How to Patch Base OS WIMs in a non-SCCM Environment?

September 12, 2014, 2:13 pm

≫ Next: MDT and skipping locale and keyboard selection during wizard

≪ Previous: MDT, reference image and Windows updates

My new employer doesn't have SCCM but they're at least using MDT, even if it is 2010. We (System Engineers for servers; Desktop Engineers for workstations) have historically been using Windows Update to patch the machine in question, but that (a) requires a bit of baby sitting, (b) takes ages and (c) is done every time a new server is stood up or new image is built.

Being one of the new guys, I've been asked if there's a way to automate the installation of OS updates for Windows 7 up to Server 2012 R2. My process has been to mount the WIM and apply as many updates as I can offline by pointing DISM to a directory full of updates.

However, I've been in situations where updates break the WIM because dependencies weren't in place, namely .NET which can't be installed offline. And its such a hassle to go through that troubleshooting process narrow it down to the offending update - augh!

Having said all that, I'm in need of some advice for how to handle stock WIMs from stock Microsoft ISO's.

What process do you experts follow for getting that WIM fully up to date?
I'm talking all the [recommended] updates offered via Windows Update: from updates for Windows, IE, .NET; standard security updates to IE upgrades (e.g. from 9 to 9, 9 to 10, 10 to 11), MSXML updates, Silverlight etc..
Does update installation order matter?
Is it safe to point DISM to a directory of cabs for offline updates & let it rip or does it require a bit of structure?
I'm sort of doing a hybrid: Pulled down over 200 updates from the Microsoft update catalog, extracted the cabs into a centralized location & separated them into two groups, group 2 being updates thatseem to cause problems when done offline or can't be done offline due to a prerequisite. (Group 1 is bit more than 200 updates, Group 2 is about a dozen including 2685811, 2685813, 2533552, 2819745)
Can I assume that for updates like WMF 4.0, UMDF 1.11, KMFD 1.11, MSXML and straight upgrades like .NET 4.5, IE 10/11, you're laying down the OS, installing the pre-requisites, installing the updates - maybe even running Windows Updates, then capturing?

I'm just really curious as to how far off the mark I am, how I can automate as much of this as possible and of course doing it right! :)

Thanks

↧

MDT and skipping locale and keyboard selection during wizard

September 12, 2014, 11:22 pm

≫ Next: MDT 2012 bypass choosing image to deploy

≪ Previous: How to Patch Base OS WIMs in a non-SCCM Environment?

When I try to skip locale and keyboard settings during the wizard they always revert to en-US for some reason. My customsettings.ini looks like this:

SkipLocaleSelection=YES
KeyboardLocale=fr-fr
UserLocale=fr-fr
UILanguage=fr-fr

Everything works if I just dont skip the locale selection wizard page and only click next to it

SkipLocaleSelection=NO
KeyboardLocale=fr-fr
UserLocale=fr-fr
UILanguage=fr-fr

Why is this happening? I'm deploying Windows 7 Enterprise (English -version). I just want the locale and keyboard layout to change, not the OS language.

↧

MDT 2012 bypass choosing image to deploy

September 13, 2014, 1:51 am

≫ Next: Deployment Summary Errors

≪ Previous: MDT and skipping locale and keyboard selection during wizard

hello

is there any parameter in customsetting.ini or anywhere else where we can specify image we want to deploy to avoiding it in the MDT console

thanks

↧

Deployment Summary Errors

September 13, 2014, 11:35 am

≫ Next: "The Data is Invalid" When Trying to Approve Pending Computers in WDS

≪ Previous: MDT 2012 bypass choosing image to deploy

What could be causing the errors?

FAILURE ( 5456 ): Unable to determine Destination Disk, Partition, and/or Drive. See BDD.LOG for more information.
Litetouch deployment failed. Return Code = -2147467259 0x80004005
Failed to run the action: Apply Windows PE.
Unknown error (Error: 00001550; Source: Unknown)
The execution of the group (install) has failed and the execution has heed aborted. An action failed.
Operation aborted (Error: 80004004; Source Unknown)
TAsk Sequence Engine failed! Code: enExecutionFail
Task sequence execution failed with error code 80004005
Error Task Sequence Manager failed to execude task sequence. Code 0x80004005

↧

"The Data is Invalid" When Trying to Approve Pending Computers in WDS

September 15, 2014, 12:12 pm

≫ Next: USB bootup to MDT 2013 deployment share fails.

≪ Previous: Deployment Summary Errors

I'm having an issue were I can't approve pending computers in the WDS console or using WDSUTIL. I get "The Data is Invalid" whether I use default settings or choose the Name and Approve option. The server's computer account has full permissions on the section of the AD tree (and all descendent objects) where the clients are to be created.

Pre-staging works fine.

No entries in the system/application logs appear when this error occurs.

This is Server 2012 R2.

↧

USB bootup to MDT 2013 deployment share fails.

September 15, 2014, 10:47 am

≫ Next: Joining WorkGroup

≪ Previous: "The Data is Invalid" When Trying to Approve Pending Computers in WDS

Hi again gang. Need some help.

Recently built a new server and installed MDT 2013 and WAIK 8.1, and I'm having issues connection to my share.

Quickly: I lost my older WINSRV 2008/MDT2012 fully, including images. SO, I built a new one, and started over: WINSRV 2012 R2, MDT 2013 w/ WAIK8.1

NOTE: I'm still using WIN 7 PRO x64 ONLY.

Ok, so, I insert the USB stick I used before the crash, pre-crash, and it doesn't connect to the network shares because it's using old server name... is this the USB stick's issue since I haven't touched it??? OORR the fact I captured this new image that started life on the MDT2012. NOTE:: This image, was SYSPREPPED by MDT2013 and captured fine, so I created a new TS to deploy and this is what I'm testing..... I have a feeling I may lose some people there, so feel free to ask..

THANKS !!

↧

Joining WorkGroup

September 15, 2014, 8:02 am

≫ Next: Win8.1 update1 Custom Wallpaper on the reference image.

≪ Previous: USB bootup to MDT 2013 deployment share fails.

I had a deployment share joining a domain. And now I need to change it to join the workgroup.

I deleted settings from bootstrap.ini and have

SkipDomainMembership=YES JoinWorkgroup=WORKGROUP

Set in the CS.ini.

When I boot into the PE I still get prompted for Credentials to join a domain.

What am I missing?

Thank you.

↧

Win8.1 update1 Custom Wallpaper on the reference image.

September 15, 2014, 4:14 pm

≫ Next: Windows 8.1 Failed capture process (0x80070BC2)

≪ Previous: Joining WorkGroup

I put custom desktop background on my win8.1 update1 image in addition to start screen customization and bunch of other settings.When I tried to deploy the captured image with copyprofile=true, I see all my customization, except the desktop background!

I captured a pre-update1 image with the same settings above which worked well.

Not sure if anything changed with update1!

Anyone else experienced this? If yes, any workarounds?

I did try loading the default user hive before sysprep, and modifying the reg entries using below steps:

Reg load "HKU\temp" "%ALLUSERSPROFILE%\..\Users\Default\NTUSER.DAT"
Reg add "HKU\temp\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Windows\Web\Wallpaper\<filename>.bmp /f
Reg add "HKU\temp\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
Reg add "HKU\temp\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d 0 /f
rem Reg unload "HKU\temp"

But the captured image still doesn't show the wall paper for the user logged in after deployed! There is no GPO / LPO for the wallpaper BTW and file does exists at above location.

Interestingly, if I try running above commands manually also have no effect!!

Am I missing anything?

Thank you folks!!

D_Sam

↧

Windows 8.1 Failed capture process (0x80070BC2)

September 16, 2014, 1:47 am

≫ Next: SCCM 2012 R2 and MDT 2013 Task Sequence Bugs

≪ Previous: Win8.1 update1 Custom Wallpaper on the reference image.

I am running into a bit of an issue trying to capture my custom windows 8.1 machine.

I am running a standard capture TS and it works on a blank version of windows, but when all the apps are installed it doesn't run correctly. In the past I have just run a windows clean up, emptied appdata and windows temp folder. That normally fixes the issue but it doesn't any more.

what is happening is that it runs thought the TS reboots and just loads back into windows. It does not spend any time on the syprep part of the sequence. It say executing but only for a second or two, so I think the issue may lay round there.

I have looked through the following logs and only found this error.

C:\MININT\SMSOSD\OSDLOGS\BDD.log - No errors

C:\Users\Administrator\AppData\Local\Temp\SMSTSLog.log

Executing in non SMS standalone mode. Ignoring send a task execution status message request
****************************************************************************
Execution engine result code: 2 (Success=0, Failure=1, RebootInitiated=2)
Process completed with exit code 2147945410
Exiting with return code 0x80070BC2
==========[ TsProgressUI started in process 2876 ]==========

Apart from these two logs I have not been able to find any more information. If I run the process for a 2nd time it runs as expected but disables the local admin account so I cant do anything with it.

Anyone any ideas?

↧

SCCM 2012 R2 and MDT 2013 Task Sequence Bugs

September 16, 2014, 8:41 am

≫ Next: Wiping a disk with MDT task sequence?

≪ Previous: Windows 8.1 Failed capture process (0x80070BC2)

Any links that list issues with the default MDT 2013 deploy task sequence: UEFI, local administrator password, Machine OU settings, OS installation partition and computer replace scenario.

↧

Wiping a disk with MDT task sequence?

September 16, 2014, 3:32 am

≫ Next: windows recovery wizard

≪ Previous: SCCM 2012 R2 and MDT 2013 Task Sequence Bugs

I'm thinking that I could use MDT/WDS to do a secure disk wipe for old computers. Has anyone implemented something like this with MDT?

↧

windows recovery wizard

June 14, 2014, 11:57 pm

≫ Next: Recovery Wizard missing from MDT welcome menu

≪ Previous: Wiping a disk with MDT task sequence?

I have windows 7 pro 64bit,mdt 2012 update, dart 7 and aik 3.1 no one can seem to help me with a problem using mdt to create winpe. To start with the winpe that I done with mdt opens fine when booted options listed is install os, run dart tools and command prompt NO RECOVERY WIZARD. I HAVE TRIED EVERYTHING I CAN THINK OF so if somebody out there can tell me what is going on. you can see what is gong the piece under install operating system is supposed to be windows recovery wizard

↧

Recovery Wizard missing from MDT welcome menu

September 16, 2014, 5:20 am

≫ Next: is there a way to "embed"/add Office updates to the image before deployment?

≪ Previous: windows recovery wizard

I can't seem to get the Recovery Wizard to show on the MDT 2013 welcome screen when doing a PXE boot.

One thing I did want to clarify, if the client pc doesn't have a recovery partition is this why I don't get to run the wizard?

Im wanting to see the recovery wizard option so I can go in and run the DART Locksmith tools

MDT 2013

Windows 7

Dart 8

I thing I've tried everything and getting nowhere!

↧

is there a way to "embed"/add Office updates to the image before deployment?

September 16, 2014, 9:33 am

≫ Next: Upgrading to MDT 2013, do I still need MBR in my task sequences?

≪ Previous: Recovery Wizard missing from MDT welcome menu

Hi,

in my TS I enabled preapp and postapp Updates

So first windows patches are applied. Then computer reboots installs apps.

I just enabled bunch of Office 2013 updates on WSUS. Office patches takes very long time.

Is there a way to embed patches in MDT to save update time.

Never used Packages node in MDT may this thing can help?

How you deal with massive updates?

Windows image can be updated, but Office for example that is installed after Windows deployment...

Thx.

"When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

↧

Upgrading to MDT 2013, do I still need MBR in my task sequences?

October 25, 2013, 2:31 pm

≫ Next: MDT 2012 - How to make Computer Name field blank on Computer Details install wizard screen?

≪ Previous: is there a way to "embed"/add Office updates to the image before deployment?

So we are gearing up for our MDT 2013 upgrade and we are finally kicking all the legacy OS deployments to the curb. We are only going to support deployments of Windows 7 x86, Windows 7 x64, and Windows 8.1 x64. We are deploying several surfaces that require GPT for the OS volume. I'd prefer to avoid the creation of separate task sequences for GPT/MBR formatting. What would be the consequences of kicking MBR to the curb and switching all my task sequences to GPT? Does GPT require UEFI in order to boot?

↧

MDT 2012 - How to make Computer Name field blank on Computer Details install wizard screen?

November 11, 2013, 7:24 am

≫ Next: Computer Naming Convention

≪ Previous: Upgrading to MDT 2013, do I still need MBR in my task sequences?

I am using MDT 2012 to prepping our Windows 7 client OS install media.
It has been a success so far but there is one point I would like to change.
Currently during the setup wizard the Computer Name field on the Computer Details install wizard screen gets pre populated with aMININT-<random> value and as such we request our users to manually change it to our required standard.

I would like for this field to be blank which would require the user to manually input the computer name as some users click next and go past this and then the computer ends up with a MININT-#### name.

Is there any effective and hopefully relatively painless way (customsettings.ini?) to add this to my current set up? Thank you.

1. Current.
2. Desired (so the user is forced to enter the computername).

↧

Computer Naming Convention

September 17, 2014, 8:07 am

≫ Next: Language Pack Application Install via Linked Deployment Share

≪ Previous: MDT 2012 - How to make Computer Name field blank on Computer Details install wizard screen?

Hello,

I was wondering if there was a way to automatically attach a hidden prefix to the name you choose for the PC in MDT. At my company, we have multiple sites and would like to attach a three letter prefix to each pc when imaged.

For example, at our Corporate site, add CHQ- (without typing it in the box).

If this isn't clear enough, please ask. Thank You

↧

Language Pack Application Install via Linked Deployment Share

September 17, 2014, 10:48 am

≫ Next: MDT and capture & sysprep existing machine

≪ Previous: Computer Naming Convention

I created an application for a Language Pack (French) to install in the task sequence. I Created a batch file and pointed to the necessary .cab file.. my question is, where do I point it to in the bat file? this is my script:

DISM /Online /Add-Package /PackagePath:lp.cab /norestart
bcdedit /set {current}locale fr-FR
bcdboot %WinDir% /l fr-FR

I have the files and the applications folder in the linked deployment share.. should the path be: /Packagepath:.\Applications\lp.cab ? BDD log indicates everything installed successfully but nothing installs.

I added this is my TS:

SkipApplications=YES
Applications001={b1900f04-0d66-4cce-9bbd-e1bfd0a8e463}

↧

MDT and capture & sysprep existing machine

September 17, 2014, 5:02 am

≫ Next: DeploymentType NEWCOMPUTER vs REFRESH vs REPLACE?

≪ Previous: Language Pack Application Install via Linked Deployment Share

Hi,

In a few special situations I need to be able to capture and sysprep existing physical machine. In MDT there is this Sysprep & Capture task sequence template. I think it's just what I need, but I have read somewhere before that it shouldn't be used for some reason. Is anyone actually using this?

↧