The D-Spot (The Deployment Spot)

There are several ways to deploy Internet Explorer 9 to client computers. Of course, you can install IE9 while building your reference image, but that’s so 90’s. Another way is to integrate the IE9 package with DISM into the Windows 7 wim image. But as we are using MDT2010 we choose the fastest way, that is to import Internet Explorer 9 into the DeploymentShare.

First we need the offline IE9 installer, not the offline executable installer that you can unpack using the /x command, but the Microsoft Update package (MSU)!

Get the Sources

One prerequisite update is required to run Internet Explorer 9 on Windows 7. This update, known as KB2454826 is available for both x86 and x64 platforms.

The second required package is IE9 itself, download Internet Explorer 9 MSU’s for Windows 7 from Microsoft:

• x86: http://go.microsoft.com/fwlink/?LinkId=210145
• x64: http://go.microsoft.com/fwlink/?LinkId=210143

Save all MSU files into the same location, so we can easily import them.

Next step is to import the MSU files into Microsoft Deployment Toolkit.

Import into MDT2010

Open the Deployment Workbench, choose Packages, right-click to import files and browse to the path where you saved the downloaded MSU files.

The imported files in BDD:

I only imported the x64 prerequisite MSU. Microsoft Deployment Toolkit 2010 automatically includes the updates into the image during installation. So you can import both x86 and x64 MSU’s, MDT will include the needed packages during setup!

I was with a customer today for a MDT 2010 installation, and struggled with a very annoying issue.

Just before the task sequence had to be selected and after credential input, the deployment process reboots with no error message whatsoever. And keeps rebooting again and again. The log file couldn’t help me out on this issue.

The only solution I could find with a Google-search was to create a new Deployment Share with the previous MDT 2010 version. This seems no solution to me

Solution

I had a typo in the customsettings.ini file:

If you specified a wrong domain for DomainAdminDomain, you won’t get an error message telling you about the mistake!

In previous parts of this guide we’ve setup MDT 2010 and have it configured. Now it’s time to add WSUS integration to automatically install the latest patches while deploying Windows 7.

Install WSUS

First download and install WSUS 3.0 x64 version or WSUS 3.0 x86 version (for Server 2003), or add the WSUS server role of you’re on Server 2008:

The WSUS installation window is underneath the Server Roles window, use alt-tab or the taskbar to proceed with the installation.

Configure WSUS to your needs:

Enable WSUS for Task Sequences

Update each Task Sequence you want updates installed through WSUS. By default ‘Disable this step’ is checked, to enable WSUS for this TS just remove the check:

 

Update CustomSettings.ini

Add WSUSServer to your CustomSettings.ini:

WSUSServer=http://wsusServerName

or

WSUSServer=http://wsusServerName:portnumber

Depending on your WSUS configuration.

Configuration is done, time to deploy a Win 7 client.

After the image is applied, Windows Update is doing its job using our WSUS server:

Just to make sure, take a look at the Installed Updates on the newly deployed client:

WSUS integration succeeded!

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 2

Windows 7 Lite Touch installation with MDT 2010 – Part 3

Had a strange error today. After some successful Windows 7 deployments to a Dell Latitude D630 test machine I got this error:

The Task Sequence has been suspended. LiteTouch has encountered an Environment Error (Boot into WinPE!).

I was pretty sure nothing happened to my Task Sequences, it must have something to do with the client machine.

Booted the laptop into the earlier deployed Windows 7 operating system, and deleted the two directories MDT has made:

• _SMSTaskSequence
• MININT

After removing these directories, the error was history!

Meanwhile MDT 2010 has reached Update 1, time to catch up where we left in part 2.

We will configure WDS to use PXE boot, use SQL Server to retrieve the computer name and have some beer afterwards.

PXE Boot

First configure a DHCP scope to serve the clients with an IP address. Then install the Windows Deployment Service (WDS) role on your MDT box, and configure WDS. I like to have a PXE delay of 3 seconds and I’m running DHCP on the same server as WDS. So I need to check ‘Do not listen on port 67’ and ‘Configure DHCP option 60 to indicate that this server is also a PXE server’.

 

Now we have to import the WinPE boot images, previous generated by MDT, into WDS:

Browse to the Boot-folder in the Deployment Share, and select the LiteTouch-wim-file(s) (I’m importing the x64 version only, as I don’t use Windows 7 x86 for now):

Boot your client machine and hit F12 to boot into PXE, or choose boot from network card in the BIOS.

We still have to choose a computer name during deployment:

Using MS SQL Server (Express) you can fully automate this!

Preparing SQL Server

In my test lab I will use SQL Express 2008 SP1. Open SQL Server Configuration manager, set SQL Server Browser to automatic and start the service:

Enable Named Pipes in SQL Server Configuration Manager:

Restart the SQL Server service:

Start SQL Management Studio and create a Security Login (I’ll use my MDT domain-join-user):

 

Add the db_datareader and db_datawriter permissions for the domain\svc-join user to the MDT database:

Create a database

Open the Deployment Workbench and Create a new database:

   

We have finished creating the MDT database.

Now we have to configure CustomSettings.ini before we can use the database:

By clicking Configure Database Rules, you actually adding extra lines to CustomSettings.ini in order to make a connection to the database. Select what you need:

Take a look at your CustomSettings.ini file (by right-clicking the DeploymentShare > Properties > Rules tab):

You can modify CustomSettings.ini further. To join a domain for example:

SkipDomainMembership=YES
JoinDomain=thedspot.local
DomainAdmin=svc-join
DomainAdminDomain=thedspot.local
DomainAdminPassword=*
MachineObjectOU=OU=Computers,OU=Unmanaged,DC=thedspot,DC=local

Obtaining Computer names from the SQL database

Hit Computers > New to add a MAC address and corresponding computername (OSDComputerName):

 

Our LiteTouch deployment succeeded:

The computer name was retrieved from the database and domain join was successful.

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 2

Windows 7 Lite Touch installation with MDT 2010 – Part 4

Microsoft released an update for the company’s free operating system deloyment solution.  If you’re planning to migrate to Windows 7, Server 2008 R2 or Office 2010, MDT is the tool you need.  Here at the D Spot we have blogged a lot about MDT already.  Keep yourself up to date and read our MDT related posts.

What has changed in MDT 2010 Update 1

 

For native MDT users (Lite Touch Installation)

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

 

For ConfigMgr 2007 users (Zero Touch)

New User Driven Installation deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

Support for Configuration Manager R3 Prestaged Media.For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

 

For all users

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office 2007.

 

Download binaries and documentation at Microsoft.

While setup some MDT lab environments this SQL error crossed my path a couple of times.

ZTI error opening SQL Connection. SQL server does not exist or access denied.

Unable to establish database connection using [CSETTINGS] properties. SQL Server does not exist or access denied.

Unable to establish database connection using [CROLES] properties. SQL Server does not exist or access denied.

I’m using a hidden share on the SQL Server box that MDT will use for authentication to the SQL Server. The same credentials are used to connect to the MDT database. So I had granted sufficient share and NTFS permissions to the hidden share and granted this user the db_datareader role on the MDT database.

If we read the error again it is clear that MDT cannot contact the SQL Server, it even cannot find the server.

Troubleshooting-time!

I hit F8 during deployment to get into a command prompt. Once in the command prompt I could contact the SQL Server box with the ping command.

A ping to the server gave a response of a wrong IP address. Turns out that the DNS server was holding an old IP address from the previous MDT and SQL Server installation. Deleting this A-record and register (ipconfig /registerdns) the SQL Machine again, was the solution for this issue.

In another lab environment I could ping and map a share on the SQL Server box.

net use * \\Servername\Hiddenshare$

Turns out that we forgot to open the Windows Firewall for SQL Server. Add an exception for sqlservr.exe and sqlbrowser.exe is enough. You don’t have to turn the complete firewall off.

With the firewall configured as it should and all DNS records registered, no error occurred and deployment went successfully.

Microsoft Deployment Toolkit 2010 has some nice improvements to its successors in the driver handling department. I will describe how I like to manage drivers in MDT 2010.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at command prompt: ‘wmic csproduct get name’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude E5500”. My colleague for example, uses a HP laptop “HP Compaq 6730b (GW687AV)”. Use this info to build up folders in MDT’s Out-of-Box Drivers (you can make your own structure, as long as the computer and Model names are correct).

Now that we have drivers imported in our Deployment Share, it’s time to move on.

 

MDT has two different methods to manage drivers (actually three, but we skip DriverPaths used in BDD 2007, as support will probably be removed in future versions).

 

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree. You don’t want to query dead horses.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

I use ‘DriverGroup001’ as Task Sequence Variable, and Win7x64\%Make%\%Model% as value for my Windows 7 x64 TS . You have to adapt this to your Out-of-Box tree. (Don’t use an underscore in your TS variable variable name as I intentional did. thanks Tom!)

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup001=%Make%\%Model%
DriverGroup002=Printers

 

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add  Selection Profiles for printer drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

 

Please do comment if you have any suggestions.

Just a quick tip, nobody likes to read much during holidays

If you want to troubleshoot a client deployment, a command prompt can be very handy. To get into one, just hit F8 during WinPE startup, it even works during operating system installation.

At the command prompt you can verify network settings, check log files during operating system install and so on.

In a previous article we discussed a very basic Lite Touch Installation (LTI). For the second part we will modify the MDT configuration files to make our installation more unattended.

The two configuration files we need to modify are CustomSettings.ini and Bootstrap.ini.  Use this method to view and modify them; In DeploymentWorkBench right-click your Deployment Share and choose Properties and hit the Rules tab. This is the CustomSettings.ini file. To view and modify Bootstrap.ini hit the Edit Bootstrap.ini-button at the bottom.

CustomSettings.ini file we will be using:

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipPackageDisplay=NO
SkipApplications=NO
SkipAppsOnUpgrade=YES
SkipCapture=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBDDWelcome=YES
SkipAdminPassword=YES
AdminPassword=Pa$$w0rd
SkipDeploymentType=YES
DeploymentType=NEWCOMPUTER
SkipUserData=YES
SkipDomainMembership=YES
SkipComputerName=NO
ComputerName=PC-xxxx
SkipTimeZone=YES
KeyboardLocale=0813:00000813
UserLocale=nl-be
TimeZone=105
TimeZoneName=Romance Standard Time
_SMSTSOrgName=The D Spot
SkipBitLocker=YES
SkipSummary=NO

You can adapt these settings to your needs. For example join a domain, skip the summary and so one.

Our Bootstrap.ini file:

[Settings]
Priority=Default

[Default]
SkipBDDWelcome=YES
DeployRoot=\\Servername\DeploymentShare$
UserDomain=DOMAINNAME
UserID=SERVICEACCOUNTNAME
UserPassword=PASSWORD
KeyboardLocalePE=0813:00000813

This file will be injected in the WinPE ISO file, to connect to the Deployment Share. After a modification to this file you need to perform a Deployment Share Update. To regenerate the LiteTouchPE_x64.iso & LiteTouchPE_x86.iso files.

With these configuration files in place, our LTI will ask for a Task Sequence and Computername only.

If your environment has computer names based on MAC Addresses you can get the computer name out of a SQL Database. But in most companies a technician will choose the computer name based on the label attached on the computer case, I choose this just to have an example.

Next time we will go further with user data migration.

Please find other parts here:

Windows 7 Lite Touch installation with MDT 2010 – Part 1

Windows 7 Lite Touch installation with MDT 2010 – Part 3

Windows 7 Lite Touch installation with MDT 2010 – Part 4