Ah, the joy of troubleshooting task sequences in Config Mgr! I spent a while on this one, having one task sequence performing a build and installing some software and another one while deploying that image. The deploy should also install driver applications, the one we love to hate, like bluetooth and fingerprint readers. Well, it failed multiple times to my great annoyance. Why it fails? Because software installations take place in the full OS, which occurs AFTER the step “Setup Windows and Config Mgr”. Once I moved my installations to after that, it worked flawlessly.
Once you check out and take some time off, lots of stuff goes down. Like the release of the System Center 2012 suite of software. This is, to quote Microsoft, a game changer. A unified installer, and new versions of the different management components gives you a whole new level of control.
The whole suite is now better prepared to cooperate and you can automate lots of steps thanks to Orchestrator. This makes it easier for IT to deliver their services to the business in an automated and efficient way, previously only possible by using third party products and addons.
During work me and a colleague have tested some utilities for handling hardware settings on both servers and clients. One of the more useful utilites we found was CCTK, Client Configuration ToolKit. This utility lets you change settings in BIOS, both during OSD and otherwise. The main usage we found for it was to enable and activate the TPM-chip on Dell client computers.
So how is it done?
You’ll need to download CCTK from Dells site.
And then run the script in the CCTK-folder to include it in your WinPE image. There’s one script for WinPE 2.1 and one for 3.0. This is due to the fact that the hardware driver needs to be local, it can’t be run from UNC.
Once it’s included you can run CCTK from command line in your task sequence.
The commands available can be found here or you can enable CMD-support in your WinPE and run it manually. It’ll then query BIOS for available switches and you can try it out before putting it in a task sequence.
Our TS looks like this:
All those reboots are because the computer needs to power cycle to both turn on and activate TPM. Once that’s done we apply our OS as usual and finish off with running the bdehdcfg.exe-utility which creates the necessary disk layout for Bitlocker and then we run the standard SCCM task “Enable Bitlocker”. If you don’t apply patches or anything else that’ll make the computer reboot you’ll need to have a “Restart Computer”-action after the disk has been configured.