SCCM 2012 R2 - Using Dynamic Variables during OS Deployments

With the release of R2 for SCCM 2012, Microsoft has introduced Dynamic Variables. These will allow for If/Then statements in the build process without having to have multiple build steps. Dynamic variables can be set via the General steps. Below is a simple example where I am looking for the IsDesktop task sequence variable to be true. If it is, I am setting the OSDDomainOUName variable that will add newly built desktops to the desktop organizational unit.



PowerShell - TechNet Script Browser and Script Analyzer

Microsoft released version 1.3 of the Script Browser and Script Analyzer this month. Incorporating this into the PowerShell ISE will allow you to search the over 9000 scripts in the TechNet script center. It allows you to create favorites, filter by programming language, and configure language settings. It also has the ability to analyze your PowerShell scripts. In the picture gallery, you will see a simple example of my analysis of a Get-Process script. In the script, I am using Get-Process to get more information on the notepad process that is running. In the first picture, I used notepad as a positional parameter without using the actual -Name parameter. In poorly written scripts this can create issues so the analyzer generated a warning. In the second picture, I actually used the -Name parameter followed by the process name (notepad). As you can see, the analyzer no longer generated a warning.

Link to Download of Script Browser & Script Analyzer

http://www.microsoft.com/en-us/download/details.aspx?id=42525

 

SCCM 2012 R2 - View of Client Settings Applied to a Specific Machine

Prior to SCCM 2012, client settings were set at the site level. This meant that all machines under a specific site had to share the same settings, such as inventory schedules and computer restart configurations. In SCCM 2012, Microsoft introduced custom client settings. This allowed custom device or user settings to be deployed to a specific collection of machines or users within the same site. By using this feature, an SCCM administrator can fine-tune how settings are configured in their environment; from how often hardware inventory runs to the maximum transfer rate allowed for BITS. With the introduction of this new feature, I have created quite a few custom device settings. These settings are not necessarily deployed to the same device collection, which can make it somewhat time consuming to see what settings are applied to a specific machine. With SCCM 2012 R2, Microsoft has added the ability to right-click a device and see the effective client settings for the machine. This makes it easier to troubleshoot and determine quickly what client behavior should be expected from a specific machine.

PowerShell - Create SCCM 2012 Console Folders

After setting up a new SCCM 2012 R2 environment, I needed to create quite a few console folders for managing device collections. Individually, it only takes a few seconds to manually create a folder. When multiple folders need to be created, it can take quite a bit of time. To speed up the creation, I built the below PowerShell script. It creates the child folders for whatever parent folder I set it to and reads the child folder names from a text file.

Link to Script on OneDrive

http://1drv.ms/1hdR0Rq

SCCM - Use boot image to shut down remote machine

Recently, I was asked to perform cleanup on numerous remote machines in a lab environment that were being retired. Management wanted the hard drives formatted and each machine shut down. Since the machines were not in a production environment and there was no sensitive data on them, I was able to use the built-in Format and Partition Disk step along with a Run Command Line step. Below are the three steps in my task sequence to perform the formatting management required.

  1. Restart Computer - Rebooted computer into assigned boot image.
  2. Format and Partition Disk - Formatted and partitioned drive.
  3. Run Command Line - Executed wpeutil with the shutdown switch to turn machine off while in WinPE.

Link to TechNet Article on Wpeutil

http://technet.microsoft.com/en-us/library/cc765969(v=WS.10).aspx

MDT - Perform OS Deployments without connecting to the MDT Deployment Share

One feature of MDT that I do not see used often is the Media feature. Using this feature, a machine can be built without every connecting to the MDT deployment share.  Below are the steps I performed to create a custom selection profile (packages, task sequences, and operating system files to include) and Media to build a machine using my DC01 task sequence. These actions were performed in the MDT Workbench.

 

  1.  Created a custom Selection Profile under Advanced Configuration that only included Operating System, Packages, and Task Sequences. Since it is a lab environment, I excluded all of my drivers and applications since they were not needed.
  2. Built New Media under Advanced Configuration that used my new custom Selection Profile.
  3. Updated the new media to included all the necessary files for a standalone deployment.
  4. Booted my DC01 virtual machine from the newly created ISO file.
  5. Allowed machine to complete build process without every connecting to my MDT Deployment Share.

PowerShell - Get All Machines in a Specific OU

During the beta and pilot phases of a Windows 7 migration project, machines were being added to a test OU. Once the project was completed, I was asked to supply all the machines currently in the pilot OU. I decided to use Get-ADComputer to output the machines to a text file rather than the Quest tools. Below is the script. By changing the value for SearchBase, I can query any OU and output the machines in it.

$Computers = Get-ADComputer -Filter * -Properties Name -SearchBase 'OU=Pilot,OU=Workstations,DC=lab,DC=local'
$Computers.Name | Out-File c:\temp\PilotMachines.txt

 

Windows 7/8 Setup Logs

One of the best places to start when troubleshooting a build issue is the Windows setup logs. I have used these numerous times to determine setup problems during a deployment, such as missing drivers or a machine not joining the domain. Below is more information on the key logs and their locations:

Location: %WINDIR%\Panther

  • Setupact.log - contains a list of the installation actions performed during the build process. Key log for determining what installation steps were successfully completed.
  • Setuperr.log - contains details about any errors during the build process. Key log for finding out more information on what caused an installation failure of Windows.

Location: %WINDIR%\Debug

  • Netsetup.log - contains information on the domain join process. Key log for finding out common domain join problems such as an invalid domain join account.

Location: %WINDIR%\inf

  • Setupapi.dev.log - contains information about driver installations. Key log for finding out driver installation problems, missing drivers, etc.

How to do a simple count query in SQL Server

From time to time, I need to create a new SQL Server report with count information. Getting counts can get confusing when creating them for the first time. Below are simple queries where I am getting a count from the SCCM database of Windows 7 machines , Windows XP machines, and both machines combined. This query could easily be expanded to do counts for whatever you would like.

Count of Windows XP Machines

SELECT        Caption0 AS 'Operating System', COUNT(Caption0) AS 'Total'

FROM            v_GS_OPERATING_SYSTEM AS OS

WHERE        (Caption0 = 'Microsoft Windows XP Professional')

GROUP BY Caption0

Count of Windows 7 Machines

SELECT        Caption0 AS 'Operating System', COUNT(Caption0) AS 'Total'

FROM            v_GS_OPERATING_SYSTEM AS OS

WHERE        (Caption0 = 'Microsoft Windows 7 Professional')

GROUP BY Caption0

Count of Both Machines

SELECT        Caption0 AS 'Operating System', COUNT(Caption0) AS 'Total'

FROM            v_GS_OPERATING_SYSTEM AS OS

WHERE        (Caption0 = 'Microsoft Windows XP Professional' or Caption0 = 'Microsoft Windows 7 Professional')

GROUP BY Caption0

CountExample.JPG

SCCM 2012 - Restrict a User to a Specific Collection

Recently, I needed to restrict a user's access to device collections in the SCCM administrator console. The user needed access to a specific collection and should not have been able to see the default SCCM collections or other custom collections. Below are the steps that I performed to set up this access:

  1. Created a new device collection under my Software Development folder called Package Testing.
  2. Under Security, created a new Security Scope called Package Testing.
  3. Under Security, added the user.
  4. In the Add User or Group wizard, assigned the necessary security roles and configured the user to use the Security Scope created in Step 2. I also removed all default collections and added only the collections that I wanted available to the user.   

Now when the user opens the SCCM administrator console, they only see the collections that I granted them access to.