-BF70-57404A5CD684}v1.0.1720.1.msi" /qn

Posted by at No comments:

Friday, 16 August 2013

OOBE Still asks for Computer Name even though it's set in Deployment Wizard

Something else that annoyed me for a while was that the OOBE prompt for a computer name would appear even though one is set using the MDT Rules and the Deployment wizard. There is a glitch with unattend.xml's. If you are using the x86/AMD64_Microsoft-Windows-Shell-Setup_netrual under specialize and the computer name field is left blank it will ask. You need to instruct it to write an empty value by right clicking the value in WSIM or it will assume it needs to ask.

Another annoying problem sorted. 
Posted by at No comments:

Thursday, 15 August 2013

HP Elitepad 900 Deploying Windows 8: UEFI and MDT2012

I have been having a bit of a nightmare the last few weeks. We have an Elitepad 900 on loan from HP to trial with our sales staff, of course if we are wanting to give out 30-50 of these we want to use our MDT infrastructure. I have finally got it working but there are a fair few hurdles.

UEFI Native Mode Only

The only ways to boot an Elitepad 900 is using a UEFI enabled PXE or USB boot device running Windows PE4.0. So basically this means for PXE boot you need to be running Server 2012, you also need to use the Windows ADK and not the Windows AIK, as that gives you PE4.0. Which leads to hurdle number 2.

MDT2012 cannot locate an ADK or AIK Install

So I have my Server2012 with MDT2012 U1 and the latest ADK (8.1) however MDT2012 reports it cannot find it.  I tried allsorts with this one, in the end I rolled back to the ADK 8.0 and the problem went away. http://www.microsoft.com/en-gb/download/details.aspx?id=30652 A lot of links take you to the 8.1 Preview so it's worth checking.

So now we can create our PE4.0 boot media. You will need to add the Elitepad drivers to get network support, you may also want to add the drivers for the touch screen. You need the Driver and Firmware update pack from here . You will need to extract it with the /e /f <foldername> before importing it.

One thing to note if you aren't aware UEFI boot requires a FAT32 device, it cannot read NTFS.

It's worth noting you don't need to modify your task sequences for UEFI despite what HP tell you to do if you read their deployment guide. MDT2012 is UEFI aware and if the device is in native mode it will set an IsUEFI variable to True and will automatically partition the drives accordingly despite the task sequence being set to MBR it will create the EFI, MSR and NTFS partitions.

So now we can boot into our deployment environment and run the deployment wizard. It all runs well until it gets to the Install Operating System Task which leads to hurdle number 3.

LTIApply FAILURE ( 5616 ): 87: Verify BCDBootEx

I spent days on this one due to a few red herrings, but as always it is actually quite straight forward, although as a result it does mean that it's impossible to deploy to a native UEFI device without making this modification.

The LTIApply.log file (From c:\windows\temp\deploymentlogs) shows the command that caused the error cscript.exe //nologo "\\server\deploymentshare$\Scripts\ztiRunCommandHidden.wsf" ""\\server\deploymentshare$\Tools\X86\BCDBoot.exe" C:\windows /l en-US  /s V: /f UEFI"

It turns out that this version of BCDBoot.exe is 6.1 not 6.2 so it's from some point in the Windows 7 era hence doesn't support the UEFI command. This file isn't actually required as it is included in the source so I just removed it, the other utilities in there are just as old so it may be worth removing them as well.

Once the BCDBoot.exe has been removed Windows 8 will deploy successfully.

I have since discovered the source for this is the fact I was replicating from our older system, so in a pure 2012/PE4.0 environment this situation wouldn't occur.








Posted by at 4 comments:

Friday, 29 June 2012

Running script with admin rights on Windows 7

This is somthing I have to do a lot, unfortunatley due to the delegated access to the active directory in the UK we don't have direct access to Group Policy so we do a lot of things with logon scripts. It's often the case we may need to make registry tweaks or similar, for this I use AutoIT scripts as it's easy to run script with alternate credentials. The only other issue with Windows 7 is UAC for this will need to be disabled if you want to avoid the user being prompted to run the script.

http://www.autoitscript.com/site/autoit/

If Not IsAdmin() Then
   
    If $CMDLINE[0] = 0 Or $CMDLINE[1] <> "Restart" Then
       
  If Not RunAs("user","domain","password",1,"""" & @ScriptFullPath & """ Restart",@ScriptDir)

    Then Exit 1
        Exit 0
    Else
         Exit 1
    EndIf
EndIf

This code will restart the script with the credentials you provide. I usually  put the code I don't want executed as the elevated user within another if statement.

 If $CMDLINE[0] = 0 Or $CMDLINE[1] <> "Restart" Then
       code here
Endif
Posted by at No comments:

Monday, 25 June 2012

MDT2012 Customsettings.ini with seperate X86 and X64 Rules

We have decided to start deploying x64 Windows 7 Images into our enviroment, because of when the system was originally setup the time frame and purpose didn't allow for or require the need for x64 systems. So the rule set was only ever considering x86 installs.

The current rule set allow for different settings and madatory applications based on machine type, eg laptop/vm/desktop or server.

[Settings]
Priority=TaskSequenceID, Default, ByLaptopType, ByDesktopType, ByVMType
[Default]
;SkipBDDWelcome=YES
SkipLocaleSelection=YES
OSInstall=Y
SkipAppsOnUpgrade=YES
SkipCapture=NO
SkipAdminPassword=YES
SkipProductKey=YES
OSDComputerName=UKW0
_SMSTSORGNAME=UK IT Deployments
SkipBitLocker=YES
KeyboardLocale=en-GB
InputLocale=en-GB
UserLocale=en-GB
UILanguage=en-US
SkipTimeZone=YES
TimeZoneName=GMT Standard Time
ApplyGPOPack=NO
WsusServer=http://ukwsus:80
DriverGroup001=Generic
DriverGroup002=%Make%\%Model%
DriverSelectionProfile=Nothing
FinishAction=REBOOT
EventService=http://UKDEPLOY:9800

[APPINSTALL]
SkipCapture=NO
ComputerBackupLocation=AUTO

[ByVMType]
Subsection=VM-%IsVM%

[VM-True]

[ByLaptopType]
Subsection=Laptop-%IsLaptop%

[Laptop-True]
[ByDesktopType]
Subsection=Desktop-%IsDesktop%

[Desktop-True]

SkipDomainMembership=Yes
DomainAdmin=User with rights to create workstation objects
DomainAdminPassword=*********
MachineObjectOU=OU=Desktops,OU=Workstations,OU=United Kingdom,OU=Countries,OU=DOMAIN.COM,DC=DSV,DC=COM
JoinDomain=DOMAIN.COM
;Snow
MandatoryApplications001={2d5721df-7cad-4b5c-befd-4e7b14d0a3fc}
;Lemms
MandatoryApplications002={a7ad878d-1d12-462b-b7e0-34e0deea076a}
;Forefront
MandatoryApplications003={f35a0b74-bbb5-4fa2-85cf-07ae7c53b78c}

[ByServerType]
Subsection=Desktop-%IsServer%

[Server-True]

To add Architecture support there are a couple of things to bare in mind the %Architecture% looks at WinPE architecture of the Processor or Task Sequence you are trying to deploy. So you will need to have both x86 and x64 litetouch boot images avalible, if you boot from the x86 litetouch it will always use the x86 rules.

Architecture enabled Customsettings:

[Settings]
Priority=Default,TaskSequenceID, ByLaptopType, ByDesktopType,ByVMType

[Default]
;SkipBDDWelcome=YES
SkipLocaleSelection=YES
OSInstall=Y
SkipAppsOnUpgrade=YES
SkipCapture=NO
SkipAdminPassword=YES
SkipProductKey=YES
OSDComputerName=UKW0
_SMSTSORGNAME=UK IT Deployments
SkipBitLocker=YES
KeyboardLocale=en-GB
InputLocale=en-GB
UserLocale=en-GB
UILanguage=en-US
SkipTimeZone=YES
TimeZoneName=GMT Standard Time
ApplyGPOPack=NO
WsusServer=http://ukwsus:80
DriverGroup001=Generic
DriverGroup002=%Make%\%Model%
DriverSelectionProfile=Nothing
FinishAction=REBOOT
EventService=http://UKDEPLOY:9800
KeyboardLocalePE=0809:00000809
KeyboardLocale=0809:00000809
[APPINSTALL]
SkipCapture=NO
ComputerBackupLocation=AUTO

[ByVMType]
Subsection=VM-%IsVM%-%Architecture%

[VM-True-X86]

[VM-True-X64]

[ByLaptopType]
Subsection=Laptop-%IsLaptop%-%Architecture%

[Laptop-True-X86]
[Laptop-True-X64]

[ByDesktopType]
Subsection=Desktop-%IsDesktop%-%Architecture%

[Desktop-True-X86]

SkipDomainMembership=Yes
DomainAdmin=User with rights to create workstation objects
DomainAdminPassword=*********
MachineObjectOU=OU=X86,OU=Desktops,OU=Workstations,OU=United Kingdom,OU=Countries,OU=DOMAIN.COM,DC=DSV,DC=COM
JoinDomain=DOMAIN.COM
;Snow
MandatoryApplications001={2d5721df-7cad-4b5c-befd-4e7b14d0a3fc}
;Lemss
MandatoryApplications002={a7ad878d-1d12-462b-b7e0-34e0deea076a}
;Forefront
MandatoryApplications003={f35a0b74-bbb5-4fa2-85cf-07ae7c53b78c}

[Desktop-True-x64]

SkipDomainMembership=Yes
DomainAdmin=User with rights to create workstation objects
DomainAdminPassword=*********
MachineObjectOU=OU=X64,OU=Desktops,OU=Workstations,OU=United Kingdom,OU=Countries,OU=DOMAIN.COM,DC=DSV,DC=COM
JoinDomain=DOMAIN.COM

;Snow
MandatoryApplications001={2d5721df-7cad-4b5c-befd-4e7b14d0a3fc}

[ByServerType]
Subsection=Desktop-%IsServer%

[Server-True]
Posted by at No comments:
Subscribe to: Posts (Atom)