How to: Deploy packages using collection variable with ConfigMgr 2012 R2

During a OS deployment you don’t want to deploy all your packages and software to every workstation. You can deploy the software after a full OS deployment, but you can also deploy packages during the OSD using collection variables. Now it is possible to deploy packages only if a specific machine is a member of a collection. This collection can be query based, for example OU membership or Active Directory security group, or it can be static (direct membership).

In this example I’ve created a realy simple deployment, Adobe Reader 11.0. I’ve two virtual machines, SCWIN81-01 and SCWIN81-02. Both machines are members of the collection “Deploy – Windows 8.1 Enterprise x64”, where the task sequence is deployed on. Machine SCWIN81-01 is also member of the collection “Install – Adobe Reader 11.0”. This collection has a limited collection of “Deploy – Windows 8.1 Enterprise x64”. Both machines are deployed on the same time, the only difference is that machine SCWIN81-01 has Adobe Reader 11.0 installed and machine SCWIN81-02 not. Why……based on the collection variable during the OSD 🙂

1.) First create the collections
2.) Make the specific machines members of the right collections (query based or direct membership)
3.) Open the properties of the collection “Install – Adobe Reader 11.0” and navigate to the “Collection Variables” tab
4.) Add one or more variables with some values. In this example the variable is “APP-AdobeReader” with the value “Yes”
5.) Open the task sequence and add a package installation step
6.) Add the package with the program and navigate to the “Options” tab
7.) Select “Add Condition” and select “Task Sequence Variable”
8.) Enter the collection variable you’ve created earlier with the same value. In my example:
Task Sequences Variable APP-AdobeReader equals “Yes”
9.) Select “Apply” and close the task sequence.
10.) Start the OSD on both machines and wait until the installation is done!
11.) Watch the differences between both machines, if everything is okay, one machine has Adobe Reader installed and the other not.

This is an extremely powerfull thing within ConfigMgr, and really helpfull is some scenario’s. For example VDI golden image deployments or hybrid environments with laptops/desktops or multiple organizations using one ConfigMgr environment. One main reason could be consolidation in task sequences. If you want, there should be only one task sequence for all you different deployments. This is why I’m loving collection varaibles! 🙂

2014-12-22_15h45_33    2014-12-22_15h46_26    2014-12-22_15h46_48

2014-12-22_15h47_23    2014-12-22_15h49_46    2014-12-22_15h50_15

2014-12-22_15h50_37    2014-12-22_15h51_16    2014-12-22_15h51_58

How to: Apply Windows updates during OSD with ConfigMgr 2012 R2

During a OS deployment with ConfigMgr 2012 R2, you definitely want to apply the latest Windows updates and patches, for example with Windows Server Update Service (WSUS). You can also integrate WSUS within ConfigMgr 2012 R2, but in this example WSUS is not integrated!!

This example is also very usefull to create a fully patches golden image in ConfigMgr 2012 R2 (Build & Capture). After the task sequence you’ve a fully patches Windows 8.1 machine that you can use for example VDI environments.

1.) Fist open your task sequence
2.) Create a new computer group “Desktops” within the WSUS console (or choose another name, for exmaple: servers, laptops, etc.)
3.) Add a custom group within the task sequence
4.) Add the following steps in your task sequence
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUServer /t REG_SZ /d http://wsus01.cloud.local:8530 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUStatusServer /t REG_SZ /d http://wsus01.cloud.local:8530 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroup /t REG_SZ /d “Desktops” /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroupEnabled /t REG_DWORD /d 1 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU” /v UseWUServer /t REG_DWORD /d 1 /f
Run Command Line:
wuauclt.exe /resetauthorization /detectnow
5.) Don’t forget to set the name of your WSUS server and computer group in the commands above!
6.) Create a new package in ConfigMgr 2012 R2 with the following two files in it, located in the MDT 2013 deployment share directory
ZTIUtility.vbs
ZTIWindowsUpdate.wsf
7.) Don’t create a program in this package, but you only have to distribute it to the distribution point(s)
8.) Add a new step “Run Command Line” to the task sequence with the following command:
cscript.exe ZTIWindowsUpdate.wsf
Select the package where the source files are located
9.) Deploy the task sequence to your client collection!

COAU_01    COAU_02    COAU_03

COAU_04    COAU_05    COAU_06

COAU_07    COAU_08    COAU_09

COAU_10    COAU_11    COAU_12

How to: Disable first sign-in animation in Windows 8.1 using ConfigMgr 2012 R2

When a user login the very first time on a Windows 8 of 8.1 machine, they will see a “animation” with some helpful tips. During this stage the userprofile is being created and prepared. While the first sign-in animation may be helpful to new users to see, but it slows down the logintimes. So let’s turn this animation off using ConfigMgr 2012 R2.

1.) Open your task sequence
2.) Add a action “Run Command Line” after Setup Windows and ConfigMgr
3.) Copy and paste the following command line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v EnableFirstLogonAnimation /t REG_DWORD /d 0 /f
4.) Give it the value 0 to disable and 1 to enable
5.) Deploy your task sequence to a collection of devices

FRA_01    2014-12-22_10h44_09    2014-12-22_10h44_50

How to: Add computer to security group with ConfigMgr 2012 during OSD

In some cases you’ve to add computer to a Active Directory security group. For example Direct Access laptops. In this example I’ve created a VBS script for adding a computer to an Active Directory security group during OSD in ConfigMgr 2012 R2.

1.)  Create a new package within ConfigMgr 2012 R2 without a program
2.) Distribute the new package to you distribution point(s)
3.) Copy the script “ADgroup.vbs” to the source location of your new package
4.) Add a step “Run Command Line” to your task sequence
5.) Add the command line: cscript.exe adgroup.vbs [name of your AD group]
6.) Select the package “Scripts”
7.) Select a account with enough privileges to add (new) computer object to the Active Directory
8.) Deploy your task sequence to a collection

You can download the script here. (Right-click and save…)

2014-12-12_15h53_47    2014-12-12_15h58_35    2014-12-12_15h59_14

2014-12-12_15h59_50    2014-12-12_16h42_54    2014-12-12_16h43_11

2014-12-12_16h43_34    2014-12-12_16h43_48

How to: Save Windows tiles in Windows 8.1 using RES Workspace Manager 2014

Whitin Windiws 8.1 users are able to add there own Windows tiles on the start screen. Here you can create your own selection of the most used applications and group them together. When you’re usning Windows 8.1 with RES Workspace Manager 2014, you can save this layout. So after logout and login again, the layout is still there.

1.) Open the RES Workspace Manager 2014 Console
2.) Navigate to Compsotion \ User Settings
3.) Create a new setting named: Save Windows Tiles
4.) Add the following two files to be saved
%LoacalAppData%\Microsoft\Windows\appsFolder.itemdata-ms
%LoacalAppData%\Microsoft\Windows\appsFolder.itemdata-ms.bak
5.) Assign the settings to the right user(s) and Workspace
6.) Login, change your Windows tiles and logout….
7.) Browse to your PersonalSettings folder and see if there is any UPF file

2014-10-01_15h29_48    2014-10-01_16h00_58    2014-10-01_16h02_14

How to: Directly install from a distribution point during OSD in ConfigMgr 2012 R2

During a OS deployment with ConfigMgr 2012 R2, the WIM file is downloaded locally and than installed on the C: drive of your system. The download proces for the install.wim file takes a while! This post will discribe how to configure the task sequence to directly apply the install.wim from the distribution point.

1.) Open the task sequence and select the step “Apply Operating System”. Navigate to the “Options” tab.
2.) Select “Access content directly from the distribution point” and select “Apply”
3.) Navigate to your Operating System Images and select the properties of the image
4.) Navigate to the “Data Access” tab
5.) Select “Copy the content in this package to a package share on distribution points”
6.) Select “Apply”
7.) The install.wim file will be copied to the SMSPKGE$ folder on your distribution point
8.) Right click on the image and select “Update Distribution Points”
9.) Wait until the content status is “Success”
10.) Start a deployment of a system
11.) The download step is gone now and the image will be installed directly from the distribution point

OSDC_01    OSDC_02    OSDC_03

OSDC_04    OSDC_05    OSDC_06

OSDC_07    OSDC_08    OSDC_09

OSDC_10    OSDC_11    OSDC_12

OSDC_13    OSDC_14    OSDC_15

OSDC_16    OSDC_17    OSDC_18

How to: Install ConfigMgr 2012 R2 hotfix KB2910552 during OSD

A few weeks ago Microsoft has released a update KB2910552 for ConfigMgr 2012 R2. This update fixes a lot of issues, but also speed up the OSD within ConfigMgr 2012 R2. I should highly recommend to install this hotfix in your environment. The hotfix is updating the site system automatically, but the client not. This blogpost will discribe how to install this hotfix during a OS deployment (OSD).

1.) First install the hotfix KKB2910552. The hotfix is vissible in the installation folder of ConfigMgr. In my example E:\Program Files\Microsoft Configuration Manager\hotfix\KB2910552\Client
2.) Copy the content in this folder to your source directory.
In my example \\CM01\Sources\OSD\Hotfix\KB2910552\Client
3.) Add a new package and configure the source location to the right directory.
In my example \\CM01\Sources\OSD\Hotfix\KB2910552\Client
4.) Select “Do not create a program
5.) Distribute the package to your distribution point(s)
6.) Open the task sequence and add a new step “Run Command Line
7.) Select the right package and configure the command line
cmd.exe /c xcopy x64\*.* “C:\Hotfix” /E /H /C /I /Q /Y
This is for x64 systems only! Change x64 to x86 for deployment to x86 systems
8.) In the “Setup Windows and Configuration Manager” step, add the following installation properties
PATCH=”C:\Hotfix\configmgr2012ac-r2-kb2910552-x64.msp”
This is for x64 systems only! Change x64 to x86 for deployment to x86 systems
9.) Start the deployment of a x64 system
10.) After the deployment has finished, navigat to the control panel and Configuration Manager
11.) On the general tab you’ll see the new version number 5.00.7958.1104

HF_01    HF_02    HF_03

HF_04    HF_05    HF_06

HF_07    HF_08    HF_09

HF_10    HF_11    HF_12

HF_13    HF_14    HF_15

HF_16

How to: Configure a “Boot to desktop” group policy for Windows 8.1

New in Windows 8.1 is the “Boot to Desktop” feature, where the user can choose not to boot to the Windows Tiles, but directly to the desktop! That’s a really nice feature if you ask me! How can we centrally configure and manage these feature for all my users or just a group of users? Exactly, through a group policy with User Preferences. It’s a user settings, so you could also use RES Workspace Manager for example.

1.) Navigate to your Group Policy Management Console
2.) Create a new Group Policy and disable the Computer Settings
3.) Open the policy and navigate to User Configuration / Preferences / Windows Settings / Registry
4.) Create a new Registry Item
5.)  Choose for Hive “HKEY_CURRENT_USER” and Navigate in the Key Path to:
Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
6.) The Value name is “OpenAtLogon
6.) Choose the Value type “REG_DWORD
7) The Value data is:
Boots to Desktop = “0”
Boots to Start Menu = “1”
8.) Attach the group policy to a organizational unit(s) and login to your Windows 8.1 machine!

2014-04-16_10h33_44    2014-04-16_10h33_55    2014-04-16_10h35_15

2014-04-16_10h44_40    2014-04-16_10h44_50    2014-04-16_10h45_18

2014-04-16_10h45_31    2014-04-16_10h46_12    2014-04-16_10h46_33

2014-04-16_10h47_03    2014-04-16_10h52_42