Add or remove local user in SCCM 2012 OSD Task Sequence

Sometimes it is necessary to add of remove a local user to your Windows image (like notebooks which must be used at external locations). You can create an image for SCCM with local users, but then you have another image with a different configuration. I think it’s cool everything can be managed with just one image, so here is a small tip to add an user from the task sequence.

The command net user can be used to add a local user, or delete it:
Add user
net user username password /add

Delete user
net user username /delete

Look at http://support.microsoft.com/kb/251394 for the right parameters.

I want to delete a user account which was created during a manual image built.
net user username /delete

Next thing is to add the command line to the task sequence:
1. Edit the Task Sequence
2. Choose Add, General, Run Command Line
Note:
The user can’t be added as all steps in the Install Operating System group are executed in WinPE.
The creation of the user to the end of the TS, after setting up the SCCM client and after restoring the user data.
ScreenHunter_264 Dec. 10 11.21
3. Type or paste the command in the Command line: box

 

Deploy custom MS updates/hotfixes in SCCM 2012 via WSUS

Some updates and enterprise hotfixes are not displayed in WSUS and therefore not applicable in WSUS. This blog post shows how to streamline these update/hotfixes in WSUS and SCCM.

The trick is that “out of the box” you can’t deploy this. Some updates do not sync to WSUS and your SCCM software update point (SUP) automatically. There are some simple steps you can take to get it there.
This example adds KB2670838 in the update list.

Lets start,
-On your central site, start the Windows Server Update Services admin console
Note that changing things in the WSUS console can mess up the WSUS integration; Do so carefully.
-Go to updates select Import Updates to launch a webpage to the Microsoft Update Catalog.
ScreenHunter_232 Nov. 27 13.17
-Search on KB2670838 and add all that you are interested in getting for your environment
-Check import directly into Windows Server Update Services is selected then hit the import button.
Another box will come up tracking the download and show success when completed
Note that the updates are feature Packs
ScreenHunter_233 Nov. 27 13.19
-Give the WSUS services a full sync by clicking Synchronize Now
ScreenHunter_234 Nov. 27 13.21

Next we are setting up the SCCM part
-Start the SCCM 2012 R2 Console
Verify that your SCCM site is set to sync “Feature Packs” classification, because that is what this is (as compared to “service packs” or “security updates”).
-Check Feature Packs in Administration, Sites, Software Update PointScreenHunter_237 Nov. 27 13.24

-Once that download is complete you can sync SCCM by clicking Synchronize Software Updates ScreenHunter_235 Nov. 27 13.22
Once the Sync is complete you should see the updates in SCCM to deploy as you would any other update

-In the Console select Software Library, Software Updates, Automatic Deployment Rules
-Choose Create Automatic Deployment Rule from the Ribbon
ScreenHunter_238 Nov. 27 13.25
-Give the ADR a name like ADR: Custom Updates, select a template, a collection.
ScreenHunter_239 Nov. 27 13.26
-Setup the ADR as a regular ADR, only choose in the software updates section, the product like Windows 7 and the article ID 2670838
ScreenHunter_241 Nov. 27 13.27
-After finishing the ADR choose Run Now to get a full Sync.
ScreenHunter_249 Nov. 27 13.39

-After the full Sync you see the updates in the WSUS directory of SCCM
 ScreenHunter_251 Nov. 27 13.39
Next part is integrating the update is the OS image

-Start the Software Library, Operating Systems and right click the media you want to update, choose Schedule Updates
ScreenHunter_252 Nov. 27 13.40
Search 2670838 in the choose update and notice that (if its applicable) the update appears in the image.
ScreenHunter_253 Nov. 27 13.41
Apply the update and notice in the OfflineServiceMgr.log the update is applied and afterwards is installed in the installed update tab on the image
ScreenHunter_255 Nov. 27 13.49
ScreenHunter_256 Nov. 27 13.59

That’s it!

Install Software Packages in a OSD Task Sequence using variables

Issue:
When looking in SCCM implementations I regularly bump into the same issues. Lots of task sequences with a lot of different settings in them. Because of the exploding amount of task sequences there is a lot if differiation between them. This blog post describes how to use OSD variables to bring back the amount of sequences.

Let’s start,
This example is an school with student’s as well as teachers. They are divided into rooms by using the device collections. Depending on the (class) room they get the software they need.

First we start with creating a device collection for a room:
We are going to set the variables to the collections
– Go to Assets and Compliance, Device Collections, and choose Create Device Collection.
– Give the collection a name like “Classroom 141” and limit the collection to “All Collections
– Check Use incremental updates for this collection and turn off Schedule a full update on this collection.
– Choose Next, Yes and Finish the collection

Next we are going to set the collection variables
– Get the properties of the newly made collection, go to collection variables and fill in the following variables (depending on your structure)
Name                  Value
BSL                     Students Desktops
Domain                Students
OSDOUName       OU=R141,OU=Students Desktops,OU=Workstations,DC=students,DC=domain,DC=local

BSL1

 

1. Let’s install software based on a variable
Now we can add the variables to the software library

– Go to Software Library, Task Sequences and Edit an task sequence.
– We created a Install CSL Applications (Common Software Layer); this is for software that is scoped on all desktop (like Office, flash, Adobe Reader ETC)
– We also created an Install BSL Applications (Business Software Layer) for specific software per/pc/room
Add the software to the BSL and choose Options
Add Condition and choose Task Sequence Variable BSL equals “Students Desktops”

BSL 2

2. Let’s install sofware based on a variable

OK lets go a little bit further, we are now going to add the computer in the AD OU based in the computer variable of the collection.
– Go to the Network Settings, Apply Network settings and set Join a domain, fill in the domain name and in the OU part you choose LDAP://%OSDOUName% as stated in the variable.

Flexible Domain Name

Now we are going to set the options so the proper collection is selected.
– Go to Options, Add condition, Task Sequence Variable and choose Domain equals “Students”

Flexible Domain Name II

 

Little recap;
– Made device collections based on rooms
– Filled in the variables for that device collections
– Set options for installing software based on device collection variables
– Placed machines in the proper OU based on device collection variables

Simple as that!

System Center 2012 R2 Release Date (SCOM, SCCM)

In 2012 Microsoft made public that they are going to release new versions of their major products at least once per year.
Because of their cloud based service they develop much faster as in the past.

Microsoft has already evaluation versions of System Center R2 available to eligible customers.
But the official release  available through the TechNet Evaluation Center. System Center 2012 R2 is available from TechNet and for new purchases on November 1st, 2013.

There’s even more good news:
Microsoft announced that Windows 8.1 will be available to consumers and businesses worldwide on October 18, 2013.

 

Prerequisites for setting up SCCM 2012 R2 on Windows 2012 R2

When installing System Center Configuration Manager 2012 R2, there are a number of prerequisite steps which need to be taken before installing the software.
They seem simple but can take up a few day’s to finish. I just put them below so we can quickly start the SCCM installation.

VMWare
1. Change the E1000 NIC to VMXNET3 NIC this to avoid a lot of headache during the rest of the setup. See http://www.toolzz.com/?p=1085

Hyper-V
1. Change the default network to the Legacy Network Adapter. This to support WOL and PXE integration

Extend Active Directory Schema
1. Extend Active Directory Schema for SCCM 2012 Domain Controllers. Navigate to  \SMSSetup\Bin\x64\ and execute Extadsch.exe
2. Create the System Container and assign Permissions

Site Server Prerequisites
1. We are going to install a stand alone Primary Site Server. Therefore these roles are neccesary; this powershell script install’s it automaticly

This needs to turn on a elevated PowerShell (RunAs Administrator)

Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-ISAPI-Ext
Install-WindowsFeature Web-Metabase
Install-WindowsFeature Web-WMI
Install-WindowsFeature BITS
Install-WindowsFeature RDC
Install-WindowsFeature NET-Framework-Features
Install-WindowsFeature Web-Asp-Net
Install-WindowsFeature Web-Asp-Net45
Install-WindowsFeature NET-HTTP-Activation
Install-WindowsFeature NET-Non-HTTP-Activ

There is a bug in the .NET framework 3.5
You need your Windows Installation media to do this.
dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccess

SQL Server considerations
1. Install the Database Engine feature for each site server, Management Tools and Reporting Services
2. Use the SQL_Latin1_General_CP1_CI_AS collation server
3. Apply SP1 and CU4 or later
4. Change MSSQLServer.exe account in services to an domain user account (best practice) account
5. Open the SQL ports for incomming traffic (1433 and 4022) and reporting (80 and 443)
6. Limit SQLServer memory to 70 – 80% of the addressable memory if the SQL is in a dedicated Server. if the SQL is co-located with the Site Server computer limit the memory to 50 – 70%.

Prerequisites for SCCM
1. Prevent SCCM from installing Files on the OS Drive (C:\) by placing no_sms_on_drive.sms in the root of the C:\ folder
2. Install WSUS on the Windows 2012 R2 server with powershell. This because there are some issues in WSUS in combination with Windows 2012
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools
.\wsusutil.exe postinstall SQL_INSTANCE_NAME=”servername” CONTENT_DIR=”D:\Sources\WSUS\WSUS”
And
%programfiles%\update services\tools\wsusutil.exe postinstall CONTENT_DIR=D:\Sources\Wsus\WSUS SQL_INSTANCE_NAME=sqlservername
3. Do not configure WSUS
4. Install Windows ADK 8.1 download the new ADK to support Windows 8.1 and Server 2012 R2 from here
4. Install the ADK: User State Migration Tool (USMT), Windows Deployment Tools, Windows PreInstallation Environment (Windows PE)

start_button
That’s it, you can now start installing SCCM 2012 R2 !

Deploy all Windows Updates during the SCCM 2012 Task Sequence

Issue
I noticed that when I put Windows Updates in the SCCM 2012 Task Sequence (“Deploy” and the “Build and Capture”) some Software Updates weren’t installed. Even after updating the Operating System Images Offline the issue still remained.

Reason and solution
After some investigation the answer was relatively simple; The Configuration Manager Client caches the results of a Software Update evaluation scan.
I Noticed that this cache has a rather long TTL, longer than the Task Sequence lasted.
This post is on how to update the deployment completely by flushing the Windows Update cache.

1. Force all updates to run in the task sequence
– 
In the Configuration Manager console, navigate to Administration, choose Software library, Operating Systems, Task Sequences, and edit the Task Sequence which you want to modify.
– After the complete installation choose Add, New Group and change the name to Windows Updates
Add another subgroup called Install Software Updates I
– Add, General, Install Software Updates
and name it Install Software Updates I
Install Updates SCCM 2012 - 1

– Add another subgroup called Install Software Updates II
– Add, General, Run Command Line 
and name it Scan for  Updates II
– In the command line type: WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000113}” /NOINTERACTIVE
Install Updates SCCM 2012 - 2

– Add, General, Run Command Line and name it Wait for Scan to Finish II
– In the Command line type: Powershell.exe -command start-sleep 30 Install Updates SCCM 2012 - 3
– Add, General, Install Software Updates and name it Install Software Updates II
Install Updates SCCM 2012 - 4
– Copy the Install Updates II folder 3 times and change the description. After this the sequence will run and install all updates.

 

Setting SMSCacheSize in SCCM 2012 task sequence does not work

Issue:
There are a lot of threads discussing the SMSCACHESIZE and how to configure this. The issue is that configuring the SMSCACHESIZE in the task sequence doesn’t work. The issue we had is that no matter what size is configured using the parameter in the task sequence it always set the client’s cache size to the default, which is 5120 MB.
SMSCacheSize

Reason:
After checking the product documentation about the SMSCACHESIZE property we found:
“This setting is ignored when you upgrade an existing client and when the client downloads software updates.”
Because we included the SCCM 2012 client in the image (build & capture), Microsoft calls this an upgrade of the client.

Solution:
Change the task sequence by adding a VBS script to change the SMSCacheSize after the installation as described below:
– Save the script below in a .VBS file and place it on a reachable location (for instances on shared folder on the distribution points)

Dim ClientResource
Set objShell = WScript.CreateObject ("WScript.shell")
Set ClientResource = CreateObject("UIResource.UIResourceMgr")
Set CacheInfo = ClientResource.GetCacheInfo
CacheInfo.TotalSize = 7680 ' Your new cache size in MB.

– Go to Software Library, Packages and choose Create Package
Give the package a name like Set SCCM Cache Size, choose a source folder like \\SCCM-NLD-DP\sources$\Software\Packages\SCCM_2012\SCCMCacheSize
Choose Next and choose the option Do not create a program, Next and finish
– Open the Task sequence, After the SCCM setup add a Run Command Line
Task Sequence SMSCacheSize
– Add the following line to the Command Line: cscript.exe //nologo \\SCCM-NLD-DP\sources$\Software\Packages\SCCM_2012\SCCMCacheSize\setcache.vbs

Problem fixed !

 

 

 

CCMsetup.exe will not install: Failed to access source file (3)

Issue
Today we bumped into an issue installing the SCCM client manually. The error in the C:\Windows\CCMSetup\ccmsetup.log stated “Failed to access source file (3). Waiting for retry.”

<![LOG[Downloading file C:\Windows\System32\drivers\sccm\SCCM Client\ccmsetup.exe]LOG]!><time=”10:40:53.549-120″ date=”05-31-2013″ component=”ccmsetup” context=”” type=”1″ thread=”3780″ file=”ccmsetup.cpp:5569″>
<![LOG[Downloading C:\Windows\System32\drivers\sccm\SCCM Client\ccmsetup.exe to C:\Windows\ccmsetup\ccmsetup.exe]LOG]!><time=”10:40:53.549-120″ date=”05-31-2013″ component=”ccmsetup” context=”” type=”1″ thread=”3780″ file=”ccmsetup.cpp:5653″>
<![LOG[Failed to access source file (3). Waiting for retry…]LOG]!><time=”10:40:53.549-120″ date=”05-31-2013″ component=”ccmsetup” context=”” type=”2″ thread=”3780″ file=”ccmsetup.cpp:5665″>
<![LOG[Next retry in 10 minute(s)…]LOG]!><time=”10:40:53.549-120″ date=”05-31-2013″ component=”ccmsetup” context=”” type=”0″ thread=”3780″ file=”ccmsetup.cpp:8498″>

Cause and solution
After some investigation we discovered that the customer copied the SCCM setup folder in the C:\Windows\System32 folder and was running the setup from there. This is because of security prohibited. After this we moved the folder to C:\temp and the setup ran fine.

Install SCCM 2012 prerequisites with PowerShell

Here is a little help to install all required Windows Features for running System Center Configuration Manager 2012 on a Windows Server 2012 Machine

This needs to turn on a elevated PowerShell (RunAs Administrator)

Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-ISAPI-Ext
Install-WindowsFeature Web-Metabase
Install-WindowsFeature Web-WMI
Install-WindowsFeature BITS
Install-WindowsFeature RDC
Install-WindowsFeature NET-Framework-Features
Install-WindowsFeature Web-Asp-Net
Install-WindowsFeature Web-Asp-Net45
Install-WindowsFeature NET-HTTP-Activation
Install-WindowsFeature NET-Non-HTTP-Activ

There is a bug in the .NET framework 3.5
You need your Windows Installation media to do this.
dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccess

Build, Capture and deploy Windows 7 and Windows 8 in SCCM 2012 SP1

Operating System Deployment is one of the most utilized features of Microsoft System Center Configuration Manager 2012(SCCM). Many companies are now planning to upgrade their machines from Windows XP to Windows 7 or Windows 8 and will be using SCCM to do so. In the SP1 version of SCCM 2012 there are some minor issues which cause the OSD to fail.

This blog will describe the right steps to deploy Windows 7 and also Windows 8. This because there are no differences between deploying them
In the steps taken below we presume this is a clean install and you don’t have an Windows 7 image file.

First install hotfix http://support.microsoft.com/kb/2801987 on the Site Servers. This is required to do a successful PXE boot.

1. Enable the Network Access Account

The “Network Access Account” is needed during deployment in WinPE. The account is uses to access the content on the network. Often forgotten so we start with it..

  1. In the Configuration Manager console, navigate to Administration, choose  Site Configuration, right-click on the Primary site, and select Configure Components, Software Distribution.
  2. In the Network Access Account tab, click the Specifiy the account that access network locations, choose Set and Add the network access account and provide it with a password choose OK to finish the config

 

1. Enable PXE support and boot

  1. In the Configuration Manager console, navigate to Administration, choose  Site Configuration, and choose Servers and Site System Roles, and select the server which hosts you’re distribution point.
  2. In the results pane, double click the Distribution Point role and select the PXE tab, place a checkmark on Enable PXE support for Clients, answer Yes for the firewall port question.
  3. Check the Allow this distribution point to respond to incoming PXE requests and Enable unknown computer support also I’ve removed the password option but this is not required.
    PXE Update
  4. Click OK and the SCCM machine will distribute the settings.
  5. Next step is to distribute the Boot Images to the distribution points
  6. In the Configuration Manager console, navigate to Software Library, Operating Systems, Boot Images. Right click the X64 boot image and choose Distributed Content, Click Next and click Add, Distribution Point choose you’re distribution point.
  7. Continue through the wizard to complete the distribution
  8. DON’T Forget to repeat this step for the X86 image

 

2. Enable the PXE boot image

  1. In the Configuration Manager console, navigate to Software Library, Operating Systems, Boot Images. Right click the X64 boot image and choose Properties
  2. In the results pane, click Data Source, and enable the  Deploy this boot image from the PXE service point.
    Distribution Point Settings
  3. Select OK and the distribution point will be updated
  4. DON’T Forget to repeat this step for the X86 image.

 

3. Add the Windows 7 Operating System

Here’s where it get’s a bit tricky, SP1 doesn’t support the old Operating System Installers so a little change in SP1.

  1.  First of all I created the following structure to get a structured collection of Operating System Deployments.
    ScreenHunter_258 Feb. 18 15.52
  2.  Second I extracted the Windows 7 ISO and copied it to \\demo-sccm01\Sources\OSD\OSD Uploads\Windows7_x64_NLD folder.
  3. In the Configuration Manager console, navigate to Software Library, Operating Systems, Operating System Images, Right click and choose Add Operating System ImageAdd OS Image
  4. Browse to the to the Windows 7\Sources directory and select the install.wim like “\\demo-sccm01\Sources\OSD\OSD Uploads\Windows7_x64_NLD\Sources\install.wim
  5. Choose Next and finish the import of the WIM file
    Add the WIM File
  6. In the Configuration Manager console, navigate to Software Library, Operating Systems Images,  Right click the Image, choose Distribute Content,  Click Next and click Add, Distribution Point and choose you’re distribution point.

 

4. Next is build and capture the new image

Now we are going to build a new WIM file. This will be an template file which SCCM uses to rollout new Operating System Deployments

  1. In the Configuration Manager console, navigate to Administration, choose  Software library, Operating Systems, Task Sequences, Create a folder called Windows 7 x64, right click the folder and select Create Task Sequence
    1
  2. At the Create new task sequence choose Build and Capture a reference operating system image, Next
    2
  3. In the Task Sequence Information, give the task sequence a logical name like “Build and Capture – Windows 7 Pro x64 – NLD” , choose the “Boot Image (x64)…” and click Next
    3
  4. Choose the Operating System Image we imported (OSD Media – Windows 7 x64 Pro – NLD) in the previous step and choose Next
    4
  5. Choose the Image file, Optional license key and administrator password. I filled in the password to login in the reference machine after the build and capture. If the license key is also not necessary both settings can be set in the Deploy Sequence afterwards.
    6
  6. In the Configure Network choose the workgroup option. This because Sysprep will not work when you join the machine to a domain.
    7
  7. In the Install Configuration Manager Client section leave this default (installation properties can be blank, we will change this in the actual deployment.) Next.
    8
  8. At the Include Updates we checked Do not install any software updates, choose Next
    9
  9. Choose Next at the Install Applications
    10
  10. Choose Next at the System Preparation Section
    11
  11. Fill in the details on the Image Properties and choose Next
    12
  12. At the Save As dialog box, choose the created  \\demo-sccm01\Sources\OSD\OSD\Captures\ folder and give the image a proper name.
    13
  13. Choose Save, Next and Finish the task sequence
    15
  14. Right click the newly created task sequence and choose Edit
    16
  15. Click on the last partition task, choose Add, General, Set Task Sequence Variable
    This is to assign the C:\ as boot drive. Otherwise the sequence will install Windows on D:\.
    17
  16. Name tab type Assign C:\ to Boot drive, at the task Sequence Variable type OSDPreserveDriveLetter with the value false place the task behind the partition tasks
    18
  17. Choose OK to apply the task sequence changes.
  18. Now we are going to distribute the task sequence to the distribution point; right-click the newly build task sequence and choose deploy
    19
  19. I’ve chosen the collection All Unknown Computers, this results that the capture is available for everyone. In a test environment this is not issue but in production it’s not recommended, choose Next
    20
  20. In the Make available to the following choose Only Media and PXE, Next
    21
  21. Just next, next finish to the configuration; no additional changes are required.
    26
  22. OK now it’s get exiting; if everything went well you now can startup you’re client machine to boot with F12 and rollout a package!
  23. At the task Sequence Wizard, choose the Build and Capture – Windows 7 Pro x64 – NLD
    28
  24. The capture begins, the sequence finishes some steps to build the new WIM file
    29
    30 31 32
  25. In these steps you will see that the new WIM file is build in de Captures directory
    33

 

5. Deploy the captured image in a task sequence

Next we going to create the deploy sequence to rollout the WIM image to the clients.

  1. In the Configuration Manager console, navigate to Administration, choose  Software library, Operating Systems, Task Sequences, Create a folder called Windows 7 x64, right click the folder and select Create Task Sequence
    -1
  2. At the Create new task sequence choose Install an existing image package, Next
    -2
  3. In the Task Sequence Information, give the task sequence a logical name like “Deploy – Windows 7 Pro x64 – NLD“, choose the “Boot image (x64) 6….” boot image and click Next
    -3
  4. Choose the Operating System Image we created  (OSD Captued – Windows 7 x64 Pro – NLD nl-NL) in the previous step and choose Next
    -4
  5. Choose the Image file, Optional (if no KMS used) license key and set the administrator password to random and select the 2-2 image (the other one is the 100 MB partition).-5
  6. In the Configure Network choose the Join a Domain option. Fill in the domain, Domain OU and account (this is a test environment but please do not use administrator)-6
  7. In the Install Configuration Manager Client section and set the installation properties to SMSMP=Demo-SCCM01.demo.local
    Next.
    -7
  8. At the state migration we deselect all check boxes because we do not use this in the lab., choose Next
    -8
  9. At the Include Updates we checked Do not install any software updates, choose Next
    -9
  10. Choose Next at the Install Applications and finish the wizard.-10
  11. Right click the newly created task sequence and choose Edit-11
  12. Choose Add, General, Set task Sequence Variable.-12
  13. Name tab type Assign C:\ to Boot drive, at the task Sequence Variable type OSDPreserveDriveLetter with the value false place the task behind the partition task-13
  14. Choose OK to apply the task sequence changes.
  15. Now we are going to distribute the task sequence to the distribution point; right-click the newly build task sequence and choose deploy
    -14
  16. I’ve chosen the collection All Unknown Computers, this results that the deployment is available for everyone.
    -15
  17. In the Make available to the following choose Only Media and PXE, Next-16
  18. Just next, next finish to the configuration; no additional changes are required.
  19. OK now it’s get exiting; if everything went well you now can startup you’re client machine to boot with F12 and rollout a package!
    Boot with F12
  20. Choose the new created task sequence!
    Choose the Deploy image
  21. That’s it! The deployment will run successfully!!