Tag Archives: SCCM

System Center 2012

Once you check out and take some time off, lots of stuff goes down. Like the release of the System Center 2012 suite of software. This is, to quote Microsoft, a game changer. A unified installer, and new versions of the different management components gives you a whole new level of control.

The whole suite is now better prepared to cooperate and you can automate lots of steps thanks to Orchestrator. This makes it easier for IT to deliver their services to the business in an automated and efficient way, previously only possible by using third party products and addons.







Get the 180 day trial of Microsoft System Center or read more here!

Enable TPM in task sequence with SCCM and CCTK

During work me and a colleague have tested some utilities for handling hardware settings on both servers and clients. One of the more useful utilites we found was CCTK, Client Configuration ToolKit. This utility lets you change settings in BIOS, both during OSD and otherwise. The main usage we found for it was to enable and activate the TPM-chip on Dell client computers.

So how is it done?

You’ll need to download CCTK from Dells site.

And then run the script in the CCTK-folder to include it in your WinPE image. There’s one script for WinPE 2.1 and one for 3.0. This is due to the fact that the hardware driver needs to be local, it can’t be run from UNC.

Once it’s included you can run CCTK from command line in your task sequence.

The commands available can be found here or you can enable CMD-support in your WinPE and run it manually. It’ll then query BIOS for available switches and you can try it out before putting it in a task sequence.

Our TS looks like this:

All those reboots are because the computer needs to power cycle to both turn on and activate TPM. Once that’s done we apply our OS as usual and finish off with running the bdehdcfg.exe-utility which creates the necessary disk layout for Bitlocker and then we run the standard SCCM task “Enable Bitlocker”. If you don’t apply patches or anything else that’ll make the computer reboot you’ll need to have a “Restart Computer”-action after the disk has been configured.

Deploying Windows at multiple locations with TFTPD and MDT

Having visited a customer that wishes to redeploy their workstations at over 350 locations we soon came to the conclusion that it’ll either take forever based on the available bandwidth or they’ll have to invest in System Center Configuration Manager that can handle this with the branch office deployment scenario. You can read more about that over at Microsoft TechNet.

This way of deploying Windows have a broad usage scenario. Either for deploying Windows from a standard workstation in remote offices, you could even use the linked deployment shares functionality of MDT 2010 to manage them. You could use robocopy and a smart vbscript to install TFTPD32 and change the cs.ini / bootstrap.ini with the corresponding changes. The software could be installed on your laptop so you can connect it to a workstation / server directly with a cable and install Windows automatically even if your company or your customer doesn’t have an automated system in place.

The customer wasn’t too keen on spending that amount of money apparently, so we decided to look into some other way of solving the problem. After some looking around there seems to be a lot of ways to deploy windows using PXE, linux boot managers and third party tools. They were already using Microsoft Deployment Toolkit (MDT), which made my day a lot easier.

Since I’m into Windows I decided to go for Windows software and avoid everything that was marked with a penguin. Note that I don’t have anything against penguins, but since most of my customers run a Windows shop it’s not well advised to bring in some other operating system. So what did I come up with?

Looking around there wasn’t much that wasn’t Linux-based, but I found TFTPD32. This piece of software has a lot of capabilities: DHCP, DNS, TFTP (Server/Client), SYSLOG and some more. It’s possible to run it as a service also, if you get srvany or some other software that’s available to run programs as services. Another option is to have it run minimized and then autostart it.

Setting it all up was mostly painless. Got stuck on Bcdedit which Johan Arwidmark already had covered in his blog. I’ve edited his script a little so the amount of work will be less for you. Credits for the script goes to him (link to him below).

If you’re gonna run this on XP you’ll need to copy bcdedit.exe from a Windows 7 with a matching architecture (x86/x64) to edit the BCD on XP since XP doesn’t have the BCD.

List of ingredients

Microsoft Deployment Toolkit 2010
WAIK (Windows Automated Installation Kit)
Windows XP / Windows 7 media (TechNet+ or MSDN subscriptions gives you the opportunity to download these)
Powershell (download for Windows XP, included in Windows 7)
One workstation for deployment (could be virtual, Virtualbox is free of charge)
One workstation that receives your os (could be virtual, Virtualbox is free of charge)
One DC if you want to join a domain (could run DHCP also, you’ll need to configure it, see below)
The script that fixes the BCD. Download and save as c:deploymentsharebootCreateBCD.bat (Credits to Arwidmark)

Breaking it down

The script

(The below code might be wrapped and each line should start with Bcdedit except the for /f)

Rem Creates BCD (boot configuration data) for Windows PE 2.0
set BCD-File=c:deploymentsharebootBCD
del %BCD-File%
Bcdedit /createstore %BCD-File%
Bcdedit /store %BCD-File% /create {ramdiskoptions} /d "Ramdisk options"
Bcdedit /store %BCD-File% /set {ramdiskoptions} ramdisksdidevice boot
Bcdedit /store %BCD-File% /set {ramdiskoptions} ramdisksdipath bootboot.sdi
for /f "tokens=1-3" %%a in ('Bcdedit /store %BCD-File% /create /d "WinPE x86" /application osloader') do set guid1=%%c
Bcdedit /store %BCD-File% /set %guid1% systemroot Windows
Bcdedit /store %BCD-File% /set %guid1% detecthal Yes
Bcdedit /store %BCD-File% /set %guid1% winpe Yes
Bcdedit /store %BCD-File% /set %guid1% osdevice ramdisk=[boot]bootLiteTouchPE_x86.wim,{ramdiskoptions}
Bcdedit /store %BCD-File% /set %guid1% device ramdisk=[boot]bootLiteTouchPE_x86.wim,{ramdiskoptions}
Bcdedit /store %BCD-File% /create {bootmgr} /d "Windows Vista BootManager"
Bcdedit /store %BCD-File% /set {bootmgr} timeout 30
Bcdedit /store %BCD-File% /set {bootmgr} displayorder %guid1%
Bcdedit /store %BCD-File% /enum all

Install and configure WAIK and MDT

1) Install / add Powershell
2) Install WAIK
3) Install MDT

Once MDT is installed you’ll need to create a new deployment share, to make it easy I recommend keeping with the defaults otherwise you’ll need to edit the scripts and the settings for TFTPD32 if you change the path of the deploymentshare.

Import an operatingsystem into MDT so we have something to deploy and make a new task sequence. You might also want to update your customsettings.ini and boot.ini to reflect the options you want. Mine are displayed below and more information on the options available can be found in the MDT documentation and on multiple sites on the internet.

Customsettings.ini (many of these settings are in Vista/Windows 7 format, see documentation for XP)

_SMSTSOrgName=TFTPD Deployment System
TimeZoneName=W. Europe Standard Time


DeployRoot=XP01DeploymentShare$ (this needs to be changed for every location so that the pc's go to their closest one)
UserDomain=xp01 (either the computername for a local account or your domainname)
UserID=temp (either a local user or a domain account)

Update your deployment share.

The tricky part now is to extract some files from the Windows PE image included in the WAIK. We’ll need these to be able to PXE-boot our workstations.

Start an elevated command prompt and follow the steps below:

cd /d "C:Program FilesWindows AIKToolsPETools"
copype x86 c:winpe_x86
imagex /mount c:winpe_x86winpe.wim 1 c:winpe_x86mount
md C:PXEServerTFTPRootBootFonts
copy c:winpe_x86mountWindowsBootPXEpxeboot.n12 C:deploymentshareboot /y
copy c:winpe_x86ISObootfonts*.* c:deploymentsharebootFonts /y
copy c:winpe_x86mountWindowsBootPXEbootmgr.exe C:deploymentshareboot /y
imagex /unmount c:winpe_x86mount
copy C:winpe_x86ISObootboot.sdi C:deploymentshareboot /y

Click to open in lightbox

Note that this guide only shows you how to answer x86-machines. If you’d like to do x64 also, you’ll need to follow the steps from Arwidmarks guide to create a BCD for x64 or a BCD with multiple entries.

When these are extracted to c:deploymentshareboot we need to configure TFTPD32 so it knows which files to send to our PXE-booting workstations (or servers).

Run the script from c:deploymentshareboot so that it creates the BCD in the same folder.

Configure TFTPD32

If you don’t have a DHCP-server at the location where you want to deploy your workstations, you can configure TFTPD32 to act as one. In the screenshot below it’s configured to with the starting address and a pool size of 10 addresses.

Click image to open 2 images in lightbox

As you can see on image number two I’ve configured the root folder of c:deploymentshare which contains our MDT files. The folder boot contains the Windows PE images generated by MDT, and it’s also this folder that we’ve copied our PXE boot files to. TFTPD32 is configured to answer each PXE-client with the file pxeboot.n12 which doesn’t give us an option to press a key to boot from PXE but just does it instead. The file pxeboot.com would give you that option if you like it.

Configure your DHCP-server

If you already have a DHCP-server you’ll need to configure the scope options for each scope. The options 66 and 67 needs to be configured with the address of the TFTP-server and the boot filename. The filename is relative to the folder root of the TFTP-server, so in my case it’s bootpxeboot.n12 but this all depends on how you’ve set yours up. If you’re following this as a guide and have setup TFTPD with the MDT share and copied the files to the same locations the option in the picture is correct. Your ip may vary though, so you’ll need to check that it’s correct according to your environment.

This means (if you haven’t read between the lines yet) that you on different networks can have different PXE-servers, because the clients will be pointed to different servers depending on which network they’re coming from. Relating to open 66, boot server name, the client will get their initial PXE-boot from this server. So with a centralized server environment you can still run PXE on the local network at each branch. (Sorry for rubbing this in, but I’ve explained it in two emails already :))

Does it work?

Once these steps are done you’ll need to check that TFTPD32 is running on your deployment computer and that DHCP is configured in TFTPD or in Windows. Boot your empty workstation, press F12 for PXE-boot (depends on if you’re running virtual or not of course) and it should get an ip-address from DHCP and then boot into Windows PE and run your task sequence.

Click to open images in Lightbox

This installation of MDT is very basic without drivers or database and all the other stuff you can throw at it, but it’ll get you started at least. If you have any questions or comments, feel free to post them!