Monday, December 30, 2013

VM Host Task Sequence Handling

My Windows 7 TS supports about 35 hardware models today (The old XP one was over 60), so to save time in processing the TS, I have added a condition to the Apply Drivers Group or as shown below, a separate 'Apply Hardware Drivers' group. If I am deploying to a VM then it skips all those driver package steps. With more and more deployments being virtual it helps...

NOTE: Don't use that variable, its custom and not built in! I create an 'OSDComputerModel' variable via a tech interview HTA or VBS but you can use whatever method you use for Driver package conditions.

Additionally I  also capture the chassis type to a variable 'OSDChassis' and have the drivers grouped by Desktop or Laptops to save time as well. This also works for installing VPN clients or WiFi interface software on mobile platforms.

Another one I capture is the Asset Tag. This is used in DELL and other manufactures that allows a firm to put an internal Asset Tag in the BIOS. Dell does it via CFI for me.

While MDT has several built-in variables such as 'IsVM', 'IsLaptop', 'IsDesktop', I do not have MDT integrated with ConfigMgr so I've adapted other methods. I've noticed it is quicker to do a single WMI query for the model, normalize that, and save as a variable then to do a like WMI query for each driver package as well as grouping by chassis to skip dozens of unneeded steps.


This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

This is the VBS version that collects the hardware data into variables.


I'm always having to look these up for varying reasons so I thought I would put them in one place. Know of any others I can add?

VMWare *ALL*

 VMWare Virtual Platform  

Microsoft Hyper-V

 Virtual Machine  

Xen *ALL*

 HVM domU  

Oracle VirtualBox


Parallels Desktop

 Parallels Virtual Platform 

Tuesday, December 17, 2013

USMT Wrapper Script


During a hardware refresh there are times that data migration needs to be done manually such as with software encryption or other reasons. With the granularity that USMT supports, Scott and I wrote a wrapper script to do all the work for the techs as there is just too much flexibility!

For distribution, we have it as a package within ConfigMgr that can be downloaded by techs using the package down loader tool (see previous post). This way they always have the latest version of the script and XML files used by USMT. You call the script on the old computer with the new computer as a command line switch:


First thing it does is copy it locally to %WINDIR%\TEMP as the USMT commands can be impacted by the DOS 256 character command line limit. Why a DOS Script? XP, don't have to worry about PowerShell being present as DOS has been around for a little longer...

If you do not pass it the new machine, then it will ask you for the new computer name. It uses SED for this which you put in the x86 and/or amd64 folders.

When ran from the old system, it will create C$\USMTStore on the new system and start migrating data with ScanState to a MIG file there.

Once complete you run the wrapper on the new machine and it will do a restore via LoadState.

Other things that the script does.
  • Detects XP and copies manifest files to %WINDIR%\system32\DLManifests
  • Runs correct architecture version of scanstate and loadstate for 32-Bit or 64-Bit
  • Copies the logs to the ConfigMgr logs folder (%WINDIR%\CCM\Logs) for cleanliness
  • Captures start and stop times


The wrapper is set up for my environment so you will have to parse it and change things accordingly. Specifically you will have to do something about the IncludeExclude.XML as this is custom for our environment, or just rename one of yours to it. There are several REM statements and comments that do different things. If you do not use ConfigMgr then you will need to modify the log copy at the end.  Since its all done with variables several of them can be set before running the script such as destination as a side note.

If you make any changes please let me know as I may add it upstream!


This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

I am providing both USMT4 and USMT5 versions however they can be interchanged with little modification. We'll make a USMT6 version soon.


GUI for it? This was for USMT4 and Scott is talking of making a new one for USMT5 (or 6). It lets you choose profiles and files/folders to customize.

Tuesday, December 10, 2013

Cheaply Distribute Large Standalone Media

How big is your image? My Windows 7 is over 50GB between the drivers, applications and the multiple architecture WIMs as I support ALOT of hardware. Both my Workstation and Server TS use an HTA to prompt the tech for various tidbits, however as most of those items are in the TS so they are therefore created for StandAlone Media making it large, very large.

I'll blog about that HTA at a future date once I get an older version to be agnostic. It wasn't built with public consumption in mind as its very custom to my environment.

A problem we have is offline use. Since we deploy several hundred systems globally a WEEK we need a way for our techs to continue functioning during a ConfigMgr outage. I'm always amused when someone contacts my team and says "HELP! OSD is down!". Its like saying "the Internet is down!" Um, no its not (well ok when we upgrade...), but your part of it is. We all can agree that SCCM is temperamental at times locally. A package is missing, out of date, whatever, 2012 is so much better at this. Additionally techs travel to small sites we don't have a local DP at so having offline is

By moving away from the "Total Control" method of driver management towards "Total Chaos" I can bring it down to about 16GB. With hundreds of techs its not feasible to send out USB thumb drives every quarter but DVD-9 is, least until BD-R becomes a standard.

We stumbled on this trick which our techs like, especially as MS doesn't create the media sequentially so you have to "Insert Disk 1", "Insert Disk 2", "Insert Disk 1" several dozen times.

You create CD/DVD StandAlone Media via the Wizard to 8.5GB media (DVD-9) which holds 7.95GiB worth of data that spans two ISOs in my case.  Once complete, create the same Stand Alone Media again with Unlimited as the CD/DVD media size (new in ConfigMgr 2012) or USB, and grab a few files from this second media set to replace matching files in the split StandAlone.

When we mail out the DVDs we also post a 7ZIP with the Unlimited media files for the techs to our Imaging SharePoint site. The techs then have a choice to use the two DVDs, or merge them onto a USB drive for faster no media swap deployment.

The 7ZIP has the following files from the single ISO with paths. In testing we found that only Policy.xml and Variables.dat need to be updated but we do all four to be complete.


The techs then do the following to create single media on USB:
  1. Copy Disc 2 to root of USB (Or sub-folder if they use Grub for multi-boot scenarios)
  2. Copy Disc 1 to the USB, replacing any duplicates
  3. Copy compressed folder contents to the USB, replacing any duplicates

Tuesday, December 3, 2013

SCCM 2012 Package Downloader v1 available

With the upgrade from Config Mgr 2007 to 2012 you no longer have the ability to obtain software by visiting


to get something. This is awesome and painful depending on your view. With several hundred techs at my company, they have become spoiled by having a local cache of software or drivers so many techs will go to the share to get something vs following a process to obtain software that has license tracking involved as an example.

While I get the need for local cache, they don't always follow process for whatever reason such as diagnose the agent. Then there are the "Self Declared Power Users" that stumbled on the share and find 'Adobe Creative Suite 6 Design and Web Premium' and decide they need that and try to install it. Luckily we have other checks and balances in play but it causes problems for one reason or another. I'm definitely of the camp to liking the addition of a Content Library in 2012. We have taken our DP storage from several hundred GB to less then 100GB especially around drivers as those amounted to over half the data.

Since our techs were spoiled and its always hard to take something away, I asked our SCCM Admin Cory Becht to see what he can do. Cory to the rescue! He developed a package downloader HTA for 2012 that we want to share with you. Technically Cory released it on myITforum back in February 2013 but I'd like to talk about it.

What the tool does is downloads a package and runs a program associated with it. More specifically, this script will query and display available packages and applications when needing to bypass the Configuration Manager 2012 agent. It will access the Content Library of the distribution point and download all the required files and then execute the specified command line. In some cases we have a program called 'CopyFolders.EXE' that just prompts for a folder to copy the package contents to. This is good for the OSD PE media and our Admin PE (Think DaRT) tool among other things that we use ConfigMgr to distribute content.


I wont rehash the howto instructions but do want to point out the following basic configurations for it:
  • Script users will need specific RBAC security settings
  • Configure Script variables for your environment
  • A new SQL view needs to be created on the SCCM Database and script users given SELECT rights

One of my concerns was the abuse of this script to get around processes, so I requested that the HTA send an email notification to our groups mailbox when someone uses it. We use this to follow up as well as as a check/balance on the health of SCCM and the agents. If we see one tech using it a large amount, it prompts a conversation with them or their supervisor into why that's happening. Sometimes it is a valid problem needing resolution and sometimes its not. Depending on your size this can clutter a mailbox so definitively use some filters. We see about 70 a day on average with the majority from techs getting our OSD PE or Admin PE tools.

Packages and even programs are made available in the tool on a case by case basis, so for each one you want to make available you will need to add the following in the description of a Program you want available in the tool:


Or as shown in the Console

Something I would strongly urge is to put the script in SharePoint or somewhere central so they are calling the most current version. We had initial problems due to older versions being ran vs the newer bug fixed version. When it is ran, it will determine all the packages that are available to the user or machine and then show what is available within the tool.


  • I don’t have a CAS, therefore running it against the CAS database is unknown.
  • Works with IPv4 only.
  • Utilizes BITS and bitsadmin.exe program to do the download of the files as I don’t have PowerShell everywhere.  XP doesn’t include it by default and is in the XP Support Tools 
  • Uses HTTP and not HTTPS to access content from the DP.
  • Lesson Learned: Make sure IIS doesn't have a Hidden Segment or File Extension filter entry that prevents a package download.  The request filters will prevent downloading of certain paths or extensions.  I have a script running on my distribution points to configure the request filtering automatically.


This tool does not do drivers and Cory is still working on that part, its the biggest request we receive from the techs and rightly so. Many machine problems are resolved by updating drivers. We are using v2 internally and will make it available once we move to v3 or possibly move to an Alternate Content Provider such as 1E NOMAD or Adaptiva OneSite. Cory moved away from BITS to web services as BITS caused much of our reported problems with the tool and web services is a ton faster, especially on slow connections.


This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

Here is the direct download over at MyITForums. If you make any modifications I'd like to hear about them as we could incorporate them upstream.