How to: Disable network selection OOBE during a task sequence in ConfigMgr 2012 R2

During a deployment of Microsoft Windows 8/8.1, you’ll receive a question to select a prefered network connection. This is also happening during a task sequence within Microsoft SCCM 2012 R2. It’s easy to disable this
question during the task sequence, using an unattend XML file.

1.) First open the “Windows System Image Manager”, also known as WSIM
2.) Select the image you want to deploy. In my example “Install.WIM” from the Windows 8.1 source files
3.) Create a new catalog for this image
4.) After the catalog has succesfully created, create a “New Answer File”
5.) Navigate to the following selection
amd64_Microsoft-Windows-Shell-Setup_6.3.9600.17031_neutral
6.) Select the “+” on the left side and naviagte to “OOBE”
7.) Right-click on “OOBE” and select “Add Settings to Pass7oobeSystem
8.) Select in the right pane OOBE
9.) Select in the properties pane “HideWirelessSetupInOOBE” and set the value to “True”
10.) Save the XML file on your “source” directory on your primary site server
11.) Create a new package with the source directory to the directory you’ve created in the stap before
12.) Do NOT create any program in the package, so select “Do not create a program”
13.) Distribute the new package to your distribution point(s)
14.) Open your task sequence and navigate to stap “Apply Operating System”
15.) Select the option “Use an unattended or Sysprep answer file for a custom installation
16.) Select the package you’ve created before and type the name of your XML file within that package source location
17.) Boot a client from the network (PXE) and select the task sequence.

If you follow the steps within the task sequence, you’ll see that you didn’t receive a network connection screen anymore.

2015-03-16_10h34_12    2015-03-16_10h35_34    2015-03-16_10h49_24

2015-03-16_10h56_31    2015-03-16_10h57_29    2015-03-16_10h57_36

2015-03-16_10h57_54    2015-03-16_10h58_08    2015-03-16_10h58_22

2015-03-16_10h58_34    2015-03-16_10h59_21    2015-03-16_11h01_38

2015-03-16_11h02_14    2015-03-16_11h03_12    2015-03-16_11h03_45

How to: Removing Windows 8.1 Modern Apps with PowerShell

When you install a default Windows 8.1 machine, there’re a few modern apps available. In some environments, you want
to remove these modern apps for your users.

With the following steps, you can delete specific apps or all the modern apps.

1.) To get a overview off all the package, use the following command:
Get-AppxPackage | ft Name, PackageFullName -AutoSize
2.) Let’s remove the Finance modern app
Remove-AppxPackage -Package Microsoft.BingFinance_3.0.1.172_x64__8wekyb3d8bbwe -Confirm:$false
3.) Return to the start menu and now you’ll see the Finance app is gone
4.) To remove all the modern apps, use the following command:
Get-AppxPackage | Remove-AppxPackage -Confirm:$false

2015-03-13_14h52_51    2015-03-13_15h24_13    2015-03-13_15h24_54

2015-03-13_15h25_13    2015-03-13_15h26_15    2015-03-13_15h26_25

2015-03-13_15h27_21    2015-03-13_15h27_27

How to: Remove “settings” button in Mozilla Firefox

In some scenario’s you want to remove some buttons within the options of Mozilla Firefox. Because there are not that enhanced group policies for Mozilla Firefox, you’ve to script something. In my example I’ve used RES Workspace Manager to distribute the modified files, but you can also use something else. For example: PowerShell, batchfiles or Group Policy Preferences.

You can edit the file userChrome.css in the folder AppData\Roaming\Mozilla\Profiles\<nameofyourprofile>\chrome to tweak the menu settings within Mozilla Firefox. In my example I’ve added the following rule:
/* Remove connection button */
#connectionSettings { display: nome !important; }

When you open Mozilla Firefox the next time, the “Settings” is gone! 🙂

2014-12-31_09h52_20    2014-12-31_09h52_56    2014-12-31_09h56_05

2014-12-31_09h56_55   2014-12-31_09h53_55

How to: Deploy packages using collection variable with ConfigMgr 2012 R2

During a OS deployment you don’t want to deploy all your packages and software to every workstation. You can deploy the software after a full OS deployment, but you can also deploy packages during the OSD using collection variables. Now it is possible to deploy packages only if a specific machine is a member of a collection. This collection can be query based, for example OU membership or Active Directory security group, or it can be static (direct membership).

In this example I’ve created a realy simple deployment, Adobe Reader 11.0. I’ve two virtual machines, SCWIN81-01 and SCWIN81-02. Both machines are members of the collection “Deploy – Windows 8.1 Enterprise x64”, where the task sequence is deployed on. Machine SCWIN81-01 is also member of the collection “Install – Adobe Reader 11.0”. This collection has a limited collection of “Deploy – Windows 8.1 Enterprise x64”. Both machines are deployed on the same time, the only difference is that machine SCWIN81-01 has Adobe Reader 11.0 installed and machine SCWIN81-02 not. Why……based on the collection variable during the OSD 🙂

1.) First create the collections
2.) Make the specific machines members of the right collections (query based or direct membership)
3.) Open the properties of the collection “Install – Adobe Reader 11.0” and navigate to the “Collection Variables” tab
4.) Add one or more variables with some values. In this example the variable is “APP-AdobeReader” with the value “Yes”
5.) Open the task sequence and add a package installation step
6.) Add the package with the program and navigate to the “Options” tab
7.) Select “Add Condition” and select “Task Sequence Variable”
8.) Enter the collection variable you’ve created earlier with the same value. In my example:
Task Sequences Variable APP-AdobeReader equals “Yes”
9.) Select “Apply” and close the task sequence.
10.) Start the OSD on both machines and wait until the installation is done!
11.) Watch the differences between both machines, if everything is okay, one machine has Adobe Reader installed and the other not.

This is an extremely powerfull thing within ConfigMgr, and really helpfull is some scenario’s. For example VDI golden image deployments or hybrid environments with laptops/desktops or multiple organizations using one ConfigMgr environment. One main reason could be consolidation in task sequences. If you want, there should be only one task sequence for all you different deployments. This is why I’m loving collection varaibles! 🙂

2014-12-22_15h45_33    2014-12-22_15h46_26    2014-12-22_15h46_48

2014-12-22_15h47_23    2014-12-22_15h49_46    2014-12-22_15h50_15

2014-12-22_15h50_37    2014-12-22_15h51_16    2014-12-22_15h51_58

How to: Apply Windows updates during OSD with ConfigMgr 2012 R2

During a OS deployment with ConfigMgr 2012 R2, you definitely want to apply the latest Windows updates and patches, for example with Windows Server Update Service (WSUS). You can also integrate WSUS within ConfigMgr 2012 R2, but in this example WSUS is not integrated!!

This example is also very usefull to create a fully patches golden image in ConfigMgr 2012 R2 (Build & Capture). After the task sequence you’ve a fully patches Windows 8.1 machine that you can use for example VDI environments.

1.) Fist open your task sequence
2.) Create a new computer group “Desktops” within the WSUS console (or choose another name, for exmaple: servers, laptops, etc.)
3.) Add a custom group within the task sequence
4.) Add the following steps in your task sequence
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUServer /t REG_SZ /d http://wsus01.cloud.local:8530 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUStatusServer /t REG_SZ /d http://wsus01.cloud.local:8530 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroup /t REG_SZ /d “Desktops” /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroupEnabled /t REG_DWORD /d 1 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU” /v UseWUServer /t REG_DWORD /d 1 /f
Run Command Line:
wuauclt.exe /resetauthorization /detectnow
5.) Don’t forget to set the name of your WSUS server and computer group in the commands above!
6.) Create a new package in ConfigMgr 2012 R2 with the following two files in it, located in the MDT 2013 deployment share directory
ZTIUtility.vbs
ZTIWindowsUpdate.wsf
7.) Don’t create a program in this package, but you only have to distribute it to the distribution point(s)
8.) Add a new step “Run Command Line” to the task sequence with the following command:
cscript.exe ZTIWindowsUpdate.wsf
Select the package where the source files are located
9.) Deploy the task sequence to your client collection!

COAU_01    COAU_02    COAU_03

COAU_04    COAU_05    COAU_06

COAU_07    COAU_08    COAU_09

COAU_10    COAU_11    COAU_12

How to: Disable first sign-in animation in Windows 8.1 using ConfigMgr 2012 R2

When a user login the very first time on a Windows 8 of 8.1 machine, they will see a “animation” with some helpful tips. During this stage the userprofile is being created and prepared. While the first sign-in animation may be helpful to new users to see, but it slows down the logintimes. So let’s turn this animation off using ConfigMgr 2012 R2.

1.) Open your task sequence
2.) Add a action “Run Command Line” after Setup Windows and ConfigMgr
3.) Copy and paste the following command line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v EnableFirstLogonAnimation /t REG_DWORD /d 0 /f
4.) Give it the value 0 to disable and 1 to enable
5.) Deploy your task sequence to a collection of devices

FRA_01    2014-12-22_10h44_09    2014-12-22_10h44_50

How to: Add computer to security group with ConfigMgr 2012 during OSD

In some cases you’ve to add computer to a Active Directory security group. For example Direct Access laptops. In this example I’ve created a VBS script for adding a computer to an Active Directory security group during OSD in ConfigMgr 2012 R2.

1.)  Create a new package within ConfigMgr 2012 R2 without a program
2.) Distribute the new package to you distribution point(s)
3.) Copy the script “ADgroup.vbs” to the source location of your new package
4.) Add a step “Run Command Line” to your task sequence
5.) Add the command line: cscript.exe adgroup.vbs [name of your AD group]
6.) Select the package “Scripts”
7.) Select a account with enough privileges to add (new) computer object to the Active Directory
8.) Deploy your task sequence to a collection

You can download the script here. (Right-click and save…)

2014-12-12_15h53_47    2014-12-12_15h58_35    2014-12-12_15h59_14

2014-12-12_15h59_50    2014-12-12_16h42_54    2014-12-12_16h43_11

2014-12-12_16h43_34    2014-12-12_16h43_48

Enabling Data Deduplication in Windows 8.1

When you do a lot of deployments whitin your Windows 8.1 Client Hyper-V machine, the disk space is getting more and more. Because I’ve only one SSD drive of 250 GB, the free space becomes critical. I’ve got to find a way to reduce it. I read a few blogs and found a solution which is the dedup. But data deduplication is not available whitin Windows 8.1.

This method is not officially supported by Microsoft ,however found a way to save my disk space.

This method requires the CAB files from the Windows Server 2012 R2.  Either you can get those files from a Windows Server 2012 R2 or you can download the files from my OneDrive here.
The files are as follow :
• Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
• Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab
• Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
• Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab
• Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
• Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab

I downloaded the files to a folder as below and installed all the CAB files:

DataDedup_02    DataDedup_01

Next step is to install the CAD files on your Windows 8.1 machine. I’ve used DISM to install these files.

DataDedup_03    DataDedup_04

After you’ve succesfully installed the CAB files, you’re able to install the “Data Deduplication” role. I’ve also used DISM (see screenshot below).

DataDedup_05    DataDedup_06    DataDedup_07

The next step is to enable Data Deduplication on the volume or volumes. First I’ve readthe current free space on my E: drive. After enabling Data Deduplication on this volume, I’ve manually started the Data Dedup task.

DataDedup_08    DataDedup_09    DataDedup_10

DataDedup_11    DataDedup_12    DataDedup_13

DataDedup_14

But after enabling Data Depuplication and running the Dedup Job, there’s nothing happening!! Why?? Because the minimumFileAgeDays is 3 and my files on the hard drives are 2 days old 🙂 So I’ve added the MinimumFileAgeDays to 0 (zero days). After running the Dedup Job again, let’s have a look on the current free space!! Dedup is doing his job!!! 🙂 Cool!

DataDedup_15    DataDedup_16    DataDedup_17

DataDedup_18    DataDedup_19    DataDedup_20

DataDedup_21    DataDedup_22

The final screenshot are the commands I’ve used to configure this in my lab environment. Once again, this method is not officially supported by Microsoft.It’s a great way to save some disk space on your expensive SSD hard drive! Now you can deploy more virtual machines on the same hard drive, so happy automation and deployment!! 🙂