The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Posts Tagged ‘Windows 7’

Nice to Know – Where is the links to RSAT for Windows 7, 8, 8.1?

Posted by Mikael Nystrom on December 25, 2013

RSAT is short for remote server administration tools, kind of handy when you like to work on/from you Windows client OS directly against a server OS, pretty much like adminak.msi “back in the days”. Just download the CORRECT version and don’t get suppressed when it doesn’t show up.  The RSAT is just a package, you need to enable the feature in the control panel first, as any feature you would like to enable, like telnet and such.

The Picture

this is how it looks when the RSAT package is installed, as you see it is now possible to add the features you need from within that package.

The GUI Way:

image

The DISM way:

dism /online /Enable-Feature /FeatureName:RemoteServerAdministrationTools /All

image

The POSH way:

Enable-WindowsOptionalFeature -Online -FeatureName RemoteServerAdministrationTools-Features -All

image

The links

Remote Server Administration Tools (RSAT) for Windows 8.1 
Remote Server Administration Tools (RSAT) for Windows 8 
Remote Server Administration Tools (RSAT) for Windows 7 with SP1 (both x86 and x64) 

The Read More

http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-vista-windows-7-windows-8-windows-8-1-windows-server-2008-windows-server-2008-r2-windows-server-2012-and-windows-server-2012-r2-dsforum2wiki.aspx#Download%20links

/mike

Posted in RSAT, Windows 7, Windows 8, Windows 8.1 | Tagged: , , , | 2 Comments »

Deployment Roadshow 2013 in Sweden!

Posted by Mikael Nystrom on March 29, 2013

Inte första gången

och inte heller sista gången som vi gör detta, det är nämligen en av de få sakerna vi gör bara för att det är så grymt kul. Vi kommer att visa massor med olika saker kring OS Deployment och management. Du kan ta med dej kunskaperna hem och I praktiken använde det du har lärt dej direkt!. Mitt förslag är att du snabbt som attan anmäler dig här innan det är fullt. För du vill väl inte missa tillfället att ställa frågor och få svar, eller se praktiska runbooks, VDI demos, ConfigMgr 2012 SP1 prylar, nya snygga saker I AD:t, en portion PowerShell och annat smått och gott!

http://www.deploymentevents.se/

Var? När?
Göteborg 2013-04-22
Malmö 2013-04-23
Stockholm 2013-04-24
Umeå 2013-04-25

 

/mike

Posted in Deployment, Lite Touch, MDT, RoadShow, SCCM, System Center 2012, Windows 7, Windows 8, Windows Server 2012 | Tagged: , , , , , | Leave a Comment »

OS Deployment Pre-Planning tools you should consider to use. (Part 1 of 2)

Posted by Mikael Nystrom on November 23, 2011

Back in 1628

The disaster was a fact; the Kings’ new ship sank on the maiden voyage, the reason? Basically it was bad planning, bad construction, and bad decisions. The ship was too high, had one cannon deck too much, too much cannons (like 500 or so). It was just one of those bad days, it sallied for about 1300 meters and then came out of lee, the sails was filled with wind and it heeled over to port, then once more and then the water started to rush in to the open gun ports and then it sank. Around 30 of the 150 in the crew died.

It was not a glories day for the Swedish Navy.

clip_image001

You can avoid this disaster when it comes OS Deployment by using tools that are available from Microsoft for free and let us start with the most important tool:

Microsoft Assessment and Planning Toolkit

A starting point, MAP gives you the “what do I have and what options do I have”. I use this tool to create reports (it seems that business people have an easier understanding for pie charts and MAP can create those very nicely), get inventories, and get ideas. I call it an “illuminate-or”, since it illuminates the environment so that you then know what your options are. Below are some screenshots of the tool. There is new version of this toolkit soon to be released, it has some nice new/improved features, most of them related to the “cloud”.

There is very useful training kit, it contains a sample database so you can see how reports and pie charts would like in your or your customers environment. You can download it here

Highlights:

  • Does not install any agent
  • very light weight
  • Works in almost any kind of environment
  • A variety of different reports and inventory’s

A Windows 7 readiness overview:

clip_image002

A Web application discovery:

clip_image003

A Web Browser discover (Normally it does not look as “clean” as this):

clip_image004

An Office 365 Discovery:

clip_image005

Infrastructure Planning and Design Guide’s

Hey, this is one really nice thing. This is not really White Papers, not really TechNet stuff, this. “Blue Prints”. That means that in these documents Microsoft have explain what technology works in what scenarios, for example, using Direct Access a solution for Contract Workers does not really work, there are other technology that works better. There are MANY documents and here is my list that I think you should read:

Windows Optimized Desktop Scenarios

So, this document helps to understand basically what features and functions that works in different environment and it helps to get a better understanding why most networks are a subject for improvement, you should read this.

clip_image006

Windows User State Virtualization.

Here is the document that describes how to deal with Offline Files, Roaming Profiles and Folder Redirection, you should know all this. But if you don’t know, download and read.

clip_image007

Application Compatibility Toolkit

Since applications tend to be one of the issues we need to take care of, ACT is one of the tools that could help you. It contains multiple applications. The one you normally start with is Microsoft Application Compatibility Manager. In this tool you can create an Inventory packet as an MSI file, distribute that and get data from all the machines back in a short while so you can see what apps you really have. You then use the tools as part of testing apps, planning what apps to test, create reports of applications. You can use a connector between SCCM and ACT to make it even better and here is how it looks:

clip_image008

The one and only (that I know of) that could call himself “King of ACT” is Chris Jackson. If you in any way are responsible for the application to work in the new OS, you should listen to him, very carefully. Check out is blog

Note: If you install ACT 5.6, Chris has done a really horrible application for you to “fix”, it is called Stock viewer. To make it work in Windows 7, just follow the instructions in the self-paced training material that is included in ACT.

And hey, don’t start testing applications BEFORE you have read this very carefully, ok?
Chris Jackson’s Formula (for When to Test For Application Compatibility)

Security Compliance Manager

I have no clue on how many times people have asked me “-How do you secure a Windows 7 client", is there any Whitepaper?”

With SCM you can create security policy’s based on different templates that is provided by Microsoft (for now), you can then tweak them using the built help that explain all the settings and then you “lock” it, export it as a GPO, import that in to AD (or apply it locally) and then import the DCM file into SCCM to verify those settings, a neat little toolkit that just have been upgraded to version 2

clip_image009

clip_image010

Internet Explorer Administration Kit (IEAK)

This tool is new for IE9, but has been around for other versions of IE. If possible you should use this tool. It will give you the capability to customize IE pretty much exactly the way you would like it to be. It is easy to use and gives you so much flexibility in IE. The wizard will download the files for IE needed and then you run the Wizard, make all selections and when you are done you have one .EXE file and one .MSI file for the version you just configured, you need one for x86 and x64 for you just run it twice to create two folders, one for x86 and one for x64

There are “some” features to configure. J

clip_image011

Some of the settings you might never seen

clip_image012

This customer wanted me to change the default search provider to another vendor…

clip_image013

Next time I’ll cover the other tools.

/mike

Technorati Tags: ,

Posted in ACT, Deployment, MAP, MDT, SCM | Tagged: , , , | Leave a Comment »

Deployment Geek Week in Redmond – December 12-16, 2011

Posted by Mikael Nystrom on November 22, 2011

It’s time for Johan Arwidmark and me to deliver the “Geek Week”, this is by far the most exiting training I have ever done, it is fun, it is very technical and I have never ever had so many “-Aha, I did not know you could do that?”

The reason why it is so fun for us and in many cases “exiting” for our attendees is that it is “complete”, that means that we cover everything more or less, we start out with general Windows 7 Deployment, ref images, Windows Deployment Services, Microsoft Deployment Toolkit, Lite Touch, Zero touch, Applications, MAP and ACT and that is only the first 2 days and you build most of this. So what will happen next then? Since the world is not perfect and deployment people normally know less of the “Dark Side” (That is Server Side) we start putting up different solutions for app-compat issues, so we will setup System Center Virtual Machine manager, learn Hyper-V, Scripting Hyper-V, Deploy Terminal Servers, Learn GPP/GPO, learn things around File, Print, Cluster, Active Directory and everything that you really need know about. Not only will you learn, you will learn by doing, since you are building the entire infrastructure around this. We also spend time on troubleshooting of course

We normally stay at the same hotel, that means all of us, so is just happens to be a bar there. So after class there will be a bunch of doing down in the hotel to continue the “class” over a drink.

It is hard to describe this event, but at least I tried. We don’t run those events very often so you might want to join in, I’ll guess we will run the next event in the summer of 2012 or even later than that.

Anyway, you can read what other are saying about this here Microsoft Pinpoint

and you can read more and sign up here – http://www.truesec.com/infrastructure/labs/deployment/migration/deployment_geek_week

Really hope to see you there.

/mike

Posted in Deployment, Geek Week, Hyper-V, iSCSI, Lite Touch, MDT, SCCM, SCVMM, Windows 7, Windows Server 2008 R2 | Tagged: , , , , , , | Leave a Comment »

Deployment Roadshow vNext

Posted by Mikael Nystrom on October 31, 2011

Göteborg (29 November), Sundsvall (30 November), Stockholm (1 December), Malmö (2 december)
Det har nog inte undgått många att Microsoft släpper en hel svit nya produkter inom System Center under nästa år. I torsdags (27:e oktober) släpptes Release Candidate 1 (RC1) till Configuration Manager 2012.
Microsoft TechNet och Knowledge Factory bjuder in till en teknisk heldag där vi går igenom Configuration Manager (SCCM) 2012 och Microsoft Deployment Toolkit (MDT) 2012. Vi gästas av ingen mindre än Wally Mead – En legend inom Microsoft och Systems Management som vi flyger hit direkt från Redmond. Det Wally inte vet om SCCM 2012 är inte värt att veta :)
Utöver sessionerna med Wally Mead så föreläser av Mikael Nyström från TrueSec samt Johan Arwidmark och Andreas Stenhall från Knowledge Factory. Alla är riktigt tunga namn inom både Systems Management och Windows Deployment… Välkommen till en fantastisk föreläsning!

  • Keynote: ConfigMgr 2012 – Software Distribution rocks the world – Wally Mead
  • Building the perfect Windows 7 image – Andreas Stenhall
  • The power of MDT 2012 Lite Touch – Demo Mania – Mikael Nyström och Johan Arwidmark
  • Advanced Software Distribution in ConfigMgr 2012 – Wally Mead
  • OS deployment – MDT 2012 – ConfigMgr 2012 – Better together – Mikael Nyström och Johan Arwidmark

Agenda

Anmälan

Posted in Deployment, MDT, RoadShow, SCCM, Windows 7 | Tagged: , , , , | Leave a Comment »

Step-by-Step: Upgrading BIOS during LiteTouch Deployment, for Dell, Hewlett-Packard and Lenovo

Posted by Mikael Nystrom on May 20, 2011

Ok, so here is the short( not really sure this is going to be short by the way, well nothing is perfect) story, once again a customer (Thank you Bill for letting me test fun stuff in your environment!) asked me for a feature that I have done multiple times before, so the task was easy, just upgrade the BIOS when we deploy the machine, so I told them that
–Hey, this is the way to do it and the reply was.
–Sorry, It cannot be done as far as we know, since we have Lenovo and Lenovo does not allow you to run the BIOS firmware update in WinPE.
So it was time to start some thinking. We need to figure out how to create a solid solution and we to do an “all-night-long”. I did not just wanted to fix this customers issue, I want some kind of universal solution that will work on any hardware, client, type, vendor and so on. So I fired up my idea-engine and bang, there it was. I had a plan and a solution that would work, should only take a couple of minutes, kind of. At least that was the idea
(Just a quick note: I did not have the capability to test the Dell part of the script since I don’t have a Dell computer (For some reason most vendors are very polite and give me things to play with, but Dell obviously have an other agenda and I cannot afford to buy a Dell computer just to be able to write blog posts. Anyone has a used Dell that you are willing to give away for scientific experiments by the way? However, it should work, if it doesn’t, ping me)

Here is what we need:

  • It should work with any vendor in the same way
  • It should work with both servers and clients
  • It should do some serious logging
  • I should be able reuse some part of the code in other scenarios
  • It should work in WinPE

…Six hours later, Non-Stop “NCIS” at the hotel room, numerous reboots and massive amount of Coke and the solution was done and here is how it works.

We need information to make decisions!

We really need some variables to work with and it would be possible to use just one simple script to solve the problem, but then I started to think a bit, and.. It would be nice to do this  just a bit “Michael Niehaus / Keith Garner style”.

That way I could use these variables for other purposes then just this and I would in the long run have a nice UserExit Script that will collect all kinds of variables to make the deployment even more dynamically then it already is (Why?, Because I can of course…). Now it would be nice if all vendors use the same location in WMI to store information for the same thing, but that’s not going to happen, trust me, the British Empire will shift over to driving on the right side of the road and the US will start using the metric system before that happens, not very likely in other words. So we need to collect the following so that we later on can use BIOS information to determine what version we have and if it should be upgraded or not

  • From WIN32_BIOS we need SMBIOSBIOSVersion (this will be captured as SMBIOSBIOSVersion)
  • From WIN32_BIOS we need Version (this will be captured as BIOSVersion)
  • From Win32_ComputerSystemProduct we need Version (this will be captured as ProductVersion)

This way, we can use different ´properties and variables for different systems and that is pretty nice.

How will we use the different variables?

Well, by combing them differently we will be able to use them in different combinations to get what we need, here is how we will use them

  • Dell = SMBIOSBIOSVersion + Make + Model
  • Hewlett-Packard = BIOSVersion + Make + Model
  • LENOVO = SMBIOSBIOSVersion + Make + ProductVersion

Now, we can use these properties for this purpose, but you can also use these for other purposes, like driver handling, rules for applications and much more. There is also possible to combine this with the ModelAlias userexit script if you feel for it.

Using a user exit script is the solution to get this data

A user exit script is just a simple piece of VB script that runs as a part of the gather process when MDT reads the customsettings.ini file. So we need to create the ZTITheUserExit.vbs script and put that in the Scripts folder and then we need to update the CustomSettings.ini file so that it is used. You can put the execution of the user exit script basically anywhere in the priority, but I prefer to have a separate section called [Init] where I run everything instead of using default, since default in a production environment seems to be ending up as the last priority, time to stop writing and show you how it should look like:

[Settings]
Priority=Init, Default
Properties=BIOSVersion, SMBIOSBIOSVersion, ProductVersion

[Init]
SMBIOSBIOSVersion=#SetSMBIOSBIOSVersion()#
BIOSVersion=#SetBIOSVersion()#
ProductVersion=#SetProductVersion()#
UserExit=ZTITheUserExit.vbs

[Default]
OSInstall=Y

As you can see, the first thing that will happen when MDT starts reading the customsettings.ini file it finds the section init and it the jumps to that section in the file where it will discover that it needs to run ZTITheUserExit.vbs and that it will be three functions in the script that should return the values into BIOSVersion, SMBBIOSBIOSVersion and ProductVersion. After this has been executed you can now use for example  %BIOSVersion% in the same way as other properties such as %Make%, %Model% if you like. My guess right now is that you now would like to see the script, right? So, here it is, just copy the content and save as ZTITheUserExit.vbs in the scripts folder

ZTITheUserExit.vbs


Function UserExit(sType, sWhen, sDetail, bSkip)
    oLogging.CreateEntry “UserExit: Running Script: ” & sType & ” ” & sWhen & ” ” & sDetail, LogTypeInfo
    UserExit = Success
End Function

Function SetSMBIOSBIOSVersion()
    oLogging.CreateEntry “UserExit: Running Function SetSMBIOSBIOSVersion : ” & sType & ” ” & sWhen & ” ” & sDetail, LogTypeInfo
    Dim objWMI
    Dim objResults
    Dim objInstance
    Dim SMBIOSBIOSVersion
   
    Set objWMI = GetObject(“winmgmts:”)
    Set objResults = objWMI.ExecQuery(“SELECT * FROM Win32_BIOS”)
        If Err then
        oLogging.CreateEntry “Error querying Win32_BIOS: ” & Err.Description & ” (” & Err.Number & “)”, LogTypeError
    Else
        For each objInstance in objResults
            If Not IsNull(objInstance.SMBIOSBIOSVersion) Then
                    SMBIOSBIOSVersion = Trim(objInstance.SMBIOSBIOSVersion)
            End If
        Next
    End If
    SetSMBIOSBIOSVersion = SMBIOSBIOSVersion
    oLogging.CreateEntry “UserExit: Result: ” & SetSMBIOSBIOSVersion, LogTypeInfo
End Function

Function SetBIOSVersion()
    oLogging.CreateEntry “UserExit: Running Function SetBIOSVersion : ” & sType & ” ” & sWhen & ” ” & sDetail, LogTypeInfo
    Dim objWMI
    Dim objResults
    Dim objInstance
    Dim BIOSVersion
   
    Set objWMI = GetObject(“winmgmts:”)
    Set objResults = objWMI.ExecQuery(“SELECT * FROM Win32_BIOS”)
        If Err then
        oLogging.CreateEntry “Error querying Win32_BIOS: ” & Err.Description & ” (” & Err.Number & “)”, LogTypeError
    Else
        For each objInstance in objResults
            If Not IsNull(objInstance.Version) Then
                    BIOSVersion = Trim(objInstance.Version)
            End If
        Next
    End If
    SetBIOSVersion = BIOSVersion
    oLogging.CreateEntry “UserExit: Result: ” & SetBIOSVersion, LogTypeInfo
End Function

Function SetProductVersion()
    oLogging.CreateEntry “UserExit: Running Function SetProductVersion : ” & sType & ” ” & sWhen & ” ” & sDetail, LogTypeInfo
    Dim objWMI
    Dim objResults
    Dim objInstance
    Dim ProductVersion
   
    Set objWMI = GetObject(“winmgmts:”)
    Set objResults = objWMI.ExecQuery(“SELECT * FROM Win32_ComputerSystemProduct”)
        If Err then
        oLogging.CreateEntry “Error querying Win32_BIOS: ” & Err.Description & ” (” & Err.Number & “)”, LogTypeError
    Else
        For each objInstance in objResults
            If Not IsNull(objInstance.Version) Then
                    ProductVersion = Trim(objInstance.Version)
            End If
        Next
    End If
    SetProductVersion = ProductVersion
    oLogging.CreateEntry “UserExit: Result: ” & SetProductVersion, LogTypeInfo
End Function


If we run this script as a part of ZTIgather you should get something similar. So lets just look at the output that the userexit script will generate so that you have some kind of reference:

Determining the INI file to use.
Using COMMAND LINE ARG: Ini file = ..\Control\CustomSettings.ini
Finished determining the INI file to use.
Added new custom property MYCUSTOMPROPERTY
Added new custom property REFTYPE
Added new custom property BIOSVERSION
Added new custom property SMBIOSBIOSVERSION
Added new custom property PRODUCTVERSION
Using from [Settings]: Rule Priority = INIT, TASKSEQUENCEID, DEFAULT
—— Processing the [INIT] section ——
USEREXIT: Running Script: SECTION BEFORE INIT
User exit “C:\MDTLab\Scripts\ZTITheUserExit.vbs” called successfully, skip = False.
USEREXIT: Running Function SetBIOSVersion :
USEREXIT: Result: HPQOEM – f
Property BIOSVERSION is now = HPQOEM – f
Using from [INIT]: BIOSVERSION = HPQOEM – f
USEREXIT: Running Function SetSMBIOSBIOSVersion :
USEREXIT: Result: 68CVD Ver. F.0A
Property SMBIOSBIOSVERSION is now = 68CVD Ver. F.0A
Using from [INIT]: SMBIOSBIOSVERSION = 68CVD Ver. F.0A
USEREXIT: Running Function SetProductVersion :
USEREXIT: Result:
Property PRODUCTVERSION is now =
Using from [INIT]: PRODUCTVERSION =
USEREXIT: Running Script: SECTION AFTER INIT
User exit “C:\MDTLab\Scripts\ZTITheUserExit.vbs” called successfully, skip = False.

Now, lets take a quick look, these are the property values we will get in return on a HP Compaq 8540w (My portable datacenter)

Property BIOSVERSION is now = HPQOEM – f
Property SMBIOSBIOSVERSION is now = 68CVD Ver. F.0A
Property PRODUCTVERSION is now =

Seems to be working. Some explanations before we continue, one thing to notice is that the PRODUCTVERSION is blank and that BIOSVERSION does not give use anything useful, on HP Compaq it is the SMBIOSBIOSVERSION that is the real version of the BIOS, on LENOVO it is BIOSVERSION (You can use SMBIOSBIOSVERSION to, but it also contain “rubbish”. The only reason to use PRODUCTVERSION is that on Lenovo machines that will be the model name, not that nasty number that is extremely unique (so, on a LENOVO T410 it would give you “LENOVO T410” as result

Next step, create a script that can use these variables and then determine if the BIOS has the correct version or if it should be upgraded.

And that is a walk in the park, just create script file called ZTIBIOSUpgrade.wsf, save it the Scripts folder:
The format of the file is somewhat of a school example in the way that it contains extensive logging and contain routines for bailing out if things go bad (script has a certain habit of doing exactly that for some reason. It also have one really strange thing, it has a section for Microsoft Hardware which is Hyper-V, Virtual PC and Virtual Server and now, I’m not insane. I did create that section to verify that it works, since it is some much faster to do snapshots and flip back and forward without re-deploying a physical machine.


<job id=”ZTIBIOSUpgrade”>
<script language=”VBScript” src=”ZTIUtility.vbs”/>
<script language=”VBScript”>

‘//—————————————————————————-
‘// Solution: BIOS Upgrade
‘//
‘// The following values must be populated in the CustomSettings.ini
‘// using a userexit script (ZTITheUserExit.vbs
‘//         – BIOSVersion
‘//         – SMBIOSBIOSVersion
‘//         – ProductVersion
‘// To get these values you also need to execute a userexit script
‘// NOTE: The Section for “Microsoft” is only intended as a test/demo/play,
‘// since the BIOS cannot be updated from within the VM itself.
‘//
‘// Usage: cscript ZTIBIOSUpgrade.wsf[/debug:true]
‘// Version: 1.0 – 4 May 2011 – Mikael Nystrom
‘//
‘// This script is provided “AS IS” with no warranties, confers no rights and
‘// is not supported by the authors
‘//
‘//—————————————————————————-

‘//—————————————————————————-
‘// Global constant and variable declarations
‘//—————————————————————————-

‘//—————————————————————————-
‘//
‘// Global constant and variable declarations
‘//
‘//—————————————————————————-

Option Explicit

Dim iRetVal

‘//—————————————————————————-
‘// End declarations
‘//—————————————————————————-

‘//—————————————————————————-
‘// Main routine
‘//—————————————————————————-

‘On Error Resume Next
iRetVal = ZTIProcess
ProcessResults iRetVal
On Error Goto 0

‘//—————————————————————————
‘//
‘// Function: ZTIProcess()
‘//
‘// Input: None
‘//
‘// Return: Success – 0
‘// Failure – non-zero
‘//
‘// Purpose: Perform main ZTI processing
‘//
‘//—————————————————————————
Function ZTIProcess()

    Dim sMake
    Dim sModel
    Dim sSMBIOSBIOSVersion
    Dim sBIOSVersion
    Dim sExeToRun
    Dim sRefBiosVersion
    Dim sProduct
    Dim sProductVersion
    Dim sOSVersion
    Dim sDeployDrive
    Dim sDeployRoot
    Dim sExecuteCommand
   
    iRetVal = Success
    ZTIProcess = iRetval
   
    sMake = oEnvironment.Item(“Make”)
    sModel = oEnvironment.Item(“Model”)
    sSMBIOSBIOSVersion  = oEnvironment.Item(“SMBIOSBIOSVersion “)
    sBIOSVersion = oEnvironment.Item(“BIOSVersion”)
    sProduct = oEnvironment.Item(“Product”)
    sProductVersion = oEnvironment.Item(“ProductVersion”)
    sOSVersion = oEnvironment.Item(“OSVersion”)
    sDeployDrive = oEnvironment.Item(“DeployDrive”)
    sDeployRoot = oEnvironment.Item(“DeployRoot”)
   
   
    oLogging.CreateEntry “———————————————-“, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Runninng BIOS Upgrade:   “, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Make is:                 ” & sMake, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Model is:                ” & sModel, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Product is:              ” & sProduct, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – ProductVersion is:       ” & sProductVersion, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – SMBIOSBIOSVersion is:    ” & sSMBIOSBIOSVersion, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – BIOSVersion is:          ” & sBIOSVersion, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – OSVersion is:            ” & sOSVersion, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – DeployDrive:             ” & sDeployDrive, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – DeployRoot:              ” & sDeployRoot, LogTypeInfo
    oLogging.CreateEntry “———————————————-“, LogTypeInfo

    If sOSVersion = “WinPE” Then
    oLogging.CreateEntry “Config-BIOSUpgrade – Running WinPE…”, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Loading battery monitor…”, LogTypeInfo
    oUtility.RunWithHeartbeat(“drvload \Windows\inf\battery.inf”)
    oLogging.CreateEntry “Config-BIOSUpgrade – Loading battery monitor…Done”, LogTypeInfo’
    Else
    oLogging.CreateEntry “Config-BIOSUpgrade – Not running WinPE…”, LogTypeInfo
    oLogging.CreateEntry “Config-BIOSUpgrade – Not loading battery monitor …”, LogTypeInfo
    End If
   
    Select Case sMake
        Case “Dell Computer Corporation”, “Dell Inc.”, “Dell Computer Corp.”
            oLogging.CreateEntry “Config-BIOSUpgrade – ” & sMake & ” is selected”, LogTypeInfo
            oLogging.CreateEntry “Config-BIOSUpgrade – …searching for BIOS upgrades”, LogTypeInfo
            Select Case sModel
                Case “Latitude D420” : sExeToRun = “LatitudeD420.cmd ” : sRefBiosVersion=”A06″
                Case Else : sExeToRun = “NA”
            End Select
                If sExeToRun = “NA” Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No support for ” & sModel, LogTypeInfo
                Elseif sSMBIOSBIOSVersion = sRefBiosVersion Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No upgrade needed”, LogTypeInfo
                Else
                    oLogging.CreateEntry “Config-BIOSUpgrade – Correct version should be ” & sRefBiosVersion, LogTypeInfo
                    oLogging.CreateEntry “Config-BIOSUpgrade – Upgrading ” & sModel & ” from ” & sSMBIOSBIOSVersion & ” to ” & sRefBiosVersion, LogTypeInfo

                    sExecuteCommand = sDeployDrive & “\BIOSUpgrade\Dell\” & sExeToRun & sDeployDrive
                    oLogging.CreateEntry “Config-BIOSUpgrade – Command to execute ” & sExecuteCommand, LogTypeInfo

                    iRetVal = oUtility.RunWithHeartbeat(sExecuteCommand)
                    if (iRetVal = 0) or (iRetVal = 3010) then
                        ZTIProcess = Success
                    Else
                        ZTIProcess = Failure
                    End If
                End If
 
        Case “Microsoft Corporation”
            oLogging.CreateEntry “Config-BIOSUpgrade – ” & sMake & ” is selected”, LogTypeInfo
            oLogging.CreateEntry “Config-BIOSUpgrade – …searching for BIOS upgrades”, LogTypeInfo
            Select Case sModel
                Case “Virtual Machine” : sExeToRun = “VirtualMachine.cmd ” : sRefBiosVersion=”VRTUAL – 3000920″
                Case Else : sExeToRun = “NA”
            End Select
                If sExeToRun = “NA” Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No support for ” & sModel, LogTypeInfo
                Elseif sBIOSVersion = sRefBiosVersion Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No upgrade needed”, LogTypeInfo
                Else
                    oLogging.CreateEntry “Config-BIOSUpgrade – Correct version should be ” & sRefBiosVersion, LogTypeInfo
                    oLogging.CreateEntry “Config-BIOSUpgrade – Upgrading (Well, not really, but what the heck, lets try that…” & sModel & ” from ” & sSMBIOSBIOSVersion & ” to ” & sRefBiosVersion, LogTypeInfo

                    sExecuteCommand = sDeployDrive & “\BIOSUpgrade\Microsoft\” & sExeToRun & sDeployDrive
                    oLogging.CreateEntry “Config-BIOSUpgrade – Command to execute ” & sExecuteCommand, LogTypeInfo

                    iRetVal = oUtility.RunWithHeartbeat(sExecuteCommand)
                    if (iRetVal = 0) or (iRetVal = 3010) then
                        ZTIProcess = Success
                    Else
                        ZTIProcess = Failure
                    End If
                End If

        Case “IBM”, “LENOVO”
            oLogging.CreateEntry “Config-BIOSUpgrade – ” & sMake & ” is selected”, LogTypeInfo
            oLogging.CreateEntry “Config-BIOSUpgrade – …searching for BIOS upgrades”, LogTypeInfo
            Select Case sProductVersion
                Case “ThinkPad T410” : sExeToRun = “ThinkPadT410.cmd ” : sRefBiosVersion = “LENOVO – 1360”
                Case Else : sExeToRun = “NA”
            End Select
                If sExeToRun = “NA” Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No support for ” & sProductVersion, LogTypeInfo
                Elseif sBIOSVersion = sRefBiosVersion Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No upgrade needed”, LogTypeInfo
                Else
                    oLogging.CreateEntry “Config-BIOSUpgrade – Correct version for ” & sProductVersion & ” should be ” & sRefBiosVersion, LogTypeInfo
                    oLogging.CreateEntry “Config-BIOSUpgrade – Upgrading ” & sProductVersion & ” from ” & sBIOSVersion & ” to ” & sRefBiosVersion, LogTypeInfo

                    sExecuteCommand = sDeployDrive & “\BIOSUpgrade\Lenovo\” & sExeToRun & sDeployDrive
                    oLogging.CreateEntry “Config-BIOSUpgrade – Command to execute ” & sExecuteCommand, LogTypeInfo

                    iRetVal = oUtility.RunWithHeartbeat(sExecuteCommand)
                    if (iRetVal = 0) or (iRetVal = 1) or (iRetVal = 3010) then
                        ZTIProcess = Success
                    Else
                        ZTIProcess = Failure
                    End If
                End If
       
        Case “Hewlett-Packard”
            oLogging.CreateEntry “Config-BIOSUpgrade – ” & sMake & ” is selected”, LogTypeInfo
            oLogging.CreateEntry “Config-BIOSUpgrade – …searching for BIOS upgrades”, LogTypeInfo
            Select Case sModel
                Case “HP EliteBook 8540w” : sExeToRun = “HPEliteBook8540w.cmd ” : sRefBiosVersion = “68CVD Ver. F.0A”
                Case Else : sExeToRun = “NA”
            End Select
                If sExeToRun = “NA” Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No support for ” & sModel, LogTypeInfo
                Elseif sSMBIOSBIOSVersion = sRefBiosVersion Then
                    oLogging.CreateEntry “Config-BIOSUpgrade – No upgrade needed”, LogTypeInfo
                Else
                    oLogging.CreateEntry “Config-BIOSUpgrade – Correct version should be ” & sRefBiosVersion, LogTypeInfo
                    oLogging.CreateEntry “Config-BIOSUpgrade – Upgrading ” & sModel & ” from ” & sSMBIOSBIOSVersion & ” to ” & sRefBiosVersion, LogTypeInfo

                    sExecuteCommand = sDeployDrive & “\BIOSUpgrade\Hewlett-Packard\” & sExeToRun & sDeployDrive
                    oLogging.CreateEntry “Config-BIOSUpgrade – Command to execute ” & sExecuteCommand, LogTypeInfo

                    iRetVal = oUtility.RunWithHeartbeat(sExecuteCommand)
                    if (iRetVal = 0) or (iRetVal = 3010) then
                        ZTIProcess = Success
                    Else
                        ZTIProcess = Failure
                    End If
                End If
        Case Else
            oLogging.CreateEntry “Config-BIOSUpgrade – ” & sMake & ” Hey, that’s a brand I have never herd of, interesting…”, LogTypeInfo
    End Select
    oLogging.CreateEntry “———————————————-“, LogTypeInfo
End Function
</script>
</job>


So, now when we have the script created maybe I should try to explain what it actually is doing, I mean you might want to do some modification to it and then it is kind of nice to know where to poke around, So here is the short story.

  • First we make a bunch of Dim’s and the reason is simple and it is called “Option Explicit”. That is set globally in MDT and that means that it will blow up if you try to use a variable that is NOT declared (you might have seen a Error 500: Variable is undefined in MDT.
  • Next I dump all these variables to the bdd.log file, this is mainly need when you trouble shoot things and when you like to look at log files
  • Next up is, well here is the trick to make Lenovo machines run firmware updates in WinPE. The reason they does not work is because the utility looks at the state of power. They do that for one reason, to verify that the machine are running with the power cord connect to a power source and not running on battery (make sense). The secret source is to run this command:
  • oUtility.RunWithHeartbeat(“drvload \Windows\inf\battery.inf”)
  • The oUtility.RunWithHeartbeat is part of a function that gets loaded when we load up the library that is called ZTIUtlity.VBS which is a part of MDT and here is a tip for you, you should always base your script in MDT on a template that will leverage the use of ZTIUtility.vbs. I also set one condition here and that is to only load the driver when we are running WinPE, there is no point in loading it when we run the full-blown OS, it will be loaded in that case.
  • The rest is kind of easy, what will happen is that we will use the %Make% variable in MDT to see in what section we should continue, then when we we find the correct one we will get the %model% in all cases besides when it is a LENOVO, in that case we will use ProductVersion instead and if we find something that is a match when the compare the RefBios value with the version of the BIOS in the machine, it it is the same we just bail out and we are done, otherwise we will find the command to run. My first attempt of creating this had a small “flaw” and it took a couple of “angry-management seconds) to find out why and how to fix it, and the trick is that I need to run many of these firmware updates utilities on a drive letter, some of the work using UNC, but far from all and this must work in all situations, so I need a drive letter, but I cannot trust on MDT to always use Z:, so by using a built in variable called  DeployDrive to deliver that to me and that is why we will build the command to execute based on a bunch of variables
  • So, what does this means, well. In the scripts folder you will have to create a folder structure called BiosUpgrade and in the folder you then create Subfolders for each and every Vendor you have and those folders you the create one folder for each and every model and in those folders you put the firmware. It also means that you need to update this script whenever you have new versions of vendors, models and new versions of BIOS and firmware (well, I could have spent yet one night more to make it one step more dynamically, but hey I need to sleep sometime)

The Batch file…

Now as you can see in the script I have one batch file for each model,

(Looks like this in the VB)
Case “ThinkPad T410” : sExeToRun = “ThinkPadT410.cmd ” :

that batch file need a header to work, the header will make sure that you will be “in” the folder where the executable is located, that will not be needed every time, but most likely it will be needed most of the time and that batch file should look like this

%1
CD %0\..\
REM *** For testing only *** DIR > list.txt
REM Run your silent command here that will update the BIOS
REM Note: It MUST be silent and it should NOT restart the machine when it is done

Now, since you are (mots likely) a bit curios you will notice that the first line is a %1 and the reason behind that is kind of simple, %1 is the first parameter after the batch file it self, but hey, where did that variable come from??? Well, take a look at the line of execution, if you look really close you will see that we end that that line with a space in the end and the we use the DeployDrive variable and that will result in one thing. When the batch file runs it will first make sure it sets the working drive to the drive where the firmware updates are located and then we run the really old-school command

CD %0\..\

If %1 is the first parameter after the batch file, what the heck is the %0, well here is the fun thing. It’s the batch file name it self (you can test this by creating a batch file with just one line it it “Echo %0” and you will see that the result will be the name of the batch file name itself, the we just use \..\ which sets the working directory to the same location where the script is located and that is exactly what we need. Problem solved (using the MacGyver method)

The Folder Structure

Here is the folder structure that I have in the Scripts folder. In this folder structure I will store all the “Upgrades” plus the batch file. It should look like this to match the script.

image

So, in the scripts folder you will create Dell, Hewlett-Packard, LENOVO and so on, in the next level you create one folder for each model and that folder you store the upgrades,

Last step

The last thing you need to do is pretty easy. Open up your task sequence and add a Run Command that runs the ZTIBiosUpgrade.wsf. The run command should look like this:

cscript.exe “%SCRIPTROOT%\ZTIBiosUpgrade.wsf”

You can put the Run Command in the first section if you want to, there is were we did put it in the customer solution, something like this.

image

(Hey, if you ever wonder when I have time to write many of my postings it’s right now, somewhere over the Atlantic ocean flying at 10.000 feet or more with the headset filled with old-school rock, the flight attended just went pass me asking for more to drink and yes, she gave me a bunch of coke can’s. Thank you Swiss.)

A short note, this will of course work with servers too, just need to do some small adjustments

/Mike

Posted in Deployment, Windows 7, Windows Server 2008 R2 | Tagged: , , , , , , , | 54 Comments »

Incorporating KB2028749 Into Your Microsoft Deployment Toolkit Reference Image Build Process

Posted by Mikael Nystrom on May 12, 2011

My friend Chris Nackers have a great post on an old nasty issue, the basic issue is that when you deploy Win 7 machines it will end with this:

Here is the solution:
http://myitforum.com/cs2/blogs/cnackers/archive/2011/05/11/incorporating-kb2028749-into-your-microsoft-deployment-toolkit-reference-image-build-process.aspx

/mike

Posted in Deployment | Tagged: , , | 2 Comments »

MDT and OU’s, including spaces and odd characters

Posted by Mikael Nystrom on February 22, 2011

I got a question some time ago, it was something like this:

-Hi Mike, just a short question, we can’t get the MachineObjectOU to work since we have a bunch of OU’s that are named using Swedish characters. Do you have any ideas?

And yes, ideas I do have, trust me. So I started playing around and I did discover that MDT does not really like the Unicode format at all, MDT works perfectly fine using ANSI.

I also did some research on Internet and I did discover that there was people asking for this, but no answers. After spending some time in MDT, creating scripts with different levels of success my brain begun to work, A of memory from the past pops up, didn’t Active Directory handle that somehow…and yes, it does. But before we go into that, let’s see how we can put a computer in the correct OU.

Alternative 1:

You can use a property called MachineObjectOU and when in use it could look something like this in customsettings.ini

[Settings]
Priority=MacAddress, Default
Properties=MyCustomProperty

[00:15:1a:1b:1c:1d]
OSDComputername=PC001
MachineObjectOU=OU=ComputersA,OU=Company,DC=viamonstra,DC=com

[Default]
OSinstall=Y

Alternative 2:

If you use the wizard you can use “DomainOUs” in customsettings.ini, that way you will be presented with a list of OU’s to pick from, looks something like this:

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSinstall=Y
DomainOUs1=OU=ComputersA,OU=Company,DC=viamonstra,DC=com
DomainOUs2=OU=ComputersB,OU=Company,DC=viamonstra,DC=com

Alternative 3:

One other option is to use an xml file called “DomainOUList.xml”, you create it in notepad and save it in the scripts folder in MDT and it should look something like this:

<?xml version=”1.0″ encoding=”utf-8″?>
<DomainOUs>
<DomainOU>
OU=ComputersA,OU=Company,DC=viamonstra,DC=com
</DomainOU>
<DomainOU>
OU=ComputersB,OU=Company,DC=viamonstra,DC=com
</DomainOU>
</DomainOUs>

But, what if I have spaces in my OU name?

Easy, it works perfect, just type in the name of the OU including spaces, like this:

DomainOUs1=OU=This OU has Spaces,OU=Company,DC=viamonstra,DC=com

But, what if I have Swedish characters in my OU name, like ÅÄÖ?

Easy, replace the characters according to this: Å=A, Ä=A, Ö=O.

If the OU is named “Vård och Omsorg” in Active Directory it should look like this:

DomainOUs1=OU=Vard och Omsorg,OU=Company,DC=viamonstra,DC=com

I can’t remember what the function in Active Directory is called, but I know it works. You could test this easy, create a OU called “Östra skolan” and the try to create a OU at the same location called “Ostra skolan”. Can’t be done, “object already exist”

/mike

Posted in Deployment, Windows 7, Windows Server 2008 R2 | Tagged: , , | Leave a Comment »

Enable TPM via Task Sequence on HP Boxes

Posted by Mikael Nystrom on October 18, 2010

Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, :-)

Step One – Get the utility

The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html

Step Two – Create the file

This is how the file should look like and it should have the name TPMEnable.REPSET

image

If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.

Step Three – Create a Command and verify that it works

Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:

BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:”Password1″

So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.

Step Four – Getting stuff into the TS

Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini

So this is how it looks in my Task Sequence

image image

(No, sorry, my password for TPM is not 111-something, trust my…)

Now when I have the application I can open my Task Sequence and modify that like this:

image image

In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.

So, that was pretty easy, right :-)

Step Five – some more things…

Configure BitLocker:

image

This is my settings (also default)

Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…:-)

/mike

Posted in Deployment, TechEd | Tagged: , , | 5 Comments »