Installing ConfigMgr 2012 R2 CU4 Unattended

10 mars, 2015

When setting up ConfigMgr 2012 R2 in a lab and test, or any type of Proof-Of-Concept you want to automate everything. Luckily the Cumulative Update (CU) 4 download has support for unattended setup: Just add the /Unattended switch to the extracted download and you’re good.

Note: Don’t use the /unattended switch in a production environment without having a SQL Backup of the Site Server. The unattended setup will update the site server database by default.

The command

Installing CU4 unattended is a simple as this:

CM12-R2CU4-KB3026739-X64-ENU.exe /Unattended

Note: The /Unattended switch cause the CU4 setup to do almost everything the manual setup does, keep on reading for more info…

Verifying the setup

After setup you can review the log files in C:\Windows\Temp, but you can also check the CU Level installed by running this command:

1
Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name "CULevel"

image
Displaying the CU level installed.

 

You can also verify that the ConfigMgr console was updated by running this command (should return 5.0.7958.1501 which is the CU4 version):

1
(Get-Item ($env:SMS_ADMIN_UI_PATH.Substring(0,$env:SMS_ADMIN_UI_PATH.Length – 5) + '\Microsoft.ConfigurationManagement.exe')).VersionInfo.FileVersion

image
Checking the ConfigMgr console version.

The difference from manual setup

As mentioned, the /Unattended switch cause the CU4 setup to do almost everything the manual setup does. Well, except from creating the four update packages for secondary site servers, consoles and x86/x64 clients.

Luckily, creating four packages and four programs in PowerShell is not that hard :)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
$SiteServer = $Env:COMPUTERNAME
# Import the ConfigMgr PowerShell module
Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1")
$SiteCode = Get-PSDrive -PSProvider CMSITE
Set-Location "$($SiteCode.Name):\"
# Create the Configuration Manager Updates folder
New-Item "$($SiteCode):\Package\Configuration Manager Updates"
# Create the console update package
$ConsolePackage = New-CMPackage -Name "R2 CU4 - console update - $SiteCode" -Description "R2 CU4 - console update - $SiteCode" -Path "\\$SiteServer\SMS_$SiteCode\hotfix\KB3026739\AdminConsole\i386"
Move-CMObject -FolderPath "$($SiteCode):\Package\Configuration Manager Updates" -InputObject $ConsolePackage
New-CMProgram -PackageName $ConsolePackage.Name -StandardProgramName "Cumulative update 4 - console update install" -CommandLine "msiexec.exe /p configmgr2012adminui-r2-kb3026739-i386.msp /L*v %TEMP%\configmgr2012adminui-r2-kb3026739-i386.msp.LOG /q REBOOT=ReallySuppress REINSTALL=ALL REINSTALLMODE=mous" -ProgramRunType WhetherOrNotUserIsLoggedOn -RunMode RunWithAdministrativeRights -UserInteraction $false
# Create the server update package
$ServerPackage = New-CMPackage -Name "R2 CU4 - server update - $SiteCode" -Description "R2 CU4 - server update - $SiteCode" -Path "\\$SiteServer\SMS_$SiteCode\hotfix\KB3026739\Server\x64"
Move-CMObject -FolderPath "$($SiteCode):\Package\Configuration Manager Updates" -InputObject $ServerPackage
New-CMProgram -PackageName $ServerPackage.Name -StandardProgramName "Cumulative update 4 - server update install" -CommandLine "CM12-R2CU4-KB3026739-X64-ENU.exe /Unattended" -ProgramRunType WhetherOrNotUserIsLoggedOn -RunMode RunWithAdministrativeRights -UserInteraction $false
# Create the x64 client package
$x64ClientPackage = New-CMPackage -Name "R2 CU4 - x64 client update - $SiteCode" -Description "R2 CU4 - x64 client update - $SiteCode" -Path "\\$SiteServer\SMS_$SiteCode\hotfix\KB3026739\Client\x64"
Move-CMObject -FolderPath "$($SiteCode):\Package\Configuration Manager Updates" -InputObject $x64ClientPackage
New-CMProgram -PackageName $x64ClientPackage.Name -StandardProgramName "Cumulative update 4 - x64 client update install" -CommandLine "msiexec.exe /p configmgr2012ac-r2-kb3026739-x64.msp /L*v %TEMP%\configmgr2012ac-r2-kb3026739-x64.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous" -ProgramRunType WhetherOrNotUserIsLoggedOn -RunMode RunWithAdministrativeRights -UserInteraction $false
# Create the x86 client package
$x86ClientPackage = New-CMPackage -Name "R2 CU4 - x86 client update - $SiteCode" -Description "R2 CU4 - x86 client update - $SiteCode" -Path "\\$SiteServer\SMS_$SiteCode\hotfix\KB3026739\Client\x86"
Move-CMObject -FolderPath "$($SiteCode):\Package\Configuration Manager Updates" -InputObject $x86ClientPackage
New-CMProgram -PackageName $x86ClientPackage.Name -StandardProgramName "Cumulative update 4 - x86 client update install" -CommandLine "msiexec.exe /p configmgr2012ac-r2-kb3026739-i386.msp /L*v %TEMP%\configmgr2012ac-r2-kb3026739-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous" -ProgramRunType WhetherOrNotUserIsLoggedOn -RunMode RunWithAdministrativeRights -UserInteraction $false

 

 

image
The four packages created using PowerShell.

/Johan Arwidmark

http://www.deploymentresearch.com/Research.aspx

Kategori: Instruktörernas inlägg Författare: Johan Arwidmark

What is REALLY new in MDT 2013 Update 1 Preview

3 mars, 2015

As you probably seen the MDT 2013 Update 1 preview was released on March 2, the official announcement by Aaron Czechowski lists the below list of features:

  • Support for Windows 10 Technical Preview
  • A new ZTIUtility function, GetMajorMinorVersion
  • Split WIM support for UEFI media scenarios to avoid the 4GB limit (works but badly implemented in the console, see note further down for details).
  • Support for Windows 10 ADK Technical Preview, which is also a prerequisite for MDT 2013 Update 1 preview
  • Minor Updates to the Deployment Workbench

Note: MDT 2013 Update 1 Preview is for Lite Touch deployments only, don’t use with ConfigMgr 2012 R2.

So is that it? Maybe, let’s take a closer look :)

What’s still broken in the preview

Before diving into the new features, here is a list of some key things that still not work. I was kind of hoping more of the many known bugs would be fixed, but so far nope… Hopefully they will be fixed in the final release.

  • The Microsoft.BDD.MonitorService.exe.config still contains system.diagnostics that will literally kill any deployment server having a C:\temp folder, and that is using the Monitoring feature.
    • Workaround: Modify the Microsoft.BDD.MonitorService.exe.config file per this article.
  • The PowerShell script output to create deployment shares automatically is still not correct.
    • Workaround: Use this syntax instead.
  • The PowerShell script output to create offline media automatically is still not correct.
    • Workaround: Use this syntax instead.
  • Deployment Workbench still crashes, and spikes the server CPU to 99 percent, when configuring a custom background for the boot image.
    • Workaround: Use PowerShell to configure the deployment share as explained in this post, or simply try a few times in the Workbench, only changing the custom background image, and only browsing for the file (don’t type in the text box).
  • Generating a catalog file for Windows 10 still fails, but that is really not MDT’s fault, it’s a known bug in the Windows 10 ADK Technical Preview.
    • Workaround: None, wait for a fix.
  • New Offline Media fails if the target folder does not exist.
    • Workaround: Create the target folder first, and make very sure Not to use a subfolder inside your deployment share. Create a folder outside of the deployment share.
  • Deployment fails if a virtual machine has multiple virtual disks
    • Workaround: Attach the extra virtual disks after deployment has completed.
  • Deployment fails if using a “fixed media” USB stick.
    • Workaround: Use an older and most likely slower USB stick instead, that not presents itself as fixed media, but instead as removable media.

Note: There is still much code in MDT 2013 Update 1 preview for XP / Vista / 2003 / 2008 deployments, even though some references was removed in this preview. It doesn’t really do any harm though, but it would be nice to see a complete cleanup.

Minor Updates to the Deployment Workbench

Here is a list of the changes I’ve found in the Deployment Workbench:

  • The info in the main node, Deployment Workbench, is updated with the MDT 2013 Update 1 name, but all other info is utterly incorrect. Don’t read it.
  • Getting Started and Component nodes removed (which is great, because the function of getting components was really poor).
  • Windows platform selections for applications are updated with Windows 10 client and server platforms.
  • Install Roles and Features action now contains Windows 10 client and server settings.

image
The Windows 10 settings now available.

Updates to the task sequence templates

Here is a list of the changes I’ve found in the task sequence templates:

  • Capture Only Task Sequence: Condition removed on the Apply Windows PE (BCD) action
  • Standard Server Task Sequence: Condition removed on the Apply Windows PE (BCD) action

 

Updates to the Windows Deployment Wizard

Here is a list of the changes I’ve found in the Windows Deployment Wizard:

  • Most (but not all) panes and validation scripts updated with new version number
  • Validation scripts updated to use the new GetMajorMinorVersion function
  • Shortcut key label corrected for the User Credentials pane (credentials_enu.xml)
  • Shortcut key label corrected for the Deployment Summary pane (summary_definition_enu.xml)
  • Shortcut key label corrected for the Welcome pane (welcomewiz_choice.xml)
  • Conditions updated for the BitLocker pane (deploywiz_definition_enu.xml)

 

New Task Sequence engine

The standalone task sequence engine used by MDT 2013 Lite Touch has been upgraded to 5.0.7958.1000 which is the same as the ConfigMgr 2012 R2 (no CU’s) is using. This is major upgrade since the previous version used was 4.0.6487.2000 which is from ConfigMgr 2007 SP2. Because of the new version you will in addition to the updates files also see some additional files (CommonUtils.dll, ccmgencert.dll, msvcp100.dll and msvcr100.dll) being copied to the boot image.

image
One of the task sequence components.

 

Split WIM support for UEFI media scenarios

When creating (updating) an offline media item, and MDT 2013 Update 1 Preview detects a WIM file larger than 4 GB, it will split it automatically for you into 4 GB chunks (well, 4095 MB chunks).

Findings: The really interesting part, which I consider kind of a design flaw, is that the media update action first of all splits the big WIM every single time you run the update, no matter if the big image changed or not. Second, it’s using ImageX.exe to do the split which is supposed to be deprecated (DISM does support split too). Third, it’s using a quite resource intensive workflow for splitting the WIM and update the media. MDT does the following when having the deployment share on a data disk:

  1. Splits the big WIM using ImageX and stores the SWM chunk files in the original big WIM folder in the MDT deployment share.
  2. Moves the big WIM from the MDT deployment share to %temp%. However it’s  really a copy and delete since %temp% is on a different volume by default.
  3. Copies the SWM files from the deployment share to the media folder. Yes, copies, even if they are on the same volume, not moving.
  4. Moves the big image from %temp% to the MDT deployment share. Again really a copy and delete since %temp% is on a different volume by default.
  5. Deletes the SWM files in the MDT deployment share
  6. Done.

Put it this way, you better have plenty of free disk space, and don’t deploy the image over the network while updating the media (and the opposite around as well).

Real World Note: Since ImageX (or DISM for that matter) is used to split the big WIM file it won’t work if your WIM has files larger than 4 GB in it. Below you see one of the chunks being bigger than 4 GB, which obviously won’t work on a UEFI-based media (which is FAT32). Hopefully most images don’t have individual files larger than 4 GB in them, but still, it’s a serious limitation.

image
The new split WIM support not working for UEFI-based media because the big WIM had one file larger than 4 GB in it.

 

image
The Update Media Content wizard detecting a large WIM file and splitting it.

Script Updates

If you review the MDT 2013 Update 1 preview scripts , you’ll find that most script updates are related to using the new GetMajorMinorVersion from the ZTIUtility.vbs script to handle versioning of Windows Operating Systems, or for supporting the new task sequence engine, or for the split WIM support. But I did notice another change as well:

  • ZTIWindowsUpdate.wsf updated to only enable debug tracing when debug flag is set.

 

Happy Deployment,

/ Johan Arwidmark

http://www.deploymentresearch.com/Research.aspx

Kategori: Instruktörernas inlägg Författare: Johan Arwidmark

Using USMT from Windows 10 ADK to migrate 3rd party drivers

2 mars, 2015

A new feature in USMT 10 (from the Windows 10 ADK technical preview) is it’s ability to migrate 3rd part drivers (and apps) via the new provisioning packages in Windows 10. I’m not sure why anyone would migrate drivers this way (yet), but it least it caught my interest enough to play around with the the feature :)   Another interesting thing is that there is a ARM version of USMT as well…

Note: The drivers capture feature in USMT 10 is quite similar to use the Export-WindowsDriver cmdlet that was introduced with Windows 8.1, except that it stores the drivers in a WIM file (provisioning package, PPKG extension,). In the Windows 10 ADK Technical Preview, the PPKG (WIM) files that are created are not compressed. I don’t know why, but I hope that will change in the released version.

New command line switches for Scanstate to migrate apps and drivers

There is a bunch of new command line switches to scanstate, but the /ppkg /drivers and /apps controls the apps and drivers migration feature. The /apps feature seems to be broken in the Technical Preview, but the /drivers feature is working fine in my testing.

Disclaimer: Since drivers are normally handled by the deployment solutions, I haven’t yet figured out any real world usage for this new feature. Please comment below if you find this feature useful (and why).

Anyway, the command line switches that controls apps and drivers migrations are the following:

  • /ppkg
    Specifies that the migration store is a provisioning package. Can’t be used with /nocompress, /hardlink or /p.
  • /drivers[:<options>]
    Specifies that USMT should migrate 3rd party drivers. By default all drivers are migrated. <options> can be used to select drivers to migrate. They are of the form +n:<pattern>, -n:<pattern>, +p:<pattern>, -p:<pattern>,+c:<pattern>, -c:<pattern>, where +-n can filter the migrated driver by the name of the INF file, +-p can filter them by publisher and +-c by class name or class GUID. Multiple /drivers are allowed, The last pattern matching a particular driver wins. /drivers must be used with /ppkg.
  • /apps
    Specifies that USMT should migrate 3rd party applications. A provisioning package captured this way can only be applied during the deployment process, it cannot be used with a normal apply process with Loadstate.exe. Also, /apps implies that no user data will be migrated, /ui /ue will be ignored. /apps must be used with /ppkg. /apps cannot be used with any /target switches.

Note:  3rd party applications are Windows store applications, not Windows Desktop applications.

 

Testing the drivers feature

To capture drivers from a system and create a provisioning package you run the following command (the /ue switch is optional but I didn’t want to capture any profiles):

scanstate.exe /drivers /ppkg /ue:*\* \\FS01\MigData\PC0001

When running this on my machine, it generated a PPKG file of 1.63 GB.

image
The output from running scanstate with the new /drivers switch.

 

Looking into the drivers provisioning package

If you seen my earlier video on create provisioning packages using Windows ICD you know the PPKG file is really just a WIM file, meaning it’s easy to either mount with ImageX/DISM. For most of the provisioning packages, but not all, I have also been able to use 7-Zip to open the file since it can open some WIM files.

As I mentioned before, when running scanstate to capture the drivers on my machine, it generated a PPKG file of 1.63 GB. As I mentioned earlier, in the Windows 10 ADK Technical Preview, the PPKG files that are created are not compressed (don’t know why), but I hope that will change in the released version.

image
The resulting provisioning package.

After mounting the PPKG (WIM) file to E:\Mount, you see the following:

 

image

In the Drivers folder, there is a bunch of subfolders, one folder for every drivers, and also a Driver.xml file holding a list of all drivers.

image

There is a snippet of the Driver.xml file.

image

 

ARM version of USMT

image

/Johan Arwidmark

http://www.deploymentresearch.com/Research.aspx

Kategori: Instruktörernas inlägg Författare: Johan Arwidmark

Cannot mount Windows 10 build 9879 ISO – Easy Fix

14 november, 2014

When trying to mount the Windows 10 Enterprise x64 build 9879 ISO in File Explorer, you may get the following error:

Couldn’t Mount File, Sorry, there was a problem mounting the file.

image

Workaround

This is a known issue when the sparse file attribute (P) is set on the file (9879.0.141103-1722.FBL_RELEASE_CLIENTENTERPRISE_VOL_X64FRE_en-us.ISO).

To make it work, simply make a copy of the ISO, or remove the sparse file attribute from it. Here is a link to a PowerShell function that removes the attribute: http://superuser.com/questions/818303/how-to-mount-an-iso-image-that-windows-8-1-refuses-to-mount

You can check the attribute by viewing the file properties (Details), or by running the following powershell command:

1
(get-item 9879.0.141103-1722.FBL_RELEASE_CLIENTENTERPRISE_VOL_X64FRE_en-us.ISO).attributes

image
Checking attributes in PowerShell.

image
Checking attributes in File Explorer.

/Johan Arwidmark

Kategori: Instruktörernas inlägg Författare: Johan Arwidmark

Lync vNext – Official Info

11 november, 2014

From the link below:

In the first half of 2015, the next version of Lync will become Skype for Business with a new client experience, new server release and updates to the service in Office 365.  We believe that Skype for Business will again transform the way people communicate by giving organizations reach to hundreds of millions of Skype users outside the walls of their business.

The whole story here: http://blogs.office.com/2014/11/11/introducing-skype-business/

/Jimmy Andersson

http://www.jimmytheswede.blogspot.se/

 

Kategori: Instruktörernas inlägg Författare: Jimmy Andersson

TreeUndelete

24 oktober, 2014

A long time ago I wrote a script that restored a whole tree of objects, basically it restored an OU and all objects that belonged to that OU. The first time I showed it was in a session at Microsoft TechDays in Örebro 2010. After that, it served me well over the years, even though it didn’t have error handling and other good stuff. But since I was the only one using it and knew how the script worked – it was ok J

This year I presented at a conference in Åre and showed the script once again. Since people liked it, I wanted to post it somewhere but didn’t feel comfortable since it lacked a lot of features. Getting the time to fix it was hard but my colleague and friend Simon Wåhlin (who has forgotten more about Powershell than I know today) did re-write it and has now published it.

 

If you want to see a cool script, check it out here: http://blog.simonw.se/restore-ou-tree-from-ad-recycle-bin-with-powershell/
/Jimmy Andersson
http://www.jimmytheswede.blogspot.se/
Kategori: Instruktörernas inlägg Författare: Jimmy Andersson

AD ACL Scanner

20 oktober, 2014
  • A tool completly written in PowerShell.
  • A tool with GUI used to create reports of access control lists in Active Directory .

https://adaclscan.codeplex.com/

 

Features

It has the following features:

  • View HTML reports of ACLs and save it to disk.
  • Export ACLs on Active Directory objects in a CSV format.
  • Connect and browse you default domain, schema , configuration or a naming context defined by distinguishedname.
  • Browse naming context by clicking you way around, either by OU’s or all types of objects.
  • Report only explicitly assigned ACLs.
  • Report on OUs , OUs and Container Objects or all object types.
  • Filter ACLs for a specific access type.. Where does “Deny” permission exists?
  • Filter ACLs for a specific identity. Where does ”Domain\Client Admins” have explicit access? Or use wildcards like ”jdoe”.
  • Filter ACLs for permission on specific object. Where are permissions set on computer objects?
  • Skip default permissions (defaultSecurityDescriptor) in report. Makes it easier to find custom permissions.
  • Report owner of object.
  • Compare previous results with the current configuration and see the differences by color scheme (Green=matching permissions, Yellow= new permissions, Red= missing permissions).
  • Report when permissions were modified
  • Can use AD replication metadata when comparing.
  • Can convert a previously created CSV file to a HTML report.
  • Effective rights, select a security principal and match it agains the permissions in AD.
  • Color coded permissions based on criticality when using effective rights scan.
  • List you domains and select one from the list.
  • Get the size of the security descriptor (bytes).
  • Rerporting on disabled inheritance .
  • Get all inherited permissions in report.

System requirements

  • Powershell 2.0 or above
  • PowerShell using a single-threaded apartment

/Jimmy Andersson

http://www.jimmytheswede.blogspot.se/

Kategori: Instruktörernas inlägg Författare: Jimmy Andersson

Saknar du någon av dessa konferenser?

1 oktober, 2014

TechEd, SharePoint Conference, Microsoft Exchange Conference, Lync Conference, Project Conference eller Microsoft Management Summit…

» Eftersom de alla har gemensamt att de blivit nedlagda, dock ej TechEd i Barcelona 2014, så kommer här ett alternativ: Microsoft’s unified technology event for enterprises som hålls i Chicago, IL 4-8 maj 2015. Enligt Microsoft är det: “everything you’ve come to know and love and more”. Nåja, oavsett om man lyckas leva upp till det uttalandet så verkar det lovande… Håll utkik i bloggen framöver så håller vi er uppdaterade när mer information blir tillgänglig!

Chicago

Kategori: Aktuellt Författare: Expero