prevous<< Back to Index >>
Now, we know how to add applications, OS, device drivers, and create task sequence.
There are more things to configure to get things working. Open the MDT deployment share properties.
Choose the hardware architecture you need to support.
Click on Rules tab. This opens the CustomSettings.ini file for you. The default settings look like this.
Edit the settings, change them like below. Note: do NOT try to be 'organized' by adding comments for blocks, e.g. [locale settings], [Time zone], unless you know what you are doing. MDT does parse the block names during deployment. Blindingly add such comment in may lead to undesired effects. Just keep it simple, only type in what is needed.
The key thing here is ApplyGPOPack=NO. If this setting is omitted, MDT 2012 will do some match-making behind your back. If it detects your OS to deploy is one of 4 popular types, it will apply default group policies to your new machine - Windows 7 is one of the 4. This can lead to lots of troubles further down the road.
If you put ApplyGPOPack=NO in here, all task sequences you have in this deployment share will be affected.
You can also skip/disable local GPO application through task sequence properties (then do not have this line in the CustomSettings.ini file). In that way, the setting only applies to this task sequence. Go to your Task Sequence properties, you can see Apply Local GPO Package is the last step in State Restore.
If you put ApplyGPOPack=NO in here, all task sequences you have in this deployment share will be affected.
You can also skip/disable local GPO application through task sequence properties (then do not have this line in the CustomSettings.ini file). In that way, the setting only applies to this task sequence. Go to your Task Sequence properties, you can see Apply Local GPO Package is the last step in State Restore.
You can check the reference for all the rest of the settings. Some of the settings must be all present to make a page skipped.
In this example, I am running the test in a Workgroup environment. To skip the credential page, I have provided UserID and UserPassword settings, without UserDomain setting. If you are doing this in a domain environment, you should provide the UserDomain setting as well.
Meanwhile, if you are putting in domain credentials, then you simply enter your domain user name for UserID. If you are doing it in a Workgroup environment, you should put your machine name in as well, e.g.
UserID=test-bench-PC\fishismyname
However, you need to make decision again regarding security and efficiency. the password you entered here will be in plain text in the answer file. I tend to leave these settings out, and manually key in the network credentials on each machine I image. 2 reasons for this: (1) security, the obvious reason; (2) domain passwords always change, due to the password policies adopted by most organizations. You will have to update UserPassword every time you change this password. So, you will need to put in some effort one way or another, so why not go with the more secure option. However, if you often need to image lots of machines in one go, then you might still want to consider the automated way.
A working setting is listed below. This will skip quite a few pages during installation. Add in your own values where I took mine out, and make adjustment for your system.
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipBDDWelcome=yes
SkipUserData=YES
SkipProductKey=YES
ProductKey=
SkipTaskSequence=YES
TaskSequenceID=
SkipTimeZone=YES
TimeZone=085
TimeZoneName=GMT Standard Time
SkipLocaleSelection=YES
InputLocale=en-GB
SystemLocale=en-GB
KeyboardLocale=en-GB
UILanguage=en-US
UserID=
UserPassword=
ApplyGPOPack=NO
Now, if you look at the bottom of this page, you will see a button called Edit Bootstrap.ini.
Click on it to open the file.
Some settings must be put in here as well to skip a page. Like the one I did here, together with CustomSettings.ini we just edited, we can now automate the locale selection page, and the network credential page. If we do not put them in bootstrap.ini file, those pages will still appear. Check the reference if in doubt.
With all these settings, you have finished setting up a deployment share. There are still 2 issues remaining.
Format the disk and create disk partition.
If you don't configure this (leave things as default), your deployment process will not erase the machine. This will lead to undesirable effects.
You can configure this in the task sequence properties page - this is to show you where to open the page. Nothing is configured yet. However, do please note that this group of tasks are for new computer only, if you check New Computer Only properties, you will see there is a check on DeploymentType=NEWCOMPUTER variable. If you have DeploymentType=NEWCOMPUTER in your CustomSettings.ini, then Format and Partition Disk will be performed, otherwise skipped. If skipped, MDT will use the info provided in <DiskConfiguration> section to do the format/partition. If not skipped, what you put in <DiskConfiguration> section will be ignored.
Either way will work.
In this case, I am not going to add DeploymentType=NEWCOMPUTER in my CustomSettings.ini file, I am going to use unattend.xml to control the disk format and partition instead.
Go to the deployment share folder, under Control folder, go in the folder that bears your task sequence name, open up the unattend.xml.
Add the following near the top, just before <ImageInstall> tag. The following will create 2 partitions. Note that Windows will create a secret partition. You will not see this drive in Windows Explorer when the machine is imaged (you can see it in disk management). You might have noticed this secret partion when you use ImageX to capture your custom windows image - after boot into WinPE mode, if you go through each drive, c:, d:, f:, g: and so on, you might notice that under c:, if you run dir, Windows files are not present. If you go under d:, and do a dir, you will see the familiar files structure, Program Files, Program Files(x86), Windows, etc, etc.. That little c: is the secret, reserved, disk partition created by Windows 7.
<DiskConfiguration>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<!-- System partition -->
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>300</Size>
</CreatePartition>
<!-- Windows partition -->
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<!-- System partition -->
<ModifyPartition wcm:action="add">
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>System</Label>
<Format>NTFS</Format>
<Active>true</Active>
</ModifyPartition>
<!-- Windows partition -->
<ModifyPartition wcm:action="add">
<Order>2</Order>
<PartitionID>2</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
</ModifyPartition>
</ModifyPartitions>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
For reference, see http://technet.microsoft.com/en-us/library/ff716466.aspx
Click on it to open the file.
Some settings must be put in here as well to skip a page. Like the one I did here, together with CustomSettings.ini we just edited, we can now automate the locale selection page, and the network credential page. If we do not put them in bootstrap.ini file, those pages will still appear. Check the reference if in doubt.
With all these settings, you have finished setting up a deployment share. There are still 2 issues remaining.
Format the disk and create disk partition.
If you don't configure this (leave things as default), your deployment process will not erase the machine. This will lead to undesirable effects.
You can configure this in the task sequence properties page - this is to show you where to open the page. Nothing is configured yet. However, do please note that this group of tasks are for new computer only, if you check New Computer Only properties, you will see there is a check on DeploymentType=NEWCOMPUTER variable. If you have DeploymentType=NEWCOMPUTER in your CustomSettings.ini, then Format and Partition Disk will be performed, otherwise skipped. If skipped, MDT will use the info provided in <DiskConfiguration> section to do the format/partition. If not skipped, what you put in <DiskConfiguration> section will be ignored.
Either way will work.
In this case, I am not going to add DeploymentType=NEWCOMPUTER in my CustomSettings.ini file, I am going to use unattend.xml to control the disk format and partition instead.
Go to the deployment share folder, under Control folder, go in the folder that bears your task sequence name, open up the unattend.xml.
Add the following near the top, just before <ImageInstall> tag. The following will create 2 partitions. Note that Windows will create a secret partition. You will not see this drive in Windows Explorer when the machine is imaged (you can see it in disk management). You might have noticed this secret partion when you use ImageX to capture your custom windows image - after boot into WinPE mode, if you go through each drive, c:, d:, f:, g: and so on, you might notice that under c:, if you run dir, Windows files are not present. If you go under d:, and do a dir, you will see the familiar files structure, Program Files, Program Files(x86), Windows, etc, etc.. That little c: is the secret, reserved, disk partition created by Windows 7.
<DiskConfiguration>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<!-- System partition -->
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>300</Size>
</CreatePartition>
<!-- Windows partition -->
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<!-- System partition -->
<ModifyPartition wcm:action="add">
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>System</Label>
<Format>NTFS</Format>
<Active>true</Active>
</ModifyPartition>
<!-- Windows partition -->
<ModifyPartition wcm:action="add">
<Order>2</Order>
<PartitionID>2</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
</ModifyPartition>
</ModifyPartitions>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
For reference, see http://technet.microsoft.com/en-us/library/ff716466.aspx
Copy profile.
This setting triggers the deployment process to copy the profile you have on the reference machine to the new machine.
Set CopyProfile to true in the node high lighted in grey, as shown above. Use the key words in red circle to locate the position.
Now, right click on the MDT Deployment Share -> click on Update the deployment share, the relevant files will be updated or created.
McAfee users must note: it is best to disable On-Access scan before you do the update. It will SERIOUSLY slow down the process. On my machine, it takes 40 minutes with On-Access scan on, only about 5~10 when off.
OK. We are nearly there.
Go to the Boot folder in your deployment share folder, LiteTouchPE_x64.iso is what you need. Use any tool that can unpack ISO files, 7-zip for instance, and copy the content of the iso image into your bootable USB pen drive. You can now boot your new machine using this USB drive, and the Lite-Touch installation will begin.
Windows Updates
There are 2 Windows Update steps built-in each task sequence. Look in your task sequence properties -> State Restore, you will find them. They are disabled by default. If you want windows update automated, go the Options tab on the right, un-tick the 'Disable this step'.
Multiple machine models
To accommodate different machine models, one approach is to create a new deployment share for each model, so that that series of device drivers can be applied.
Automate Application Deployment
The draw back to this solution is that, say, you have 10 applications to be deployed, you need to go through the creation process for each single deployment share. It's not just application creation. It's about maintenance, too. If, say, you are moving to Office 2012 from 2010 in your organization, and you have 20 Deployment Shares, you will need to do the update 20 times.
There are ways to avoid this. One option is to leave application silent installation to Active Directory, if you have one. After the machine is imaged, the PC can be moved (or moved as part of the deployment process) into the relevant group, and one GPO should be silent installation of Office 2012. In this way, you only have 1 place to maintain. Or you may have other 3-rd party tools to push applications out. There is always more than 1 way to skin a cat. Check what are available to you.
You can further fine tune the task sequences. I will share the tips when time permitting.
This setting triggers the deployment process to copy the profile you have on the reference machine to the new machine.
Set CopyProfile to true in the node high lighted in grey, as shown above. Use the key words in red circle to locate the position.
Now, right click on the MDT Deployment Share -> click on Update the deployment share, the relevant files will be updated or created.
McAfee users must note: it is best to disable On-Access scan before you do the update. It will SERIOUSLY slow down the process. On my machine, it takes 40 minutes with On-Access scan on, only about 5~10 when off.
OK. We are nearly there.
Go to the Boot folder in your deployment share folder, LiteTouchPE_x64.iso is what you need. Use any tool that can unpack ISO files, 7-zip for instance, and copy the content of the iso image into your bootable USB pen drive. You can now boot your new machine using this USB drive, and the Lite-Touch installation will begin.
Windows Updates
There are 2 Windows Update steps built-in each task sequence. Look in your task sequence properties -> State Restore, you will find them. They are disabled by default. If you want windows update automated, go the Options tab on the right, un-tick the 'Disable this step'.
Multiple machine models
To accommodate different machine models, one approach is to create a new deployment share for each model, so that that series of device drivers can be applied.
Automate Application Deployment
The draw back to this solution is that, say, you have 10 applications to be deployed, you need to go through the creation process for each single deployment share. It's not just application creation. It's about maintenance, too. If, say, you are moving to Office 2012 from 2010 in your organization, and you have 20 Deployment Shares, you will need to do the update 20 times.
There are ways to avoid this. One option is to leave application silent installation to Active Directory, if you have one. After the machine is imaged, the PC can be moved (or moved as part of the deployment process) into the relevant group, and one GPO should be silent installation of Office 2012. In this way, you only have 1 place to maintain. Or you may have other 3-rd party tools to push applications out. There is always more than 1 way to skin a cat. Check what are available to you.
You can further fine tune the task sequences. I will share the tips when time permitting.
No comments:
Post a Comment