Integrate Microsoft Diagnostics and Recovery Tools (DaRT) into the MDT boot image

Posted on by
3

I recently found out Microsoft Diagnostics and Recovery Tools (I’ll refer to it as DaRT thereafter) was quite handy. It is part of Microsoft Desktop Optimization Pack, which is available for free if you’re covered by Software Assurance.

So basically the goal here it to integrate the tools available in DaRT into the WinPE boot image generated by MDT.

Looks handy, doesn’t it?

DaRT is distributed as an installer which requires Windows 7 setup files to generate a custom WIM encapsulated into an ISO. Sounds quite cool but that’s one more thing to maintain and update with new drivers… Since the DaRT installer uses WinPE that shouldn’t be too hard to figure out a way to add some more files to make it work.

Took me a little while to figure out but it ended up working so I’m sharing the technique with you guys:

You will need: Windows AIK, the DaRT installer, MDT 2010 and some kind of archive utility like 7-zip.

You will also need to do this twice, once for the x86 Boot Image and once for the x64 Boot Image.

  1. Acquire the MS DaRT installers for x86 and x64 located in the MDOP iso available through MS Volume Licensing or MSDN.
  2. Follow the wizard to create the 2 ISOs, 1 for x86 and the other one for x64.
  3. Create a directory called the following directories: c:\DaRT\ERD and c:\DaRT\files (or whatever/wherever you like).
  4. Expand the ISOs to c:\DaRT\ERD\x86 and c:\DaRT\ERD\x64 (using 7-zip for example).
  5. Open a privileged command prompt and use the following command:
    C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x86\sources\boot.wim /mountdir:c:\DaRT\files\x86 /index:1
    and
    C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x64\sources\boot.wim /mountdir:c:\DaRT\files\x64 /index:1
  6. At this point you can delete c:\DaRT\ERD if you want.
  7. Go to c:\DaRT\files\x86 and x64. You should see the following directories:
    Program Files
    Program Data
    sources
    Users
    Windows
  8. Delete Program Data and Users.
  9. Go to Program Files, delete all directories but “Standalone System Sweeper”.
  10. Go to sources, delete all directories but “recovery”.
  11. Go to Windows, delete all directories but “System32″. Then, under System32 sort files by date. Delete all files and folders that are not timestamped as of the day you created the ISO. That should leave you with 28 files (37 if you have the debugging tools). Additionally, delete winpeshl.ini as it interferes with the MDT wizard.
  12. At this point we’re pretty much done.
  13. Go to MDT, right click on your Deployment Share > Properties.
  14. In both Windows PE x86 Settings or Windows PE x64 Settings at the Extra Directory to add, specify C:\DaRT\files\x86 for the x86 boot image and C:\DaRT\files\x64 for the x64 boot image (or any other folder you may already be using/wanting to use).
  15. Rebuild your deployment share.
You’re done.
Namaste.

Make an MDT task sequence resolution independent.

Posted on by
Reply

You will often find yourself with a deployed computer that doesn’t match the resolution it’s supposed to use. It’s quite annoying, especially on laptops (have you seen how ugly Windows is when displayed at 1024×768 on a 1920×1200 screen?).

There is a very easy way around that:
  • Go to your task sequence properties.
  • Go to the OS info tab then click on “Edit Unattend.xml”
  • WSIM will launch, navigate to: Unattend\Components\1 windowsPE\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
  • Delete the Display component.
  • Navigate to Unattend\Components\7 oobeSystem\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
  • Delete the Display component.
  • Save and exit WSIM.
Congrats, you now have a resolution independent task sequence. It is highly recommended to have up to date drivers available in your deployment process.
Namaste.

Target an advertisement based on the software version in SCCM

Posted on by
Reply

Let’s say we want to advertise an update to Adobe Reader only to clients with outdated versions (anything older than 10.0.1).

  • Create a new collection.
  • Edit the membership rules.
  • Click on Edit Query Statement.
  • At the bottom press “Show Query Language”.
  • Paste the following:


    • select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
    SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
    SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Adobe Reader %" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version != "10.0.1"

Make edits to match the DisplayName and Version according to the results you want.
You’re good to go.

Namaste.

ConfigMgr Firewall exceptions for Client deployment.

Posted on by
Reply

To enable ConfigMgr client deployment, create the following GPO (or update if you already have one):

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
Windows Firewall: Allow inbound file and printer sharing exception: Enabled
Allow unsolicited incoming messages from these IP addresses: SCCM IP Address
Windows Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses: SCCM IP Address
Namaste.

[UPDATED] Adobe Reader 9/X Clean Deployment

Posted on by
Reply
What I wrote about Adobe Reader MSI patching has a major flaw: you cannot under any circumstances update Adobe Reader after installing it with the modified MSI. I had to find another way…
Good news, it’s a lot easier now.
  • First of all obtain the latest Adobe Reader Installer from this page: http://get.adobe.com/reader/
  • Extract the contents of the downloaded archive using the following command: InstallerName.exe -nos_ne which will extract the contents to: %userprofile%\AppData\Local\AdobeReader 9.0\Setup Files\READER9 for Reader 9 and C:\ProgramData\Adobe\Setup… for Reader X.
  • Optional for X (since Adobe seems to have caught up): download updates from this page, then add them to the default install by editing the setup.ini file with the following line in the [Product] section:
    PATCH=AdbeRdrUpd932_all_incr.msp;AdbeRdrUpd933_all_incr.msp;AdbeRdrUpd934_all_incr.msp
    This should allow you to install Adobe Reader in its most up to date version without too much headache.
  • Download the Adobe Customization Wizard for 9 or Adobe Customization Wizard for X and set the settings you like, make sure an AcroRead.mst file is created next to the MSI. That will enable you to run setup.exe without switches in a completely unattended mode.
Namaste.

How to install iTunes on Windows with MDT 2010

Posted on by
Reply
I came across the need to deploy iTunes using MDT 2010. Unfortunately, there is no way to run the usual setup file with switches.
The key is to expand the installer (using 7-zip) and then create hidden applications for each component (that also allows you to prevent Bonjour or Apple Software update from installing…).
Install the MSI files in this order:
ApplicationSupport.msi
MobileDeviceSupport.msi
SoftwareUpdate.msi
Quicktime.msi
Bonjour.msi
iTunes.msi
Using this command: msiexec /i XXX.msi /qb REBOOT=ReallySuppress
(where xxx is the msi filename, of course)
It also works for the 64-bit version. Every time there is an update of iTunes, simply overwrite the files on your network share.
Namaste.