I’ve been quite busy lately so I’ll try to be quick… I would like to share my discoveries on MDT 2012 and the information I gathered while I was migrating from MDT 2010.
- Mikael Nystrom’s step by step on how to update BIOS in MDT still works perfectly.
- Andrew Barnes’ how to integrate BGInfo into WinPE still works, and even better, MDT 2012 comes with a 64-bit version of BGInfo (located at %deploymentshare%\Tools\x64).
- It is no longer needed to have a custom pane to set local administrators in MDT 2012. Instead use the “SkipAdminAccounts=NO” property in CustomSettings.ini. Please note that the administrators accounts page only appears if you selected “Join a domain” as I mention on the TechNet Forums.
- Thanks to Michael Niehaus, DaRT integration is now fully supported in MDT 2012. I talked about this earlier but it’s always good to reiterate the benefits of software assurance.
- A very interesting new feature of MDT 2012 is monitoring. It can be enabled in a few simple steps: Navigate to your deployment share properties, go to the last tab called “Monitoring”, check the box called “Enable monitoring for this deployment share”. Then click OK. It should work right away… A good way to check is to look at your CustomSettings.ini for a new line called “EventService=http://myserver.corp/contoso.com“. Is you run into issues there is always this good troubleshooting article. Used in conjonction with DaRT, you can remotely control deployments from a central location.
- Another feature that might not be actually that new but still useful is the “SLSHARE=” property. It allows you to set a network share where the logs are written during the deployment. This is particularly useful when your helpdesk people forget to capture logs if a deployment fails. A good security practice it to set a sticky bit, using the user directory technique on that particular folder since logs may contain sensitive information.
- You are now able to use only one (32-bit) boot image to initiate both 32-bit and 64-bit deployments. A word of caution, though, if you need to use DaRT to repair an install you will need to boot the appropriate architecture.
If you’re running MDT 2012, please read Michael Niehaus’ post: http://blogs.technet.com/b/mniehaus/archive/2011/11/28/mdt-2012-new-feature-dart-integration.aspx
I recently found out Microsoft Diagnostics and Recovery Tools (I’ll refer to it as DaRT thereafter) was quite handy. It is part of Microsoft Desktop Optimization Pack, which is available for free if you’re covered by Software Assurance.
So basically the goal here it to integrate the tools available in DaRT into the WinPE boot image generated by MDT.
|Looks handy, doesn’t it?
DaRT is distributed as an installer which requires Windows 7 setup files to generate a custom WIM encapsulated into an ISO. Sounds quite cool but that’s one more thing to maintain and update with new drivers… Since the DaRT installer uses WinPE that shouldn’t be too hard to figure out a way to add some more files to make it work.
Took me a little while to figure out but it ended up working so I’m sharing the technique with you guys:
You will need: Windows AIK, the DaRT installer, MDT 2010 and some kind of archive utility like 7-zip.
You will also need to do this twice, once for the x86 Boot Image and once for the x64 Boot Image.
- Acquire the MS DaRT installers for x86 and x64 located in the MDOP iso available through MS Volume Licensing or MSDN.
- Follow the wizard to create the 2 ISOs, 1 for x86 and the other one for x64.
- Create a directory called the following directories: c:\DaRT\ERD and c:\DaRT\files (or whatever/wherever you like).
- Expand the ISOs to c:\DaRT\ERD\x86 and c:\DaRT\ERD\x64 (using 7-zip for example).
- Open a privileged command prompt and use the following command:
C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x86\sources\boot.wim /mountdir:c:\DaRT\files\x86 /index:1
C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x64\sources\boot.wim /mountdir:c:\DaRT\files\x64 /index:1
- At this point you can delete c:\DaRT\ERD if you want.
- Go to c:\DaRT\files\x86 and x64. You should see the following directories:
- Delete Program Data and Users.
- Go to Program Files, delete all directories but “Standalone System Sweeper”.
- Go to sources, delete all directories but “recovery”.
- Go to Windows, delete all directories but “System32”. Then, under System32 sort files by date. Delete all files and folders that are not timestamped as of the day you created the ISO. That should leave you with 28 files (37 if you have the debugging tools). Additionally, delete winpeshl.ini as it interferes with the MDT wizard.
- At this point we’re pretty much done.
- Go to MDT, right click on your Deployment Share > Properties.
- In both Windows PE x86 Settings or Windows PE x64 Settings at the Extra Directory to add, specify C:\DaRT\files\x86 for the x86 boot image and C:\DaRT\files\x64 for the x64 boot image (or any other folder you may already be using/wanting to use).
- Rebuild your deployment share.
Mikael Nystrom has a very interesting blog post over at deploymentbunny.com on how to update the BIOS on HP, Dell and Lenovo computers.
The source code is mostly functional but you will need to be careful with the non-unicode characters here and there.
You will often find yourself with a deployed computer that doesn’t match the resolution it’s supposed to use. It’s quite annoying, especially on laptops (have you seen how ugly Windows is when displayed at 1024×768 on a 1920×1200 screen?).
There is a very easy way around that:
- Go to your task sequence properties.
- Go to the OS info tab then click on “Edit Unattend.xml”
- WSIM will launch, navigate to: Unattend\Components\1 windowsPE\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
- Delete the Display component.
- Navigate to Unattend\Components\7 oobeSystem\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
- Delete the Display component.
- Save and exit WSIM.
Congrats, you now have a resolution independent task sequence. It is highly recommended to have up to date drivers available in your deployment process.
What I wrote about Adobe Reader MSI patching has a major flaw: you cannot under any circumstances update Adobe Reader after installing it with the modified MSI. I had to find another way…
Good news, it’s a lot easier now.
- First of all obtain the latest Adobe Reader Installer from this page: http://get.adobe.com/reader/
- Extract the contents of the downloaded archive using the following command: InstallerName.exe -nos_ne which will extract the contents to: %userprofile%\AppData\Local\AdobeReader 9.0\Setup Files\READER9 for Reader 9 and C:\ProgramData\Adobe\Setup… for Reader X.
- Optional for X (since Adobe seems to have caught up): download updates from this page, then add them to the default install by editing the setup.ini file with the following line in the [Product] section:
This should allow you to install Adobe Reader in its most up to date version without too much headache.
- Download the Adobe Customization Wizard for 9 or Adobe Customization Wizard for X and set the settings you like, make sure an AcroRead.mst file is created next to the MSI. That will enable you to run setup.exe without switches in a completely unattended mode.
I came across the need to deploy iTunes using MDT (2010 or 2012). Unfortunately, there is no way to run the usual setup file with switches.
The key is to expand the installer (using 7-zip
) and then create hidden applications for each component (that also allows you to prevent Bonjour or Apple Software update from installing…).
Install the MSI files in this order:
Using this command: msiexec /i XXX.msi /qb REBOOT=ReallySuppress
(where xxx is the msi filename, of course)
It also works for the 64-bit version. Every time there is an update of iTunes, simply overwrite the files on your network share.
If you need to automate the attribution of local admin rights, use the following script, that will save you quite a few clicks:
Set net = WScript.CreateObject(“WScript.Network”)
local = net.ComputerName
DomainName = “CONTOSO”
set group = GetObject(“WinNT://”& local &”/Administrators”)
UserAccount = InputBox( “Please enter the username (first.last) of the local admin or cancel (the user must exist in AD)” )
on error resume next
group.Add “WinNT://”& DomainName &”/”& UserAccount &””
if not err.number=0 then
set ole = CreateObject(“ole.err”)
MsgBox ole.oleError(err.Number), vbCritical
MsgBox “User added to the local Admin Group”
If you want to be able to set the local admin password but also leave the possibility to make it blank, edit the following file scripts\DeployWiz_Validation.vbs in MDT 2010 and scripts\DeployWiz_AdminPassword.vbs in MDT 2012:
ValidatePassword = ParseAllWarningLabels
NonMatchPassword.style.display = "none" If Password1.Value <> "" then
If Password1.Value <> Password2.Value then
ValidatePassword = TRUE
NonMatchPassword.style.display = "inline"
ButtonNext.Disabled = not ValidatePassword
Deployment guru Johan Arwidmark has a pretty interesting article about adding a boot menu to WDS. But it’s about Windows Server 2008 R2. If, like me, you need info about Windows Server 2008, follow his step-by-step until step 7.
- At step 7, open the Windows Deployment Services console, right click on your server, then click on Properties.
- Go to the Boot tab.
- Change the boot images to the following:
- Go back to Johan’s step 8.