You are browsing the archive for Windows 7.

Detect if machine has an SSD and report on it thru custom HW inventory

7:18 am in ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, HW inventory, OSD, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM v.Next, SSD, windows 10, Windows 7, Windows 7 SP1, windows 8, windows 8.1 by Kenny Buntinx [MVP]

 

Recently at a client, we needed to provide a report that was listing whether a workstation or laptop had an SSD or a spinning disk. That information had to be fed into the CMDB

Unfortunately, Windows or Configmgr 2012 does deliver out-of-the-box a way to determine a disk is spinning or solid state, and that means the information is not in the registry or WMI.

Dependencies :

Well I tried to find an easy way , and the customer required a solution that was :

– Flexible and dynamic as they where constantly upgrading physical disks to SSD and there CMDB had to be dynamically updated.

– Centrally managed code , meaning that if we needed to change anything to the code , it had to be intelligent enough to update it auto magically to all clients.

– Had to be reliable .

The solution :

– was to use a kind of detection powershell script for the SSD that we grabbed initially from here : “https://gist.github.com/grantcarthew/c74bbfd3eba167cd3a7a#file-test-ssd” but slightly altered it to fit our needs.

– The script was altered to be used with a “compliance Item” and deployed thru a “Baseline” as one of my colleagues Henrik Hoe explains here :  http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/ . By using a CI , you will meet the centrally managed code part , but also the automatically way of updating the detection logic to all clients.

Forget about the old package/program way and then a way to execute the script on regular basis ( That can all be done thru the Baseline deployment)

– The script will be executed and will write a registry value SSD_Detected = 1 or 0 and the baseline will report complaint when it has an SSD detected.

 

<# .SYNOPSIS Detects if the passed Physical Disk Id is a Solid State Disk (SSD) or a spindle disk. Returns true for an SSD and false for anything else. .DESCRIPTION The methods used for detecting are by reading the Nominal Media Rotation Rate and Seek Penalty. These values are measured through method calls into the Kernel32.dll. If either of the Win32 DLL calls return true then the script will return false. If an exception occurs in either of the Win32 DLL calls, the return value will be dependant on the remaining call. .PARAMETER PhysicalDiskId The LUN based physical disk id. #> $Code = @" using Microsoft.Win32.SafeHandles; using System; using System.Runtime.InteropServices; using System.Text; namespace Util { public class DetectSSD { // For CreateFile to get handle to drive private const uint GENERIC_READ = 0x80000000; private const uint GENERIC_WRITE = 0x40000000; private const uint FILE_SHARE_READ = 0x00000001; private const uint FILE_SHARE_WRITE = 0x00000002; private const uint OPEN_EXISTING = 3; private const uint FILE_ATTRIBUTE_NORMAL = 0x00000080; // CreateFile to get handle to drive [DllImport("kernel32.dll", SetLastError = true)] private static extern SafeFileHandle CreateFileW( [MarshalAs(UnmanagedType.LPWStr)] string lpFileName, uint dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile); // For control codes private const uint FILE_DEVICE_MASS_STORAGE = 0x0000002d; private const uint IOCTL_STORAGE_BASE = FILE_DEVICE_MASS_STORAGE; private const uint FILE_DEVICE_CONTROLLER = 0x00000004; private const uint IOCTL_SCSI_BASE = FILE_DEVICE_CONTROLLER; private const uint METHOD_BUFFERED = 0; private const uint FILE_ANY_ACCESS = 0; private const uint FILE_READ_ACCESS = 0x00000001; private const uint FILE_WRITE_ACCESS = 0x00000002; private static uint CTL_CODE(uint DeviceType, uint Function, uint Method, uint Access) { return ((DeviceType << 16) | (Access << 14) | (Function << 2) | Method); } // For DeviceIoControl to check no seek penalty private const uint StorageDeviceSeekPenaltyProperty = 7; private const uint PropertyStandardQuery = 0; [StructLayout(LayoutKind.Sequential)] private struct STORAGE_PROPERTY_QUERY { public uint PropertyId; public uint QueryType; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public byte[] AdditionalParameters; } [StructLayout(LayoutKind.Sequential)] private struct DEVICE_SEEK_PENALTY_DESCRIPTOR { public uint Version; public uint Size; [MarshalAs(UnmanagedType.U1)] public bool IncursSeekPenalty; } // DeviceIoControl to check no seek penalty [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref STORAGE_PROPERTY_QUERY lpInBuffer, uint nInBufferSize, ref DEVICE_SEEK_PENALTY_DESCRIPTOR lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For DeviceIoControl to check nominal media rotation rate private const uint ATA_FLAGS_DATA_IN = 0x02; [StructLayout(LayoutKind.Sequential)] private struct ATA_PASS_THROUGH_EX { public ushort Length; public ushort AtaFlags; public byte PathId; public byte TargetId; public byte Lun; public byte ReservedAsUchar; public uint DataTransferLength; public uint TimeOutValue; public uint ReservedAsUlong; public IntPtr DataBufferOffset; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] PreviousTaskFile; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] CurrentTaskFile; } [StructLayout(LayoutKind.Sequential)] private struct ATAIdentifyDeviceQuery { public ATA_PASS_THROUGH_EX header; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 256)] public ushort[] data; } // DeviceIoControl to check nominal media rotation rate [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref ATAIdentifyDeviceQuery lpInBuffer, uint nInBufferSize, ref ATAIdentifyDeviceQuery lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For error message private const uint FORMAT_MESSAGE_FROM_SYSTEM = 0x00001000; [DllImport("kernel32.dll", SetLastError = true)] static extern uint FormatMessage( uint dwFlags, IntPtr lpSource, uint dwMessageId, uint dwLanguageId, StringBuilder lpBuffer, uint nSize, IntPtr Arguments); // Method for no seek penalty public static bool HasSeekPenalty(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, 0, // No access to drive FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_STORAGE_QUERY_PROPERTY = CTL_CODE( IOCTL_STORAGE_BASE, 0x500, METHOD_BUFFERED, FILE_ANY_ACCESS); // From winioctl.h STORAGE_PROPERTY_QUERY query_seek_penalty = new STORAGE_PROPERTY_QUERY(); query_seek_penalty.PropertyId = StorageDeviceSeekPenaltyProperty; query_seek_penalty.QueryType = PropertyStandardQuery; DEVICE_SEEK_PENALTY_DESCRIPTOR query_seek_penalty_desc = new DEVICE_SEEK_PENALTY_DESCRIPTOR(); uint returned_query_seek_penalty_size; bool query_seek_penalty_result = DeviceIoControl( hDrive, IOCTL_STORAGE_QUERY_PROPERTY, ref query_seek_penalty, (uint)Marshal.SizeOf(query_seek_penalty), ref query_seek_penalty_desc, (uint)Marshal.SizeOf(query_seek_penalty_desc), out returned_query_seek_penalty_size, IntPtr.Zero); hDrive.Close(); if (query_seek_penalty_result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { return query_seek_penalty_desc.IncursSeekPenalty; } } // Method for nominal media rotation rate // (Administrative privilege is required) public static bool HasNominalMediaRotationRate(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, GENERIC_READ | GENERIC_WRITE, // Administrative privilege is required FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_ATA_PASS_THROUGH = CTL_CODE( IOCTL_SCSI_BASE, 0x040b, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS); // From ntddscsi.h ATAIdentifyDeviceQuery id_query = new ATAIdentifyDeviceQuery(); id_query.data = new ushort[256]; id_query.header.Length = (ushort)Marshal.SizeOf(id_query.header); id_query.header.AtaFlags = (ushort)ATA_FLAGS_DATA_IN; id_query.header.DataTransferLength = (uint)(id_query.data.Length * 2); // Size of "data" in bytes id_query.header.TimeOutValue = 3; // Sec id_query.header.DataBufferOffset = (IntPtr)Marshal.OffsetOf( typeof(ATAIdentifyDeviceQuery), "data"); id_query.header.PreviousTaskFile = new byte[8]; id_query.header.CurrentTaskFile = new byte[8]; id_query.header.CurrentTaskFile[6] = 0xec; // ATA IDENTIFY DEVICE uint retval_size; bool result = DeviceIoControl( hDrive, IOCTL_ATA_PASS_THROUGH, ref id_query, (uint)Marshal.SizeOf(id_query), ref id_query, (uint)Marshal.SizeOf(id_query), out retval_size, IntPtr.Zero); hDrive.Close(); if (result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { // Word index of nominal media rotation rate // (1 means non-rotate device) const int kNominalMediaRotRateWordIndex = 217; if (id_query.data[kNominalMediaRotRateWordIndex] == 1) { return false; } else { return true; } } } // Method for error message private static string GetErrorMessage(int code) { StringBuilder message = new StringBuilder(255); FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM, IntPtr.Zero, (uint)code, 0, message, (uint)message.Capacity, IntPtr.Zero); return message.ToString(); } } } "@ # Function CheckSSD($PhysicalDiskId) { #initialize Add-Type -TypeDefinition $Code $hasRotationRate = $true $hasSeekPenalty = $true $driveString = "\\.\PhysicalDrive" + $PhysicalDiskId #Check RotationRate try { $hasRotationRate = [Util.DetectSSD]::HasNominalMediaRotationRate([string]$driveString) } catch { #"HasNominalMediaRotationRate detection failed with the following error;" # $Error[0].Exception.Message $hasRotationRate = $true } #Check SeekPenalty try { $hasSeekPenalty = [Util.DetectSSD]::HasSeekPenalty([string]$driveString) } catch { #"HasSeekPenalty detection failed with the following error;" #$Error[0].Exception.Message $hasSeekPenalty = $true } # Only return true if the disk has no rotation rate or no seek penalty. If ($hasRotationRate -eq 0 -and $hasSeekPenalty -eq 0) { #SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 1 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 1 } Else { #No SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 0 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 0 } } #initialize #Default No SSD detected $ResultCheckSSD=0 #check disk 0 Try { $ResultCheckSSD=CheckSSD(0) return $ResultCheckSSD } Catch { #error then no SSD detected $ResultCheckSSD=0 }

– We will pick the value up later with a custom registry key hardware inventory extension and use that in our reporting later on. For more details on how to do it : https://technet.microsoft.com/en-us/library/gg712290.aspx

 

Hope it Helps,

Kenny Buntinx

MVP Enterprise Client Management

CM12 OSD : HP Zbook 17 is failing during OSD and is giving bluescreens all the way.

8:45 am in CM12, CM12 R2, CM12 SP1, OSD, wdf, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

 

Today we had a failing HP Zbook 17 and we where not able to do OSD staging on it . It remembered me at a blog post 6 months ago on an update called KB2685811 at http://support.microsoft.com/kb/2685811 to update the Kernel-Mode Driver Framework to v1.11

What it is – The Windows Driver Frameworks (WDF) is a set of libraries that you can use to write device drivers that run on the Windows operating system. WDF defines a single driver model that is supported by two frameworks: Kernel-Mode Driver Kernel Mode Driver Framework (KMDF) and User-Mode Driver Framework (UMDF). KMDF\UMDF are provided by Microsoft to allow component drivers to leverage the framework to minimize what is needed to be included with the driver.  This is great for the IT Professional until a driver is written to a specific version of the KMDF\UMDF which your system may not currently support.  This happened previously with Windows Vista and is now being seen on some Windows 7 systems that do not have the 1.11 version of KMDF and the 1.11 version of UMDF

Why you need them – Without these there is a potential of experiencing a failure in you Windows 7 OS Deployment process\ seeing devices in Device Manager that you know have drivers available to them, but aren’t properly installed. To ensure this does not happen you should update your base image with KMDF 1.11 and UMDF 1.11 to make sure that current and future drivers will be installed properly. Dell – HP – Lenovo are delivering more and more drivers released on the latest WDF framework !

Now here is the “gotcha”, in order for this to work for OS Deployments, you have 2 options based on Dustin Hedges blog called http://deploymentramblings.wordpress.com

– Build a brand new WIM file and inject the hotfix (using DISM). Then import that WIM back into SCCM for deployment, test, retest, retest, deploy to production. Apply the update using DISM: cmd.exe /c X:\windows\system32\dism.exe /ScratchDir:%OSDisk%\Scratch /Image:%OSDisk%\ /Add-Package /PackagePath:%_SMSTSMDataPath%\Packages\\Windows6.1-KB2685811-x64.cab

– Package it up and inject it offline during your existing deployments, see the following blog post at  http://deploymentramblings.wordpress.com/2013/10/24/osd-injecting-the-windows-7-kernel-mode-driver-framework-kmdf/

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client management

Deploying a Windows 7 MUI machine based on a "Hybrid MUI image" within Configmgr 2012

7:48 am in ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, ConfigMgr V.next, Deployment, deployment types, detection methods, MUI, OSD, sccm, SCCM 2012, SCCM 2012 SP1, SCCM v.Next, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

 
This post and subsequent posts will be a step by step on how to build a Hybrid base Windows 7 ( yes , I know that everyone should rollout the new fancy Win 8 Winking smile ) image in Configmgr 2012 and use that image as a base to deploy it in your company. I will be outlining not necessarily pointing out every click. Hopefully others will find this helpful. This assumes an understanding of Configmgr 2012 and uses what is referred to as a “Hybrid Image Strategy”.

 

In this post I’m going to outline how to handle multiple languages in a Windows 7 Enterprise deployment. Windows 7 Enterprise comes natively as a MultiLanguage User Interface type OS to which you can add on Language Packs. A language pack allows user to change the interface display language of Windows’ dialog boxes, menus and other text to the selected language. You can download/install them in a few different ways.

They take a long time to install and in our scenario it’s better to integrate them into your hybrid base .WIM image.

For this example, we’re going to configure and capture an OS image with the Dutch language pack installed. The reason why we use the Windows 7 base OS in English is :

  • Scripting in native English language. This means creating one script for all workstations in the enterprise .
  • One Worldwide image per platform (x64 or x86) , otherwise we would deploy a windows 7 professional English , Dutch and French as a native OS , meaning 1 image per language
  • Windows security updates Patching could be limited to English , which will reduce time and effort to test/build everything .

    The first step is build the hybrid image and to get a copy of the Language pack you need; these are a little hard to get a hold of but it’s because of the licensing requirement. You can get  a copy of the language pack :

  • Through your Microsoft support via MVLS
  • The Windows 7 language packs are available via Windows Update as optional update.
  • Windows 7 SP1 MUI language packs are released as KB2483139. All language packs (MUI) of Windows 7 SP1 in DVD ISO format from MSDN and TechNet Subscriber Downloads.
  • For people who wants to download the MUI language packs for Windows 7 SP1 only from official source, here’s the direct download links for most of both 32-bit (x86) and 64-bit (x64) Windows 7 SP1 MUI language packs from Microsoft’s Windows Update server.

    Download Official 32-bit (x86) Windows 7 SP1 MUI Language Packs

    Arabic: windows6.1-kb2483139-x86-ar-sa_5add6e4a36127029d431ba98d99708c44ef9b53f.exe
    Bulgarian: windows6.1-kb2483139-x86-bg-bg_a8a5013e477366119cfdc5fbda43b904755db450.exe
    Chinese (Simplified): windows6.1-kb2483139-x86-zh-cn_ae61ea226215f96fc95be33201ffc96755ac7eb5.exe
    Chinese (Traditional): windows6.1-kb2483139-x86-zh-hk_411a6bb68728f12f5ced712d9a33fee9ebe0b0b3.exe
    Danish: windows6.1-kb2483139-x86-da-dk_67fecaab0a940e2e537bc8dcd8a9ebb8ab4ed102.exe
    Dutch: windows6.1-kb2483139-x86-nl-nl_b7e1c3046b218fb45a665ab5f5ed8a5ea8125760.exe
    English: windows6.1-kb2483139-x86-en-us_783d6dd59e2ec8fb0995a059c9c121795bde46c8.exe
    Finnish: windows6.1-kb2483139-x86-fi-fi_5259ca6a22a981dbdee352dde5b8e65c2fddd407.exe
    French: windows6.1-kb2483139-x86-fr-fr_f57427487dfc2f49da67cac22480ab1f48983d22.exe
    German: windows6.1-kb2483139-x86-de-de_acb9b88b96d432749ab63bd93423af054d23bf81.exe
    Italian: windows6.1-kb2483139-x86-it-it_1d54a8d0047674fc1b5b6f41292a0074d9fe3cc5.exe
    Japanese: windows6.1-kb2483139-x86-ja-jp_bc46078938ae9129c7ce86a9c176fa517e4c0a3d.exe
    Korean: windows6.1-kb2483139-x86-ko-kr_18f213428cc6fde96d8c76c6dd91446348e86ce6.exe
    Norwegian: windows6.1-kb2483139-x86-nb-no_5bd6fc76ad54b7a232d4ceb4a5f5c7c366bf90b6.exe
    Polish: windows6.1-kb2483139-x86-pl-pl_c460a8c1392d7f3d35d1c0b37e56017d3552d245.exe
    Portuguese (Brazil): windows6.1-kb2483139-x86-pt-br_6e1d337b2fd56669d461e82601aa51004fecbd24.exe
    Portuguese (Portugal): windows6.1-kb2483139-x86-pt-pt_5cc92ef98ed177b2f6bbae3a0420ee2f12764fab.exe
    Russian: windows6.1-kb2483139-x86-ru-ru_6532a8f36ad7d15277d5d60da92555f0fbee4daa.exe
    Spanish: windows6.1-kb2483139-x86-es-es_6aef75f7d83edaabc2a921a6b157cc7005628286.exe
    Swedish: windows6.1-kb2483139-x86-sv-se_bd65af75e8995bd865d93c8d8c8a35091499083f.exe

    Download Official 64-bit (x64) Windows 7 SP1 MUI Language Packs

    Arabic: windows6.1-kb2483139-x64-ar-sa_f07f2cc7b55b17076eebceea2c2c2826b08b8f63.exe
    Chinese (Simplified): windows6.1-kb2483139-x64-zh-cn_2c1884b4fdf6c8e91986369d88bbcaae01c6f187.exe
    Chinese (Traditional): windows6.1-kb2483139-x64-zh-hk_285282b1e2f750eeed91466918443b657968d977.exe
    Danish: windows6.1-kb2483139-x64-da-dk_d753d19cc1a0fe95aef21548193393c04a6a8024.exe
    Dutch: windows6.1-kb2483139-x64-nl-nl_12c90c70d408b08f51f500d6e974878a5d662398.exe
    English: windows6.1-kb2483139-x64-en-us_9b9c8a867baff2920507fbf1e1b4a158572b9b87.exe
    Finnish: windows6.1-kb2483139-x64-fi-fi_223465e1b382484d1d82f8f2ccfcd9ed2f902c76.exe
    French: windows6.1-kb2483139-x64-fr-fr_0f18e2a244dd9ff04664112a82776d2bd2177798.exe
    German: windows6.1-kb2483139-x64-de-de_4f4ce6bd38530b4a02199172863b21a0cba13773.exe
    Italian: windows6.1-kb2483139-x64-it-it_6d8223c065d6974d833d0eaa162f3ceb7680850f.exe
    Japanese: windows6.1-kb2483139-x64-ja-jp_aeaf7e9b0b6c2173bf757330017a7f655f1f8715.exe
    Korean: windows6.1-kb2483139-x64-ko-kr_0ea76f748e3d5309d568147ad1337b2664090944.exe
    Norwegian: windows6.1-kb2483139-x64-nb-no_78df68604970041a6337b4058a3e5339f79e50b4.exe
    Polish: windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe
    Portuguese (Brazil): windows6.1-kb2483139-x64-pt-br_f8035731c55d774c95c7c673aedfd42d52479294.exe
    Portuguese (Portugal): windows6.1-kb2483139-x64-pt-pt_78485491088298110a3e78b7a5f95e55ff7808df.exe
    Russian: windows6.1-kb2483139-x64-ru-ru_0587eb296a2f04e0d3699650d39b53ee18b97a79.exe
    Spanish: windows6.1-kb2483139-x64-es-es_fdbdf4061b960324efb9eedf7106df543ed8ce33.exe
    Swedish: windows6.1-kb2483139-x64-sv-se_81051fe3083afdb4f2d1d23752c587de9bb35025.exe

    With those language packs downloaded , we going to create a “Hybrid Base OS” task sequence which will build and capture a VM (Vmware, Xen or Hyper-V –> HAL independent) from a setup.exe Windows 7 SP1 enterprise setup files, and add the following components:

  • Create a great unattended xml file to automate . –> See also http://scug.be/sccm/2010/02/02/sccm-windows-7-deployments-amp-unattended-xml/
  • Create a few Task sequence variables to identify the machine and do some branding.
  • My MUI packs I want to integrate. I add my Dutch Language pack install. That will produce a hybrid .WIM with the language pack integrated.
  • Latest .NET Framework 3.5 SP1 and 4.0 . If you really want , .NET 4.5 should work as well
  • Windows Management Framework 3.0  = KB2506146 or KB2506143 ( Attention : There are few code defects but a toxic issue with using ConfigMgr 2012 RTM  – It is FIXED with ConfigMgr 2012 SP1 –> Only install if you have SP1 !! )
  • All the various Visual C++ Runtime Libraries (2005 SP1 , 2008 SP1, 2010 SP1 )
  • All the various Visual C++ Report Viewers (2005 SP1 , 2008 SP1, 2010 SP1 )
  • Internet explorer 9 ( or 10 when it releases for Windows 7 )
  • All current Patches
  • Optional : Office 2007 / 2010 / 2013 MUI . My advise is only to incorporate Office x if you only have one version of Office thru your Enterprise . Meaning Office ProPlus for everyone and no mix !

    The Task Sequence itself will look like this :

    1 (2)

  • 1) Import Windows 7 SP1 x64 enterprise as an Operating System Install Package and add it to a Distribution point.
  • 2) Create a Windows 7 SP1 x64 Unattend.xml package in Configmgr ( yes a package as there is no way to handle it as an application ) and add it to a Distribution point. An example of a good unattend.xml file could be found here : http://scug.be/sccm/2010/02/02/sccm-windows-7-deployments-amp-unattended-xml/

    Make sure you have the following lines adapted as shown below . It will help you later to build a great machine that will meet your language criteria .

  • 3) Create a package and Program for your Windows 7 SP1 MUI language packs. Create one for X64 and one for X86 (if you need to support 2 HW platforms). An example of a how to build the Windows 7 SP1 MUI language packs package could be found here :

     

  • 4) Create four (4) OSD collections and set your collection variables accordingly :

    200

    Define the following variables accordingly :

  • OSDInputLocale = EN-US
  • OSDSystemLocale = EN-US
  • OSDUILanguage = EN-US
  • OSDUILanguageFallback = EN-US
  • OSDUserLocale = EN-US
  • Capture = YES
  • OfficePreinstall = YES
  •  

    201image

     image image

     

  • 4) Create a “Build and capture” task sequence :

     

        • Name the task sequence something appropriate like “Build & Capture Windows 7 SP1 X64 Hybrid Image”
        • Select the x64 boot image
        • Create a “Disk Format and Partition” step and choose properties on the Default (Primary) partition and check the “Quick Format” option
        • Select the Operating System Package you created in step 1 and specify your unattend.xml file you created in step 2
        • Set the local admin password to blank ( needed for sysprep to work )
        • Join a Domain and use a domain join account for security reasons. An example of a how to create a domain join account could be found here : http://scug.be/sccm/2008/10/20/configmanager-osd-joining-machines-to-a-domain-and-its-security/
        • Select the ConfigMgr 2012 client that is already available in Configmgr 2012
        • Create a few Task sequence variables to identify the machine and do some branding. We will use that later to create our automatic  naming when we are capturing the image.
          • Set “OSDModel for VMware" when the following query is true “select * from Win32_ComputerSystem WHERE model like ‘%VMware%’ “

          300

          • Set OSDARCHITECTURE=”X64"

          302

          • Set OSDVERSION=”Windows 7"
          • Set OSDREVISION=”SP1

     

    2 (2)

     

        • Windows Management Framework 3.0  = KB2506146 or KB2506143 ( Attention : There are few code defects but a toxic issue with using ConfigMgr 2012 RTM  – It is FIXED with ConfigMgr 2012 SP1 –> Only install if you have SP1 !! )
        • All the various Visual C++ Runtime Libraries (2005 SP1 , 2008 SP1, 2010 SP1 )

    4

    3 (2)

     

        • Optional : Office 2007 / 2010 / 2013 MUI (Remember the task sequence variable we have set at collection level !)

    303

        • All current Patches –> setup SU
        • Set your image properties and Capture settings
        • Select a location to save the image and make sure you include the full path including the .wim extension

    Capture Without Office : (Remember the task sequence variable we have set at collection level !)

    304

    image

    Capture With Office : (Remember the task sequence variable we have set at collection level !)

    306

    image

        • Enter an account with rights to write to the share
        • Finish up

    5) Deploy your “Build and capture” task sequence to a VMware , XEN or Hyper-V VM : Look here how to do it for VMware : http://scug.be/sccm/2010/02/03/sccm-deploying-windows-7-on-a-vmware-esx-environment-howto/

    Create your deployments (advertisements) accordingly :

    402

     

    Stay tuned for Part 2 , where we will deploy the Hybrid image ( that we just created)  for full deployment..

    Hope it Helps

    Kenny Buntinx

    How to Install Windows 7 Language packs online during OSD Task Sequence (or in your Hybrid base image)

    7:27 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr 2012 SP1, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, language Packs, MUI, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM 2012 SP1, sccm2007, Task Sequence, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

     

    Windows 7 language pack setup, lpksetup, includes parameters to support a managed installation.  I successfully tested the following from the command prompt:

    lpksetup.exe /i nl-NL /p . /r /s

    I created and advertised a program with this command line, but it quickly failed on a windows7 x64. 

    1

    The test system returned an error status message, ID 10003: “An error occurred while preparing to run the program for advertisement….  The operating system reported error 2147942402: The system cannot find the file specified.”

    Execmgr.log contained the following:

    File C:\Windows\SysWOW64\CCM\Cache\…\lpksetup.exe is not a valid executable file
    Invalid executable file lpksetup.exe

    It turns out that lpksetup.exe on Windows 7 64-bit is a 64-bit-only process so with WOW file redirection in a 32-bit process C:\Windows\System32 redirects to C:\Windows\SysWOW64, which does not contain lpksetup.exe.  So I altered the ConfigMgr program command line to:

    %WinDir%\SysNative\lpksetup.exe /i nl-NL /p . /r /s

    3

    Using the SysNative alias allowed the language pack to be successfully installed on Windows 7 64-bit from a ConfigMgr advertised program or Task Sequence.

    The Language Packs are installed successfully as i can choose the installed languages after the installation.

    I have got this valuable information from Aaron Czechhowski at http://blogs.technet.com/b/aaronczechowski/archive/2011/12/18/deploying-windows-7-language-packs-via-configmgr.aspx

    Hope it Helps ,

    Kenny Buntinx

    Configuration Manager 2012: Select a Preferred Deployment when deploying via unknown computer support

    1:16 pm in CM12, ConfigMgr 2012, ConfigMgr V.next, OSD, PXE, sccm, SCCM 2012, SCCM v.Next, System Center, Task Sequence, V.next, Windows 7 by Kenny Buntinx [MVP]

    Hi there ,

    Today a customer requested an interesting scenario about selecting a preferred deployment when deploying multiple TS to a single collection:

    Scenario:

    You have made a few task sequences available thru PXE boot and enabled unknown computer support . You set all your deployments to available , not required.
    When you start your OSD deployment , you will see the few task sequences sitting there and waiting . This is a correct behavior.

    The customer likes to see the following behavior:

    – one of the task sequences made available will be started automatically after 30 seconds  if none of the other TS are selected.

    This will help them to avoid the import computer information part as they stage thousands of machines over one weekend and there process is that the computer name is generated from their CMDB tool after the mac address and serial number is scanned. Then we extract that information and push it into TS variables.

    Solution:

    You can define a deployment in a prestart command that overrides existing deployments to the destination computer. Use the SMSTSPreferredAdvertID task sequence variable to configure the task sequence to use the specific Offer ID that defines the conditions for the deployment.

    More interesting info on John Vintzels blog at http://blogs.technet.com/b/inside_osd/archive/2010/06/07/v-next-beta-1-feature-select-preferred-deployment-from-pre-execution-hook.aspx

    Hope it Helps ,

    Kenny Buntinx

    Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

    9:03 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, DISM, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, WAIK, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

    1. Download your patches to a folder

    You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

    • First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

    • Then run the procedure below for WSUS patch extraction :

    Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

    Run the auto-filter and filter on “Downloading” in column “G”

    Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

    We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

    Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

    We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

    Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

    Drag the formula to below , select column A , select all and copy it

    Open notepad , paste the text and save as “getpatch.cmd”

    Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

    Copy your downloaded patches to the location you need them

     

    2. Applying the offline patches to the windows 7 media

     

    Open up a WINPE command prompt via the WAIK.

    Run the following commands in the following sequence .

    Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

    clip_image002

    Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

    clip_image004

    dism /commit-WIM /Mountdir:F:\DISM\temp

    clip_image006

    dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

    clip_image008

     

    3. What if you get an error applying the offline patches?

     

    It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

    However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

    clip_image010

    To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

    clip_image012

    When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

    You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

     

    4. Import the image in SCCM or MDT

     

    After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

    After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

    When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

     

    Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

     

    Hope it Helps ,

     

    Kenny Buntinx

    ConfigMgr: Application Virtualization 4.6 SP1 is now supported on Configuration Manager 2007 R2/R3 with Configuration Manager 2007 SP2

    5:51 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

    System Center Configuration Manager 2007 R2 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Client for Remote Desktop Services.

    This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1.

    The following are the limitations and workaround to import App-V packages using Configuration Manager :

    Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package.

    No software updates are required.

     

    Hope it Helps ,

    Kenny Buntinx

    ConfigMgr : Windows 7 SP1 and Windows Server 2008 R2 SP1 now Supported

    5:47 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, R3, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

    Configuration Manager 2007 SP2, R2 and R3 supports Windows 7 SP1 and Windows Server 2008 R2 SP1:

    System Center Configuration Manager 2007 SP2, R2 and R3 now supports the Windows 7 SP1 and Windows Server 2008 R2 SP1 operating systems for client installation. The Configuration Manager console and branch distribution point are supported on these platforms. Windows Server 2008 R2 SP1 is supported for all core and feature-specific site system roles.

    The following software update is required to add Windows 7 SP1 and Windows Server 2008 R2 SP1 to the Supported Platforms list:

    • KB 2489044 – Update rollup for System Center Configuration Manager 2007 SP2 to add support for Windows Server 2008 R2 SP1 and Windows 7 SP1 clients
    • KB 977203 – User state migration is unsuccessful on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client

     

    Hope it Helps ,

    Kenny Buntinx

    Configmgr 2007 and how to automate Windows 7 Backup Activation thru a task sequence

    11:43 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, Deployment, Installation, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Task Sequence, Windows 7, Windows 7 SP1 by Kenny Buntinx [MVP]

    One of my customers is using a GHOST principle on their laptops, to restore an original image from a restore partition. This partition is right now visible for the end user. Now that we are migrating towards SCCM we want to do the same thing thru Configmgr.

    To accomplish this, we only focus on the integrated windows 7 backup tools as they have a native build in wizard to restore as well .

    Scenario to accomplish :

    1. We want to do a full backup at the end of the deployment task sequence , including the standard applications and save it locally. This one allows you to restore the machine as it was at the end of the task sequence.
    2. We want to let any user restore that image on an easy way with helpdesk support . Mainly this scenario is for end users that are sitting somewhere in the “bush bush” and no direct connection to a nearby office .
    3. We want to schedule for those kind of users a backup when he is working on his machine , based on VSS technology . ( impossible with ghost ).

    Steps to accomplish the scenario :

    First of all I want to thank Kim Oppalfens and George Simons ( both MVP ConfigMgr ) for helping me accomplish this scenario. We had some offline discussions to accomplish this scenario and it is not yet perfect .

    The initial process we have in mind during the Operating system deployment phase when we stage an image to a machine for a user:

    1. Creating the necessary partitions :

    • System partition (+/- 500 mb) that will hold the bootloader (think of Bitlocker ) and the WINRE environment. ( hidden )
    • C:\ OS partition
    • D:\ Data partition
    • E:\ IMAGE system image backup partition (drive letter will be removed in the process)

    2. Create local admin user f.e. RECOVERY and added the local admins group. We have tested this with a power user or backup operator , however you need local admin rights to restore the image. For security purposes we investigate later to have a daily/weekly/monthly password changer based upon an algorithm.

    3. Run the windows 7 built-in WBADMIN tool, with the following parameters : “wbadmin START BACKUP –BackupTarget:E: -include:c: -AllCritical –Quiet”

    4. Remove drive letter of the “Image”Partition , in this case E:\ 

     

    We don’t care about hiding the volume. Standard users have no permissions to reassign a drive letter, and hence won’t be able to see or use the partition. That is more than enough for us. Hiding the partition just complicates matters for us from an admin perspective.

    The additional process we could have in mind is to send down a task sequence to back up his system when a user requests it. This could be performed with or without  any user interaction.

    Task Sequence example :

    </group>
          <group name="Backup" description="">
            <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Admin Recovery User" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
              <action>smsswd.exe /run: net user recovery Helpdesk123 /add</action>
              <defaultVarList>
                <variable name="CommandLine" property="CommandLine" hidden="true">net user recovery Helpdesk123 /add</variable>
                <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
                <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
                <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
              </defaultVarList>
            </step>
            <step type="SMS_TaskSequence_RunCommandLineAction" name="Add Recovery User to Local Admin" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
              <action>smsswd.exe /run: net localgroup "Administrators" recovery /add</action>
              <defaultVarList>
                <variable name="CommandLine" property="CommandLine" hidden="true">net localgroup "Administrators" recovery /add</variable>
                <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
                <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
                <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
              </defaultVarList>
            </step>
            <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Backup" description="" timeout="1200" runIn="WinPEandFullOS" successCodeList="0 3010">
              <action>smsswd.exe /run: wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</action>
              <defaultVarList>
                <variable name="CommandLine" property="CommandLine" hidden="true">wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</variable>
                <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
                <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
                <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
              </defaultVarList>
            </step>
            <step type="SMS_TaskSequence_RunCommandLineAction" name="Hide Drive Letter" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
              <action>smsswd.exe /run: Mountvol e: /D</action>
              <defaultVarList>
                <variable name="CommandLine" property="CommandLine" hidden="true">Mountvol e: /D</variable>
                <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
                <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
                <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
              </defaultVarList>
            </step>
          </group>

    End user experience :

    1.When your Windows 7 machine gets broken it will automatically jump to the window shown below , otherwise Press F8 during boot :

    image

    2. When you start “Repair your computer” , WinRe will start up .

    image

    3. Once “WinRe”is loaded it will ask for your keyboard layout :

    image

    4. Fill in your credentials

    image

    5. Select “System Image Recovery”

    image

    6. Select the image that you want to restore and wait until the process has been completed .

    image

     

    Remarks / Improvements to make :

    1. The complete process works only once with a hidden drive letter…….until you do the restore. After the restore the drive letter is back and then a user could mess around and delete stuff. I have tried to remove the driveletter before running wbadmin , but I have no success to use the GUID as my drive is MBR and not GPT. Anyway the basic principle works .
    2. User security : We need a algorithm to change the custom local admin restore user  on a daily/weekly/monthly basis as a default password just isn’t secure enough .
    3. Now I am testing to get a function key on a Lenovo to do his magic ( Press F5 and it launches auto magically the recovery environment ) . More on that in a later blog post .

     

    Hope it Helps ,

    Kenny Buntinx

    Configmgr 2007 OSD : Using Lenovo Update Retriever to install all your drivers without importing them in the ConfigMgr driver catalog

    11:00 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, Drivers, Installation, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, script, Task Sequence, Windows 7 by Kenny Buntinx [MVP]

    Did you also think that driver management  in OSD could be more simplified ? For example when you have Lenovo devices , you need to also install a lot of “bad” drivers en also in a very specific way or features such as “hotkeys”does not work .Let’s look at the process right now:

    1. Search drivers from the internet manually

    2. Unpack them in a correct folder structure

    3. Import drivers and categorize

    4. Handle duplicate drivers

    Problems often seen :

    1. Not all drivers work with the import ( there are drivers that simply do not work with the export method , they need to run thru setup.exe ) HP is a king in that area with the sound card & Quick launch buttons. This means that the admin need to create packages , programs and multiple steps in the TS to let it work.

    2. For getting some drivers you need to install the vendor msi on your test laptop , go to the install folder and find the extracted drivers there.After that you could import.

    3. HP & Lenovo needs certain additional software such as HP quick launch , HP power manager , Lenovo Hotkeys , Lenovo think vantage , etc . A lot of those packages needs to be installed in a very specific order or it just don’t work .

    4. You test your deployment and damn it seems you forgot 2 drivers . Find out by HWguid , download and import again …

     

    Lenovo Update Retriever – Thinstaller solution :

    If you don’t want to spent hours on searching, downloading and importing drivers for you LENOVO computer when going to build a Win7 image , read on . I have found a better way to accomplish this with thanks to Karel Serroels.

    It normally takes so much time for an admin , while with the HP / IBM solution it is a 5 minutes job per HW model :

     

    1. Install and run the Lenovo update retriever, select your model and software /drivers you want to install , download the drivers into a pre-defined file share . Nice , quick and easy .

    2. Create a package with the Lenovo Thinstaller source files , copy the Lenovo Thinstaller files to the local disk & run it thru your TS

     

    The advantage here is that I as an admin does not need to worry about the right install sequence , prerequisites , number of needed drivers or even OS type .The Thinstaller tool will do it for you .

    Prerequisites :

    Get the following software’s online from the Lenovo site as you will need it

    1. Link thininstaller: http://www-307.ibm.com/pc/support/site.wss/TVAN-ADMIN.html#ti
    2. Link update retriever: http://www-307.ibm.com/pc/support/site.wss/TVAN-ADMIN.html#ur

     

    Step 1 : Install Lenovo Update Retriever on your server and follow instructions to create a share for the repository , etc .

    image

    Step 2 : Launch the Lenovo Update Retriever and select your Model an Operating System. Download all files to the repository.

    image

    Step 3 : Modify your Task Sequence and add Run Thinstaller Trustzone. It needs to work with Dot.net 2.0 .

    If you run Lenovo Thinstaller via Configuration Manager task sequence , you cannot run the installation program, because it is a .NET executable and the default policy is to disallow running it from a network share or distribution point. You must therefore change the  following ipadress and sharename with the one from your environment!

    image

    Step 4 : Create the Lenovo thinstaller package in Configuration Manager.

    image

    Step 5 : Copy the Lenovo Thinstaller directory to C:\Windows\Thinstaller

    image

    Step 6 : Run Thinstalle with the following commend line . You must therefore change the  following ipadress and sharename with the one from your environment!

    image

    Step 7 : Remove the Thinstaller source files . Do a nice cleanup .

    image

     

    There you go .. The only disadvantage from using this , is the fact that your sourcefiles need to be always to one spot . You can solve this by using Sysvol , DFS or other technologies . However , Most companies have a team that will build the initial image on site and than replicate the images across the company .

    Hope it helps ,

    Kenny Buntinx.