Recently I have completed a very large and challenging Windows deployment project for one of the world's largest Liquid Natural Gas producer.
The project target: to enhance user's experience, lower Desktop's TCO and increase the IT's SLA.
The process included the following requirements:
- A single image that supports 17 hardware types (Desktops and Laptops)
- Identify computer hardware (Desktop and Laptop) and place computer object in Desktop OU or Laptop OU respectively
- Change the Active's Directory user's roaming profile path to a new path
- A single fully automated process that supports the following scenarios:
- Upgrade current Operating System with the new OS (in-place upgrade)
- Deploy OS to a new computer - computer account is not in Active Directory
- Deploy OS on a computer - existing computer account in Active Directory
- Migrate a selected user list (dynamic per computer - via profile time stamp)
- Remove old Icons and shortcuts from user's desktop
- If it is an old computer hardware - skip USMT data capture and restore
- Install Applications by hardware model
- And a few other
The challenge:
- Everything must work in true full automatic mode
- No out of box deployment solutions (SCCM, MDT and WDS) products provides a full automatic True Zero Touch Installation for the whole process
The solution
The solution is a complete automatic process - True Zero Touch Installation (TZTI) process that includes all the elements, tasks, and commands that previously some of them had to be run manually.
TZTI process procedure drives SCCM 2007 SP2 R2, MDT 2010, WDS and PXE software products and a modified Task Sequence.
This smart solution enabled the customer to meet its project targets and significantly lower the project's cost.
The info refers to the following Operating Systems:
Windows 7 (64bit), Window 7 (32bit), Windows XP Pro SP3 (32bit)
Following is the full deployment process
High Level Deployment steps
Main steps for running True Zero Touch Installation deployment process
Bold Italic commands are additional commands or modified commands to enhance original process to True Zero Touch Installation (TZTI) process
Preparations
- Run user level custom backup
Run Computer level custom backup
Customized Task Sequence Steps
1. Uninstall the Anti-virus program
2. Remove old application icons and shortcuts
3. Capture User State with USMT with custom XML files with WMI model exceptions
4. Restart computer
5. Run computer level custom backup program
6. Boot and start Windows PE session
7. Deploy Reference Computer WIM file
8. Apply Windows customized settings
9. Check if new computer hardware is Desktop or Laptop and apply respective Network settings
10. Apply drivers
11. Apply special hard disk driver for a specific Laptop
12. Install SCCM Client
13. Move existing computer account Desktop or Laptop to respective new OU
14. Wait for AD Sync
15. Restart computer
16. Install software updates
17. Restore User State (USMT) with custom XML files with WMI model exceptions
18. Apply software for a specific hardware model
19. Change the WS users Profile path to New User Path
20. Run GPUpdate to apply all Policies
21. Run Plug and Play discovery
22. Install Anti-Virus program
Detailed info for the deployment process
1.1 Preparations
1.1.1 Custom user backup
This step executes the following
- Backup the current logged on user's data
- Back user's files in delta mode settings
- Save data locally - save data on local per user
Run this application as a SCCM Package
- SCCM Package name: BackupUserInDeltaMode
- Program name: BackupUserInDeltaMode
- run in silent mode with no notification
- The command is a compiled EXE file
- Source code type: SMS Installer
- Source file name: BackupUserInDeltaMode.ipf
- Special note: this command must run with Admin privileges with ‘Run as' settings selected and configured
1.1.2 Backup local data to a network location
This step executes the following
- run a customized backup app to a network share
- The customize backup is saving the following data:
- User level
- WS level - not related to users
- c:\general-dir
- creates user list and copy it to C:\ _SMSTSequence
(to be used later to change user's profile path)
- Other local directories
- Backup target:<Backup-Server>\<target path>\<ComputerName>\
Target server depends on Workstation's Active Directory Site membership for all relevant global sites
Run this application as a SCCM Package
- SCCM Package name: BackupLocalDataInDeltaMode
- Program name: BackupLocalDataInDeltaMode
- run in silent mode with no notification
- The command is a compiled EXE file
- File name: Backup users data.EXE
- Source code type: SMS Installer
- Source file name: BackupLocalDataInDeltaMode.ipf
- Special note: this command must run with Admin privileges with ‘Run as' settings selected and configured
1.2 Detailed Customized Task Sequence steps
1.2.1 Uninstall the Anti-virus
This is an additional command to the original Task Sequence
This step executes the following:
- Uninstall Anti-Virus
- TS step type: Command line
- The command is a batch file
- File location: MDT2010 Script directory \MDT Files\Scripts
- File name: RemoveAV.bat
- Timeout: 6 minutes
1.2.2 Remove old application icons and shortcuts
This is an additional command to the original Task Sequence
This step executes the following:
- Remove old Program Files net short cuts and other old desktop icons
- Remove ALLUSERS common icons
- TS step type: Command line
- The command is a compiled EXE file
- File name: Remove shortcuts.EXE
- Source code type:SMS Installer
- Source file name: Remove shortcuts.ipf
1.2.3 Capture User State with USMT with WMI model exceptions
This is an additional command to the original Task Sequence
This step executes the following (in high level):
- Capture user state with USMT
- Skip this stage if it is HP D510 or D530
Detailed steps:
- Capture user state with USMT SCCM package with modified USMT XML
- Skip this stage if it is HP D510 or D530 by identifying the computer model type via a WMI Query:
select * from Win32_ComputerSystem WHERE model <>"HP D510 SFF"
select * from Win32_ComputerSystem WHERE model <> "HP D530 SFF"
1.2.4 Restart computer
This step executes the following:
This step use standard TS computer reboot command to provide the next step (backup) a clean user environment with no user's locked file
1.2.5 Run computer level custom backup program
This is an additional command to the original Task Sequence
This step executes the following
- run a customized data backup to a network share
- The customize backup is saving the following data:
- o User level
- o WS level - not related to users
- c:\general-dir
- creates user list and copy it to C:\ _SMSTSequence
(to be used later to change user's profile path)
- Other local directories
- Backup target:<Backup-Server>\<target path>\<ComputerName>\
Target server depends on Workstation's Active Directory Site membership for all relevant global sites
Run this application as a SCCM Package
- SCCM Package name: BackupLocalDataInDeltaMode
- Program name: BackupLocalDataInDeltaMode
- run in silent mode with no notification
- The command is a compiled EXE file
- File name: Backup users data.EXE
- Source code type: SMS Installer
- Source file name: BackupLocalDataInDeltaMode.ipf
- Special note: this command must run with Admin privileges with ‘Run as' settings selected and configured
1.2.6 Boot and start Windows PE session
This step executes the following:
- Boot the workstation to Windows PE OS session with customized background and all NIC drivers
- TS type: Restart Computer
1.2.7 Deploy Reference Computer WIM file
This step executes the following:
- Deploy the reference Windows OS WIM image
- TS step type: Apply Operating System Image
1.2.8 Apply Windows customized settings
This step executes the following:
- Apply customized Corp windows setting
- TS step type: Apply Windows Settings
- In User Name box: type Corp User
- In Organization name box type Corp Name
- In product key box type the license key (or blank for KMS activation)
- Select "Enable the account......."
- Type the local admin password
- Select Time zone i.e: (UTC) Dublin, London
1.2.9 Check if new computer hardware is Desktop or Laptop and apply respective Network settings
This is an additional command to the original Task Sequence
This step executes the following:
- Place a nonexistent computer account in the domain in a pre-designated OU
according to hardware type (Desktop or Laptop)
(for bare metal - new computer scenario)
- TS step type: Apply Network Settings
- Desktop computer will be placed in the following OU
LDAP://OU=Desktop,OU=Windows 7,OU=Corp Computer Directory,DC=CorpName,DC=com
- Lapktop computer will be placed in following OU
LDAP://OU=Laptop,OU=Windows 7,OU=Corp Computer Directory,DC=CorpName,DC=com
- Select Join to Domain
- In Domain box type CorpName.Com
- Select the Domain OU required
- In Account box type CorpName\adminUser type the user password and confirm password
1.2.10 Apply drivers
This step executes the following:
- Installs hardware drivers
- TS step type: Auto Apply Drivers
Select Install only the best
Select Consider drivers from all categories
1.2.11 Apply special hard disk driver for a specific Laptop
This is an additional command to the original Task Sequence
This step executes the following:
- Installs specific mass storage driver for the HP laptop computer
- TS step type: Apply Driver Package
Run this step if it is HP 2530p - identifying the computer model type via a WMI Query: select * from Win32_ComputerSystem WHERE model ="HP 2530p"
- Select in Driver Package All HP drivers
- Mark Select the mass storage driver......
- Select in Driver box the driver Intel ESB2 SATA AHCI Controller
- Select in Model box Intel ICH9M-E/M SATA AHCI controller
1.2.12 Install SCCM Client
This step executes the following:
- Installs the SCCM Client
- TS step type: Setup Windows and ConfigMgr
1.2.13 Move existing computer account Desktop or Laptop to respective new OU
This is an additional command to the original Task Sequence
This step executes the following:
- Place a existing computer account in the domain to a pre-designated OU
(for a computer refresh scenario)
- Desktop computer will be placed in the following OU
LDAP://OU=Desktop,OU=Computer,DC=corp,DC=net
- Lapktop computer will be placed in following OU
LDAP://OU=Laptop,OU=Computer,DC=corp,DC=net
- Run this command if it is a Desktop
- identifying the computer type via evaluating the Task sequence variable: if DESKTOP
- Run this command if it is a Laptop
- identifying the computer type via evaluating the Task sequence variable: if LAPTOP
- TS step type: Command line
- The command is a VBS file
- File location: \MDT Files\Scripts
- File name for Desktop command: Find and Move Desktop To-OU.vbs
- File name for Laptop command: Find and Move Laptops To-OU.vbs
1.2.14 Wait for AD Sync
This is an additional command to the original Task Sequence
This step executes the following:
- Wait 600 sec for AD Object move sync to all DC's
- TS step type: Command line
- The command is a compiled EXE file
- File location: \MDT Files\Scripts
- File name: wait.EXE
- Switches used: 600
1.2.15 Restart computer
This step executes the following:
The Workstation Boots with the Default Operating System installed on the hard disk
1.2.16 Install software updates
This step executes the following:
- Installs all mandatory software updates published by the WSUS module on the SCCM system
- TS step type: Install Software Updates
- You need to configure the WSUS section on the SCCM system, all published mandatory updates will be installed automatically in this step during the OS deployment
1.2.17 Restore User State with USMT with WMI model exceptions
This is an additional command to the original Task Sequence
This step executes the following (in high level):
- Restore user state with USMT
- Skip this stage if it is HP D510 or D530
Detailed steps:
- Restore user state with USMT SCCM package with modified USMT XML
- Skip this stage if it is HP D510 or D530 by identifying the computer model type via a WMI Query:
select * from Win32_ComputerSystem WHERE model <>"HP D510 SFF"
select * from Win32_ComputerSystem WHERE model <> "HP D530 SFF"
1.2.18 Apply software for a specific hardware model
This is an additional command to the original Task Sequence
This step executes the following:
- Installs required application by computer model
- The applications configured as SCCM packages and are grouped in a folder
- TS step type: Group
Sample WMI query for HP 2510p: select * from Win32_ComputerSystem WHERE model = "HP 2510p"
1.2.19 Change the WS users Profile path to new user Path
This is an additional command to the original Task Sequence
This step executes the following:
- Change the user's roaming profile path from Profile to NewProfile i.e ProfileV2
Application Algorithm:
- application read the users list from
C:\ _SMSTaskSequence\WDPackage\Scripts\UsersListToMove.txt
- Create a new directory : NewProfile in the users directory
\\<Server>\<Usersvrxxxx$>\<UserName>
- Change profile path to
\\<Server>\<Usersvrxxxx$>\<UserName>\NewProfile
- TS step type: Command line
- The command is a compiled EXE file
- File location: \MDT Files\Scripts
- File name: RenameNetworkUserProfileDirectory.EXE
- Source code SMS Installer
- Source file name: RenameNetworkUserProfileDirectory.ipf
1.2.20 Run GPUpdate to apply all Policies
This is an additional command to the original Task Sequence
This step executes the following:
- Update the Corporate group policies on the WS
- TS step type: Command line
- The command line: GPUpdate /force
1.2.21 Run Plug and Play discovery
This is an additional command to the original Task Sequence
This command does not apply to Windows 7 and is required only for Windows XP OS deployment
This step executes the following:
- Rerun the plug & play discovery to install all required drivers
- TS step type: Command line
- The command line: RunDll32.exe Syssetup.dll,UpdatePnpDeviceDrivers
1.2.22 Install Anti-Virus program
This is an additional command to the original Task Sequence
This step executes the following:
- Install the Antivirus program
- TS step type: Command line
- The command is a batch file
- File location: \MDT Files\Scripts
- File name: InstallAV.bat
Many thanks to Oluyomi Alarape from Microsft corp. for his singnificant contribution in the overall project and design
If you need more info about this post or SCCM OSD Deployment, please contact me via mail
Yagil Adar
email: yagil@adar.us
web site: www.adar.us