The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…


    Mikael Nystrom

    Mikael Nystrom

    OS Deployment Geek, Virtualization and System Center

    Mikael Nystrom is a Microsoft MVP and Principal Architect at TrueSec

  • Archives

  • Meta

OSD Deployment – Deploying Intel NUC and getting drivers and settings assigned using the AliasUserExit.vbs – Converting Product into %ModelAlias%

Posted by Mikael Nystrom on November 24, 2015

I have been deploying the small and cool Intel NUC’s for a long time, they just have one problem, it is a small problem, but….

There is no Make/Model, actually, the entire SMBBios is empty, now that makes it a bit hard to figure what model we are deploying and therefore it is hard to determine what drivers that needs to be deployed. On some older  NUC’s there could be settings.

This is what we get from PowerShell – Win32_ComputerSystem,Win32_ComputerSystemProduct,Win32_BIOS and Win32_BaseBoard


As you can see Make and Model are kind of “nothing”, but SMBIOSBIOSVersion is RYBDWi35.86A.0350.2015.0812.1722 and that is basically the name of the motherboard, but slightly better, why don’t we use the Win32_BaseBoard and grab product, that seems just to be the perfect match here. And hold it… Win32_BaseBoard is already inventoried by the ZTIGather process, so the only thing we need to do is to set ModelAlias to Product, that seems pretty easy…

The “old” AliasUserExit to the rescue (once more)

The AliasUserExit script runs as a part of the ZTIGather process in MDT/ConfigMgr. This script has a section for Models where either Make is “Intel” or “”, in that case we grab the Product from the gather process and store that in %ModelAlias%.

Script can be found here: and inside the VBscript it explains how to use it

Verify that it works:

Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a DN2820FYK.
Note: In this case someone manually added/modified the SMBios using the Intel Toolkit to say that the Model is DN2820FYKH, but it is actually DN2820FYK
Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a NUC5i7RYB.
Note: In this case the BIOS is “normal”, that is it is totally blank
Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a D53427RKE.
Note: In this case the BIOS does contain vales, older NUC’s could have them set..

Posted in ConfigMgr, Drivers, MDT, OS Deployment, OSD, RealWorld | Tagged: , , , , , | Leave a Comment »

Working in a Datacenter – Nested Hyper-V or Running Hyper-V in Hyper-V

Posted by Mikael Nystrom on November 21, 2015


There are many reason where it make sense to run Hyper-V in Hyper-V, one of them being to enable Credential Guard (VSM) in Windows Server 2016 TP 4 and later. For training, demos, test. R&D it is great. For Windows Server 2016 TP4 it needs to be enable and configured to work and that means PowerShell. Currently there are also some limitations.

On the Host:

Device Guard Disable
Credential Guard Disable
Hyper-V Enabled
Hardware Intel VT-x
Windows Version Build 10565 or greater


In the VM:

Dynamic Memory No
Change memory while VM is running No
Using any kind of Checkpoint No
Live Migration No
Save/Resume No


You can read the fine print here:

The PowerShell Function/Script:

This script will enable Nested Hyper-V an a VM
Invoke-WebRequest "" -OutFile ~/EnableNestedHyperV.ps1
Import-Module ~/EnableNestedHyperV.ps1
Enable-NestedHyperV -VMname TEST100
This Script (Provided be Microsoft) will verify configuration
Invoke-WebRequest "" -OutFile ~/Get-NestedVirtStatus.ps1


Posted in Datacenter, Hyper-V, Windows 10, Windows Server, Windows Server 2016, Windows Server vNext | Tagged: , , , , | 1 Comment »

OS Deployment – Adding a Wizard to control the Task Sequence behavior when you create a Reference Image

Posted by Mikael Nystrom on November 17, 2015

If you are in the business of doing Reference Imaging you want that process to be as automated as possible, but now and then you need to verify that different part of the task sequence works, lets say that you need to verify that an application you added to that task sequence get installed correctly, at time you don’t really like to run trough the entire Windows update process. Easy fix, you open the Task Sequence and disable it, but what if you could do some thing like this instead…A quick Note before you begin: This is not supported, since includes a modification a ZTIConfig.vbs and credit goes to Keith Garner for the explaining how to do that modification. Thanks!

I have done demos on this topic for some time now and I have promised to post this, so for all of you attending MMS in MN, TechDays and other various events, here you have it.


If that is what you want, here it is.

Adding the Suspend Step

The Suspend Step is a function that is built-in to MDT, but you need to add it. After you have done that the task sequence will suspend at that step and you can perform manual tasks, or test and verify that things works as expected. When you are done, just hit the “Resume Task Sequence” icon that will be on the desktop. Extremely useful, but instead of enable/disable by modifying the task sequence, it is nice to have that as checkbox.

Open your Task Sequence and browse to: State Restore \ Custom Tasks (My folder has been renamed to “Custom Tasks Post WU) and add a Run Command Line using the following settings:

  • Name: Suspend
  • Command Line: cscript.exe “%SCRIPTROOT%\LTISuspend.wsf”

The Suspend Step has been added.

Adding Conditions to the Steps.

We need a couple of Properties that we can use, let us use SuspendTS, DisableApps and DisableWSUS, add the following settings to the following steps in the Task Sequence.

For the Windows update steps, add the following Task Sequence Variable.

  • Variable: DisableWSUS
  • Condition: not equals
  • Value: NO

One of the Windows Update Step has the condition set, don’t forget to set them both.

For the Application install group steps, add the following Task Sequence Variable.

  • Variable: DisableApps
  • Condition: not equals
  • Value: NO

The group that install all the Applications has the correct condition set.

For the Suspend Task Sequence step, add the following Task Sequence Variable.

  • Variable: SuspendTS
  • Condition: equals
  • Value: YES

The Suspend Step Condition changed according to the list above.

Create an Application Bundle

We need a application bundle, the application bundle will actually not install anything at all, instead it is going to be the place holder for the HTML code. I recommend that you have all the “applications” you don’t want to see in a set of folders and this application in an other folder, or directly in the root, because this application should be seen, so you can “fill out the form”.

Create the Application Bundle using the following settings:

  • Application Type: Application Bundle
  • Application Name: Deployment Settings

The application Bundle has been created in the Config Folder.

Add HTML code to the Application Bundle

Open the Application Bundle and the the following HTML code to the comments field

<td>Enable Suspend Task Sequence</td>
<td><INPUT type="checkbox" Name="SuspendTS" value="YES" /></td>
<td>Disable  Windows Update</td>
<td><INPUT type="checkbox" Name="DisableWSUS" value="NO" /></td>
<td>Disable Application Install</td>
<td><INPUT type="checkbox" Name="DisableApps" value="NO" /></td>

Note:Make sure that your " are real " and not the “Word edition”

HTML has been added to the Comments filed.

Enable HTML code to run in the Comments field

Time for the unsupported part, the change you are about to do will stop the Wizard from parsing the comments field as text.

In scripts folder, find the file named ZTIConfig.vbs, make a copy of it, open the ZTIConfig.vbs and find the following line (around Line 700)

sComments = EncodeXML(oItem.SelectSingleNode("./Comments").Text)

and replace it with this

sComments = oItem.SelectSingleNode("./Comments").Text

Save the file.

Modify your CustomSettings.ini

We need to be able to select applications, so make sure your customsettings.ini shows:

  • SkipApplications=NO
  • SkipSummary=NO

The setting SkipSummery can later be set to YES, the setting I suggest is just so that you can see that Variables are set correctly with the need to run trough the entire deployment when testing this.

CustomSettings.ini has been modified.

Hide all other applications

When running the wizard, I don’t need to see all the applications, since the have been added to my task sequence. So you can either open each and every application and enable the “Hide this Application” checkbox, or you can (if you have all the applications in folders, just disable the folder.


Create Your Reference Image using the new “Wizard”

Boot the VM, select your Task Sequence and enable/disable the item.

Note: You don’t really need to select the application, it is just used as place holder for the HTML code, I have however made the application a default application to avoid confusion as a MnadatorApplications001={GUID}

All item have been Selected.

All values have been set correctly.

Have Fun!


Question: Do I need to select the application:
Answer: No

Question: Why don’t you add a Wizard Page instead?
Answer: Because that is more complicated if you don’t know exactly how the wizard works, this method is in most cases good enough and can be done even if you don’t have any experience in modifying the Wizard, you can as an example just add a dropdown box to be able to select certain items

Question: Do you have any other example on how to use this?
Answer: Yes, a ton of them

Question: If I don’t need to wizard thing anymore, how to I disable it?
Answer: Since it is an application, disable the application

Posted in MDT, OS Deployment, OSD, Reference Image, Unsupported | Tagged: , , , , | 1 Comment »

OS Deployment – What’s inside my WIM?

Posted by Mikael Nystrom on November 15, 2015

I was working for a customer in the US last week (You know how you are) and they had a problem with OSD that is solved by the updated Kernel Driver Framework. So, I told them to create a new ref image that has all patches included, still did not work. So, let us open the WIM and see if the hotfix is included, it was not, since there was an issue with WSUS, fixed and cased closed. but…

I have tested the script against all kinds of WIM files and so far it works, the script it self has been tested on Windows 10 and Windows Server 2016 TP3

Creating a WIM Content Report

I did create a script that extracts the information from the WIM file at the customer site, but this version has been somewhat “polished”.


The Script.

What do I get?

Generic Info.

Drivers (Yes, even if you don’t add drivers, Microsoft Office will).

Enabled Features.

All the Packages.

All Appx Packages.


Import the Get-WimInfo.ps1 powershell script as a module:

Import-Module Get-WimInfo.ps1 -Force –Verbose

Use the Command like this:

New-WimReport -MountFolder C:\mount\ -WIMFile E:\WIMs\RW10X64-002.wim -Index 1


Posted in OS Deployment, OSD, WIM | Tagged: , | Leave a Comment »

Working in the Datacenter – Deploying Update Rollups for System Center 2012 R2

Posted by Mikael Nystrom on November 14, 2015

You really need to understand this: A Update Rollup should NEVER, EVER be deploying using WSUS!!! (or any other automated way, unless you know exactly what needs to be done before and after to make it work)


Microsoft provides all the Update Rollups trough Windows Update, so far so good, that makes it easy to deploy, so what is the big “nono” here? Well, the short story is that it does not work they way most people assumes. Deploying the Update Rollup could also require you to perform actions like this:

  • Update the SQL database using script
  • Add or modify Registry Keys
  • Manually update Agents
  • Troubleshoot issues

So, based on the history, please, just don’t do this, it does not work. You need to deploying a Update Rollup pretty much like a Service Pack, since that is what it really is. It does contain both bug fixes as well as new features and some of the features will change behavior, some of the new features needs to be enabled.

Ok, so how?

You need to follow the blogs from each product team so you know when they are released and then you need to follow the step-by-step instructions from the team. If you do have a test system (you can use a hydration kit to build one fast and use for testing, check or for more information

Ok, so When?

You have two options here, you either know someone that has tested and verified it or you wait 30 days and “listen” on the Internet, if you see 1.000.000 hits in a search engine, maybe you should wait to everyone else has fixed it.

Plan it a head

Ok, so this is what I tell all the customers I work with. Since Microsoft is releasing Update Rollups 4 times per year, create a schedule and set a side a couple of days (or more) every year to do this. It does not need to match the dates Microsoft will release it, just have a Maintenance Window 4 times every year to update/maintain your System Center platform.

Deploying Update Rollup 8 for System Center 2012 R2 – All Systems

Deploying Update Rollup 8 for System Center 2012 R2 – App Controller (No updates)

The last update for App Controller was System Center 2012 SP1 –

Deploying Update Rollup 8 for System Center 2012 R2 – Data Protection Manager

Note: Could require a restart of all protected servers after deploying agent.

3086084 Update Rollup 8 for System Center 2012 R2 Data Protection Manager

Download the Data Protection Manager update package now

Deploying Update Rollup 8 for System Center 2012 R2 – Operations Manager

Note: Do not install this update rollup package immediately after you install the System Center 2012 R2 server. Otherwise, the Health Service state may not be initialized.

Note: Could require manually editing webpages

Note: Could require you to manually adding Registry Keys and Values

Note: Could require you to manually run SQL scripts to update the database

3096382 Update Rollup 8 for System Center 2012 R2 Operations Manager

Download the Operations Manager update package now

Deploying Update Rollup 8 for System Center 2012 R2 –  Orchestrator

3096381 Update Rollup 8 for System Center 2012 R2 Orchestrator

Download the Orchestrator update package now

Deploying Update Rollup 8 for System Center 2012 R2 – Service Provider Foundation

3096384 Update Rollup 8 for System Center 2012 R2 Service Provider Foundation

Download the Service Provider Foundation update package now

Deploying Update Rollup 8 for System Center 2012 R2 – Virtual Machine Manager

Note: Bare metal provisioning has changed

Note: Could require you to manually run SQL scripts

Note: Many new features, read and understand (and test them)

3096389 Update Rollup 8 for System Center 2012 R2 Virtual Machine Manager

Download the Server update package now

Download the Administrator Console update package now

Download the Guest Agent update package now

Deploying Update Rollup 8 for System Center 2012 R2 – Windows Azure Pack

3096392 Update Rollup 8 for System Center 2012 R2 Windows Azure Pack

Download the Windows Azure Pack update package now

Posted in Data Protection Manager, Datacenter, Operations Manager, Orchestrator, Service Provider Foundation, System Center 2012 R2, Virtual Machine Manager, Windows Azure Pack | Tagged: , , , , , , , , | Leave a Comment »

Working in the Datacenter – Protect Remote Desktop Connection Manager using Self Signed Certificates

Posted by Mikael Nystrom on November 13, 2015

Note: Script has been updated to include $YEARS, the suggestion came from, Thanks!

Even if IT is changing into more “Pets” and “Cattle’s”, we still have a massive amount of system that will be managed using Remote Desktop for a long time. Using Remote Desktop Connection Manager makes that process easier, you can basically work with all machines in a single windows.

The mini view of 3 computers in RDCMan 2.7

Security is important

One really great feature is that you can save the password for each and every connection, and if you read the help file, it states:

RDCMan can encrypt the passwords stored in files either with the local user’s credentials via CryptProtectData or an X509 certificate

Hmm, ok, the first one is kind of bad. If I move the RDCMan file to another computer then all the passwords are lost, on the other hand, that is also more safe. But I really have that situation. I need to have to be able to use the configurations files on more then one computer and they need to be protected. So lets use Certificate instead, but, how do you create a Certificate that can be moved around easy and at the same time is secure and protect itself?

According to the help file, we shall of course use the one utility on the planet that I hate most, I don’t like that fact that you need to spend hours to download an SDK kit just to run a app to create file that takes 1 second. There just to have to be a replacement for makecert.exe…

PowerShell to the Rescue!

So, lets us first create the certificate, export it and then remove it and finally import it. This way way we know we can import it even on other computers. You need to protect the certificate with a password, that way it will be protected from being imported by anyone else than you

Create and export a self signed Certificate for Remote Desktop Connection Manager

#Create and Export Certificate
$PlainPassword = “P@ssw0rd”
$ExportFolder = "C:\Test"
$Subject = "RDCMan"
$YEARS = 1
$CertificateFileName = "RDCManCertificate.pfx"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$RDCManCertificate = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Subject $Subject -KeyExportPolicy Exportable -KeySpec KeyExchange -NotAfter $(Get-date).AddYears($YEARS)
Export-PfxCertificate -Cert $RDCManCertificate -FilePath "$ExportFolder\$CertificateFileName" -Password $SecurePassword
$RDCManCertificate | Remove-Item


Import the Self Signed Certificate for Remote Desktop Connection Manager

#Import Certificate
$PlainPassword = “P@ssw0rd”
$ImportFolder = "C:\Test"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
$CertificateFileName = "RDCManCertificate.pfx"
Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -Password $SecurePassword -FilePath "$ImportFolder\$CertificateFileName"


Use the Certificate in Remote Desktop Connection Manager

In the setting for each .rdg file you can configure encryption, like this.


Hey, almost missed, my friend and co-worker Markus Lassfolk have a really cool script that dumps all servers from AD and create the .RDG file fore you, go grab that here:

Posted in Datacenter, PowerShell | Tagged: , | 7 Comments »

Working in the Datacenter – Operations Management Suite (OMS) now supports Linux (Preview)

Posted by Mikael Nystrom on November 4, 2015

Today the OMS team announced support for the a Linux agent, that will give you the opportunity to also monitor Linux systems using OMS.

Read more here:


Posted in OMS | Tagged: | Leave a Comment »

OS Deployment – Windows 10 and OUs, Policies and LAPS

Posted by Mikael Nystrom on November 4, 2015

So, you are about to deploy Windows 10 in your organization, that sounds like a great plan. Before you start I do have some recommendations when it comes to joining them in your domain.

Create a separate OU for your Windows 10 computers

Yes, I strongly recommend you to do this. When working with customers I see a lot of “-We have 850 GPO settings that we used for XP, should we apply the same for Windows 10?” and the the answer is of course NO!!!! Instead you create a new OU and start over, this is your chance to cleanup that mess. For most customers it turns out that you need just a small number of settings for Windows 10 computers, since most is already correct. Also, you might use ConfigMgr and are starting use the policy in there instead or shifting into MDM. Just have a blank and blocked OU for your Windows 10 computers until you have figured out exactly what you need to have. after that, you might want to move computers back, use WMI filter or re-arrange your OU structure.

A separate OU has been created for Windows computers.

What policy’s should you have?

This is a discussion I have with every customer and over time I have learn to explain this. I usually divide all settings in to four different categories and the simple rule is that if you cant tag your policy in any of these four categories, don’t use it!

Group Policy Settings Reference for Windows 10:

Download Settings Ref.

Settings that will help the user to do the correct action

This could be to save documents in the correct place, to configure the Antivirus program to perform correctly and so on

Settings that brand the computer correctly

Branding is important from many aspects, one is that the user often sees  a non branded device as their “own”, while a branded computer belongs to the company and this also reflects they way people treat the device.

Settings that prevents the user from shooting them self in the foot

This is not security settings, this is more of the “Would you like to open Word Documents using Notepad instead of Word”, and that will prevent the user from working, kind of…

Real Security settings

As a first step, you need to have some kind of strategy around Security, there is not really any value in locking down a computer to insanity, while the user is a local admin anyway. As a first step use Security Compliance Manager 3.0 plus the draft for Windows 10 Security Settings (and final when that arrives) to determinate a baseline.

Windows 10 Security Compliance Manager Baselines:

Security Compliance Manager:

The new template files for SCM and Windows 10 (draft).

Implement Local Administrator Password Solution (LAPS)

With LAPS you have a solution that will on a regular basis change the password of the local admin account and store it in Active Directory, this is one of those “Just install it, don’t ask)


Download LAPS.

Update your ADMX and ADML files for Windows 10

Ok, so the basic is done, now you need to download the new ADMX and ADML files and store them in a Central Store

Download the ADMX and ADLM files

Tat is done here :

After download, run the installer to unzip the files. Open the folder and remove all languages folders you don’t need. I usually only keep the en-US. The only reason to have other languages is that you have administrators that don’t understand English, this has nothing to do with end users, they will hopefully never, ever create or modify GPO’s


Download the ADMX and ADML files for Windows 10.

Update your Central Store

This is very much recomened, but it will work if you use a local store as well. The reason to have a central store is that all policys modified/created will use the same base, otherwise there is huge risk that a policy is created on one machine, with different languaes, different versionas and that could lead in to all kinds of disaster. (In this case the server is named SRVDC01 and the domain name is network.local)

So, the easy way is to rename the folder called \\srvdc01\SYSVOL\network.local\Policies\PolicyDefinitions to \\srvdc01\SYSVOL\network.local\Policies\PolicyDefinitions.old

And copy the new policydefinitions from your unzipped folder to \\srvdc01\SYSVOL\network.local\Policies\PolicyDefinitions like this:

The PolicyDefinitions folder in the correct location.

If you hade any custom policy files, copy them from the PolicyDefinitions.old to PolicyDefinitions to get them back. The reason I do this is because there are some policy’s that has been changed and instead of picking them out, it is easier to just rename the old folder and upload a new folder with correct policy’s. Note: this does not change ANY existing policy’s at all.When you create anew policy the Policy Editor will start using the new templates, that’s all.

To verify that you have the correct policy’s in place, just open GPEdit and create a new policy and browse to a new setting you don’t have before.

Here you can see that the template is fetched from Central Store and that I can Configure Device Guard that is a feature of Windows 10.


Posted in Deployment, Windows 10 | Tagged: , | 2 Comments »

Working in the Datacenter – Wake on LAN using PowerShell

Posted by Mikael Nystrom on November 2, 2015

I have to admit, I’m lazy. So when working with computers, datacenters, at home or basically anywhere I don’t like to get up and push a button. My hands needs to be close to my keyboard, BTW, Wake on LAN is not something new, it is actually pretty old.

The first section in this post is about how it works, and the second part is how to use it.

How does this work?

The Wake On LAN Function

I don’t like to download utilities or application when I don’t really need to, if i can solve this with a simple PowerShell CMD-let or a simple function, I’ll use that instead. So browsing around the Internet lead me to this site where the basic functionality to create a magic packet exist. So by using the fundamentals from Kris Powell I crerated a function of this:


Getting the MacAdress

But to be able to send a Magic Packet I do need a MacAddress, so I need a function for that to and here it is. I do need multiple functions here.

The first function is to grab the MAC from a “live” IP address, but then I need to know the IP.


So the second function is to get the IP from name.


And combining them leads me into the last function.


There are of course a bunch of other ways to get the MAC address, you can of course grab the MAC address from with in the OS using basically any command line, but it’s so handy to not logon to all the machines(Yes I know there are ways, but I have a massive amount of lab machines, not members of the domain and other strange machines).

Storing the MacAddress in a XML data file

Well getting the macaddress is easy when the machine is turned on, but, hey  that’s not going to be the case here. So while the machines are “live” I can get the MAC, IP and Computer name and store that in an XML File, then I can later use that information to wake my machines up when I need them, so I do need to store that information somehow.


Get information from the XML data file

Now, lets see what’s in the data file by using this function


Using this

Load them up and lets get started!

#Import Module
Import-Module C:\Users\Administrator\OneDrive\PowerShellScript\WakeOnLan\WakeOnLan.psm1 -Force -Verbose

#Set Vars
$XMLfile = “C:\Users\Administrator\OneDrive\PowerShellScript\WakeOnLan\Computers.xml”
$Computers = “FABUILD01″,”DFLAB01”

With all functions loaded you can now run trough a couple of steps to create your XML file and have functions ready for Wake-On-LAN

Function is loaded and basic variables are set

Create the XML file and get the content

#Generate  New XML File
New-ComputerDataFile -Computers $Computers -XMLDatafile $XMLfile

#Get Content of XML File
Get-ComputerDataFile -XMLDatafile $XMLfile


Wake it up!

#Send Magic Packet to Computer
Send-MagicPacket -Mac $(Get-MacFromXML -ComputerName DFLAB01 -XMLDatafile $XMLfile)


Here is the PowerShell Module and a Sample Script on how to use it



For Ref:

WakeOnLan.psm1 – Listning:

Function Get-MacFromIP{
$Ping = ( new-object System.Net.NetworkInformation.Ping ).Send($IP)
if($Ping.Status -eq “Success”){
RETURN (Get-NetNeighbor -IPAddress $IP).LinkLayerAddress
Write-Host “NA”
Function Get-IPFromName{
Return (Test-Connection -ComputerName $ComputerName -Count 1 -BufferSize 32).IPV4Address.IPAddressToString
Function Get-MacFromName{
$IP = (Test-Connection -ComputerName $ComputerName -Count 1 -BufferSize 32).IPV4Address.IPAddressToString
$Ping = ( new-object System.Net.NetworkInformation.Ping ).Send($IP)
if($Ping.Status -eq “Success”){
RETURN (Get-NetNeighbor -IPAddress $IP).LinkLayerAddress
Write-Host “NA”
Function Get-MacFromXML{

[XML]$XMLData = Get-Content -Path $XMLDatafile
RETURN $(($XMLData.Computers.Computer | Where-Object -Property Name -EQ -Value $ComputerName).Mac)
Function New-ComputerDataFile{

$XMLData = New-Item -Path $XMLDatafile -ItemType File -Force
$ComputerID = 100

set-Content $XMLData ‘<?xml version=”1.0″ encoding=”utf-8″?>’
add-Content $XMLData ‘<Computers>’

foreach($computerName in $computers){
$ComputerID = $ComputerID + 1
add-Content $XMLData ” <Computer id=””$ComputerID””>”
add-Content $XMLData ”  <Name>$ComputerName</Name>”
add-Content $XMLData ”  <IP>$(Get-IPFromName -ComputerName $ComputerName)</IP>”
add-Content $XMLData ”  <Mac>$(Get-MacFromName -ComputerName $ComputerName)</Mac>”
add-Content $XMLData ‘ </Computer>’
add-Content $XMLData ‘</Computers>’
Function Get-ComputerDataFile{

[XML]$XMLData = Get-Content -Path $XMLDatafile

Function Send-MagicPacket{
Write-Host “Sending MagicPacket to $MAC”

$MacByteArray = $Mac -split “[:-]” | ForEach-Object { [Byte] “0x$_”}
[Byte[]] $MagicPacket = (,0xFF * 6) + ($MacByteArray  * 16)
$UdpClient = New-Object System.Net.Sockets.UdpClient

Proj-WakeOnLan.ps1 – Listning:

#Import Module
Import-Module C:\Users\Administrator\OneDrive\PowerShellScript\WakeOnLan\WakeOnLan.psm1 -Force -Verbose

#Set Vars
$XMLfile = “C:\Users\Administrator\OneDrive\PowerShellScript\WakeOnLan\Computers.xml”
$Computers = “FABUILD01″,”DFLAB01″

#Generate  New XML File
New-ComputerDataFile -Computers $Computers -XMLDatafile $XMLfile

#Get Content of XML File
Get-ComputerDataFile -XMLDatafile $XMLfile

#Send Magic Packet to Computer
Send-MagicPacket -Mac $(Get-MacFromXML -ComputerName DFLAB01 -XMLDatafile $XMLfile)


Computers.xml –  – Listning:

<?xml version=”1.0″ encoding=”utf-8″?>
<Computer id=”101″>
<Computer id=”102”>

Posted in Datacenter, PowerShell | Tagged: , | 2 Comments »

OS Deployment using MDT – Inside the Validation Step

Posted by Mikael Nystrom on September 30, 2015

So, you are about to deploy Windows (client or server) using Microsoft Deployment Toolkit. Before you do that, maybe you should change the Validate Action, why? Because the default values does not make sense to everyone, that’s why.

The Validate Action

The Validate Action is a step in the Task Sequence that verifies that the machine you are about to install are good enough to be deployed. the defaults are a bit “wrong” for most customers IMHO.

The Defaults:

  • Check if the Machine has at least 768 MB of RAM
  • Check that the minimum CPU speed is at least 800 MHz
  • Don’t check disk space
  • Check that if there is a Operating System installed, it is a Client OS

Consider this:

Ensure minimum memory

768 MB is just wrong, a Windows 10 machine will need at least 2 GB (x86) or 4 GB (x64), so that means you should set them to 2048 or 4096, no, not at all. You need to calculate on the GPU RAM as well, since that is most likely “stolen” from RAM. So a 4 GB machine is 4096 MB – 512 MB (GPU Memory = 3584, set it to 3500. A 2 GB machine is 2048 MB – 512 MB = 1536 MB, set it to 1530.

Ensure minimum processor speed (MHz)

This is a bit tricky, depending on power saving features and the fact the machine is virtual, this could block OS install, even if it is correct. But, there is very few machines with 4GB of ram with a slower CPU then 800 MHz anyway, so checking memory. should be fine.

Check to ensure specified image size will fit (MB)

This check does not happen unless you check it, and maybe you should, if you are using Multicast the image will first be copied to the disk and then it will perform the install, in that case you actually “need” space, consider to change that.

Ensure current OS to be refreshed is

This checks the OS on the disk before installing/refresh, well it make sense in most cases, however, when you are playing and testing you could have a laptop that is used for both client and server OS test, in that case you need to uncheck.

Below you can see the default values.

Modified values.

Here is the result if the validation fails, due to insufficient memory.

Check BIOS

One other fun thing is the Check BIOS action, when I ask around I usually get something like – Well it checks the bios, you know. Not really, it is a script that runs to gather information a bout the bios, that is correct. It then uses that information against a XML file to see if it is a match, it there is a match, it will then block OS install. But the question is, what does it really check?

When opening the VBscript it seems that it checks, Manufacturer, Model and date of Bios


and if it does find a match it will tell you the following…


and that’s very nice to know, if you are deploying Windows Vista…


Let us see what it looks for…


Ok, hmm, If you have BIOS version XX ROM BIOS Version 1.23, the Vendor is Wyssyg Computers and the Model is WYSIWYG Super Cool Computer 2007 with a BIOS date of 20060801000000.000000+000 it will then block the install. Not sure that has ever happened, but hey, nothing is impossible…

What you could do is to add computers to the XML file to block installation if you know that a certain model/bios will not work correctly.


Posted in MDT, OS Deployment | Tagged: , , | 4 Comments »


Get every new post delivered to your Inbox.

Join 6,080 other followers