The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…


    Mikael Nystrom

    Mikael Nystrom

    OS Deployment Geek, Virtualization and System Center

    Mikael Nystrom is a Microsoft MVP and Principal Architect at TrueSec

  • Archives

  • Meta

PowerShell is King – Working with Passwords, Secure Strings and Credentials

Posted by Mikael Nystrom on December 6, 2014

No, not something new at all, more of a answer on a lot of questions I got from folks. At TechNet Wiki there is a page that describes how to deal with passwords, secure strings and such.

Working with Passwords, Secure Strings and Credentials in Windows PowerShell

Here is the most common I use:

Create SecureString

Type the password in an interactive prompt:

$SecurePassword = Read-Host -Prompt “Enter password” -AsSecureString

Convert from existing plaintext variable

$PlainPassword = “P@ssw0rd”
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force

Create PSCredentials

Assuming that you have password in SecureString form in $SecurePassword variable:

$UserName = “Domain\User”
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword

Read the rest of the Wiki here:


Posted in PowerShell | Tagged: , , , | 5 Comments »

Connecting VMM and Operations Manager

Posted by Mikael Nystrom on December 5, 2014

Originally posted on System Center Ramblings:

When building a fabric domain most want to connect Virtual Machine Manager and Operations Manager to get alerts and information. However many seem to fail with this due to not using the correct credentials.

First off you need to download and import the SQL MP for OpsMgr. They have been removed from the catalog and can now be found here: Download, extract and import them into OpsMgr.

Next we need a service account with Admin privileges in OpsMgr. Create the account and add the account to an AD group and add the AD group to the OpsMgr Admins. While you are in the process of creating accounts we will need another account that OpsMgr will use to connect to VMM. This account does NOT need any privileges at all.

Now go to the VMM console on the VMM server. Go to Settings and then System Center Settings and click…

View original 157 more words

Posted in Uncategorized | Leave a Comment »

PowerShell is King – Using OneGet Package Manager on Windows Server Technical Preview build 9841

Posted by Mikael Nystrom on December 5, 2014

PowerShell is great and with the “new” OneGet it get awesome. OneGet is a part of PowerShell v5 and it is a generic package manager. OneGet can get items from a repository, for example from Chocolatey ( Instead of spending a massive amount of time to explain how it works inside, lets just start playing with it. There is a couple of things you need to do to make OneGet to work with Chocolatey in build 9841.

Lets Install Zoomit, WinRAR and Notepad++!

Step 1 – Install the Chocolatey provider

Execute the following in an elevated PowerShell prompt:

#Setup the Webclient
$webclient = New-Object System.Net.WebClient

#DL and install Chocolatey
Invoke-Expression (($webclient).DownloadString(‘′))



Step 2 – Download the updated and modified OneGet PowerShell Module

Execute the following in an elevated PowerShell prompt:

#DL and unzip the latest OneGet
$ZipFile = ‘C:\OneGet.Zip’


After download, unzip the zip folder and execute the RunToUnBlock.CMD inside the folder.

Step 3 – Import the updated OneGet module

Execute the following in an elevated PowerShell prompt:

Import-Module C:\Oneget.New\OneGet.psd1 -Force -Verbose


Step 4 – Get the Package Provider to verify that you have the correct version

(Currently that is

Execute the following in an elevated PowerShell prompt:

Get-PackageProvider -Name Chocolatey -ForceBootstrap -Force


Step 5 – Find the fun stuff

Execute the following in an elevated PowerShell prompt:

Find-Package -Name WinRar,Zoomit,notepadplusplus -Provider Chocolatey


Step 6 – Install your package

Execute the following in an elevated PowerShell prompt:

Find-Package -Name WinRar,Zoomit,notepadplusplus -Provider Chocolatey | Install-Package -Force



Posted in PowerShell | Tagged: | 9 Comments »

Nice to Know – Yes, it is possible to copy items between to Task Sequences as well as copy items between 2 different deployment shares

Posted by Mikael Nystrom on November 11, 2014

This is NOT a new feature, I cant even remember how long this has been working, but this morning I saw a Tweet when someone was happy about the possibility to copy items between deployment shares in MDT, so for thoose that knows all this, you do not need to read more, for the rest of you.

Yes, you can copy items between Task Sequences

(it also works copy items within a Task Sequence)

This works in both MDT as well as in ConfigMgr.




Yes, you can copy items between Deployment Shares (Only for MDT, Lite Touch)

In this case I have 3 deployment shares in the Deployment Workbench and it is possible to copy all kind of items between these 3 deployment shares


Let us copy some application from one deployment share to another.

Select Application, right click and select Copy.


Browse to new location, right-click, select Paste.


The application has been copied to the new deployment share.



Posted in ConfigMgr, Lite Touch, MDT, OSD, Zero Touch | Tagged: , , , , , , | 3 Comments »

OSD – Using PowerShell Commands in UserExit VB script to extend the ZTIGather process during OSD

Posted by Mikael Nystrom on November 11, 2014

During todays session I realized that I have done a lot of OSD stuff, but never published it (shame on me), so time to work. First up is how to run PowerShell CommandLets inside a UserExit script. A UserExit script is an extension to the ZTIGather process, giving you the opportunity to extend the gather process with information that the Gather process does not cover. That has been possible for a long time, but VBscript is not really the easiest script language in the world, so I asked my self if it would be possible to use PowerShell inside the VBscript and of course it is!

The idea

The basic idea is to run the UserExit script from customsettings.ini as usual and then do a jump out into PowerShell, execute the PowerShell CMDLets, terminate and return the value into the VBscript, which then will be a value connected to a Custom Property in the gather process, which then can be consumed by customsettings.ini and/or the task sequence. you can download everything from here:


The Boot Image

The boot image must have support for PowerShell and you can get that by adding .NET and PowerShell

Lite Touch.

Zero Touch.

The Customsettings.ini file

The customsettings.ini file will direct ZTIGather to process the section called UserExits, which will execute the UserExit.vbs script, call the function called RunningPSCommand and return the value from that function into the property called PSCommand.

This is a sample of how the customsettings.ini file should look like to call the UserExit script.

The UserExit Script that runs PowerShell commands

The script is rather simple, basically the PowerShell command is a string, executed by PowerShell.exe and using Executor.StdIn.Close to close the window and then using Executor.StdOut.ReadAll to grab whatever you have in the window and put that in the RunningPSCommand, which then is returned back to the ZTIGather process as a value for the Property RunningPSCommand.


The result of running the ZTIGather


As you can see the PowerShell command was running and returned the value “Virtual Machine” and now the Property PSCommand is equal to Virtual Machine and can be used elsewhere in CustomSettings.ini or in the Task Sequence


Posted in ConfigMgr, Lite Touch, MDT, OSD, Zero Touch | Tagged: , , , , | 2 Comments »

OSD – Static IP Address does not work in Lite Touch using Offline Media

Posted by Mikael Nystrom on November 7, 2014

During a project Johan and was working a while ago, we used Offline Media and we had a problem to set a static IP Address during OSD. After digging Johan found the issue and here is the solution.



Posted in MDT, OSD | Tagged: , , , | 1 Comment »

Nice to Know – Improve Bare Metal Deployment success rate in System Center Virtual Machine Manager

Posted by Mikael Nystrom on November 5, 2014

Bare Metal Deployment in SCVMM is a bit different compared to everything else, since it is using a push method. So instead of having some kind of client application controlling the deployment, the SCVMM server is controlling the OS Deployment. There could be issues, since SCVMM is building team and switches and there is a chance that SCVMM will loose connectivity to the host and the Bare Metal Deployment stops. In many case that is related to DNS and DNS cache, since that is the method used to be able to connect to the host during deployment. By decreasing the DNS cache timeout on the SCVMM server the success rate will improve very, very much.

How to fix it?

Logon to your SCVMM server and execute the following PowerShell commands to set the DNS Cache to a minimum and restart the DNS Cache services

New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name "MaxCacheTtl" -Value 5 -PropertyType "DWORD" -Force
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name "MaxNegativeCacheTtl" -Value 5 -PropertyType "DWORD" -Force
Restart-Service -Name Dnscache -Force -Verbose


Posted in Hyper-V, OS Deployment, SCVMM | Tagged: , , , | Leave a Comment »

PowerShell is King – Testing OS Deployment Web Services using PowerShell

Posted by Mikael Nystrom on November 2, 2014

Recently I was setting up Maik Kosters OS Deployment Web Services for a customer and I need to test them, sure, you can do that interactively directly by running them, but I wanted the “PowerShell” way to do it.

You can get the Web Services from Maik Koster here:

Testing a Web Services the Non PowerShell Way.

Browsing to the Web Services

Select the DoesComputerExists

Type in a value and Invoke.

Testing a Web Services the PowerShell Way.

Since PowerShell has the function built-in it is very much a no-brainer.

To connect and get all members from the Web Services execute this:

$ADWebS = New-WebServiceProxy -Uri http://MDT01/OSD/ad.asmx?WSDL
$ADWebS | Get-Member -Type Method

That will give you something like this back


To connect and get one member with some detail execute this:

$ADWebS = New-WebServiceProxy -Uri http://MDT01/OSD/ad.asmx?WSDL
$ADWebS | Get-Member -Name DoesComputerExist -Type Method | Format-List

That will give you something like this back


So, to test the DoesComputerExists with a value you can now execute the following:

$CompuerNameToTest = "MDT01"
$ADWebS = New-WebServiceProxy -Uri http://MDT01/OSD/ad.asmx?WSDL
$ComputerExistsInAd = $ADWebS.DoesComputerExist("$CompuerNameToTest")

Write-Host "The Computer $CompuerNameToTest exists in Active Directory: $ComputerExistsInAd"

So if the Computer Exists in Active Directory you should get something like this back



Posted in Lite Touch, MDT, OS Deployment, Zero Touch | Tagged: , , , , , , | Leave a Comment »

TechEd EU 2014 – WIN-B314

Posted by Mikael Nystrom on November 2, 2014

During the session I did demo some scripts and here they are:

Script to configure the Build LAB Deployment share:

Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"

#Set permisions correct
net share E:\MDTBuildLab '/grant:EVERYONE,change'
icacls E:\MDTBuildLab\Captures /grant '"MDT_BA":(OI)(CI)(M)'
icacls E:\MDTBuildLab\Logs /grant '"MDT_BA":(OI)(CI)(M)'

#Create the folder structure
new-item -path "DS001:\Applications" -enable "True" -Name "Install" -Comments "" -ItemType "folder" -Verbose
new-item -path "DS001:\Applications" -enable "True" -Name "Action" -Comments "" -ItemType "folder" -Verbose
new-item -path "DS001:\Operating Systems" -enable "True" -Name "Windows 8.1 x64" -Comments "" -ItemType "folder" -Verbose
new-item -path "DS001:\Task Sequences" -enable "True" -Name "Ref" -Comments "" -ItemType "folder" -Verbose

#Import the OS
import-mdtoperatingsystem ´
-path "DS001:\Operating Systems\Windows 8.1 x64" ´
-SourcePath "G:\Raw\Windows 8.1 x64" ´
-DestinationFolder "W81X64-001" ´

#Create the Task Sequence
import-mdttasksequence ´
-path "DS001:\Task Sequences\Ref" ´
-Name "Ref Windows 8.1 x64 Enterprise" ´
-Template "Client.xml" -Comments "" ´
-ID "RW81X64" -Version "1.0" ´
-OperatingSystemPath "DS001:\Operating Systems\Windows 8.1 x64\Windows 8.1 Enterprise in W81X64-001 install.wim" ´
-FullName "ViaMonstra" ´
-OrgName "ViaMonstra" ´
-HomePage "about:blank" ´

Set-ItemProperty -Path DS001: -Name Boot.x86.LiteTouchWIMDescription -Value 'MDT Build Lab x86'
Set-ItemProperty -Path DS001: -Name Boot.x86.LiteTouchISOName -Value 'MDT Build Lab x86.iso'
Set-ItemProperty -Path DS001: -Name Boot.x64.LiteTouchWIMDescription -Value 'MDT Build Lab x64'
Set-ItemProperty -Path DS001: -Name Boot.x64.LiteTouchISOName -Value 'MDT Build Lab x64.iso'
Set-ItemProperty -Path DS001: -Name SupportX86 -Value 'False'

Script to bulk import applications

Wrapper for C++

Script to download all C++

Sample Custom Settings.ini


Posted in Session, TechEd | Tagged: , | Leave a Comment »

TechDays Sweden 19-20/11 – Den nya generationens datacenter

Posted by Mikael Nystrom on October 16, 2014

(in Swedish)

Den 18 november, d.v.s. en dag INNAN TechDays öppnar portarna för årets Microsoft konferens I Sverige kommer jag och Markus Lassfolk att köra en hel dag kring frågan hur man bygger datacenter numera. Design kommer i huvudsak röra det som kallas converged och innehållet för dagen kommer att handla om

Hyper-V, design, best pratices, nätverk, VMQ, RSS, RDMA, CPU, Minne, IOPS, Storage Spaces, Scale-Out Files server, NVGRE networks, Gateway och mycket, mycket mer. Ska du bygga, håller du på att bygga, ska du kasta ut VMware och vill veta från oss som gör det på löpande band. Kom…



Posted in Session, TechDays | Tagged: , | Leave a Comment »


Get every new post delivered to your Inbox.

Join 4,379 other followers