SCCM Zero Touch Deployments initiated without the SCCM Client?

I was recently at a client that was migrating to SCCM from another software delivery product with workstations not in a domain yet they still wanted to use SCCM OS Deployments to deploy their workstations during the migration.  Since the current machines were not in an AD domain it was decided to not add the SCCM client to the existing workstations prior to deployment.  Although SCCM does not natively support zero touch deployments to non SCCM machines, with a small amount of scripting it can be done.

High level steps:

  1. Gather inventory and import the machine into SCCM into a private deployment collection.
  2. Create Task Sequence Boot Media and modify it to not have user interaction
  3. Create a wrapper for the Boot Media so it can be deployed via a 3rd party software delivery product as well as run from a network share 
  4. Create a Mandatory Advertisement of the OS Task sequence to the machines you wish to deploy
  5. Use the 3rd party software delivery product to run the Task Sequence Boot Media on the machines you wish to deploy (when you wish to deploy them).

It sounds easy enough, but the devil is in the details....  So let me help fill in the details (and even provide some scripts to help ;)

  1. Gather inventory and import the machine into SCCM into a private deployment collection.
    1. This is actually one of the harder parts.  Use whatever you can to inventory your machines and indentify what applications are installed on the machines.  Then compare the installed application list to applications that will be packaged into SMS (or already are).  Ensure when you import the computer into SCCM that you link those applications to those computers.  (Via a custom Task Sequence or Task Sequence variables).
    2. Ensure that while importing the machines that they are placed in a new collection based on their deployment.
  2. Create Task Sequence Boot Media and modify it to not have user interaction
    1. Create your task sequence boot media as normal (either to CD and burn it or to USB) ensuring there is no password required.
    2. Copy the contents of this media to a folder on your hard drive (I will call it the ZeroTouchFolder)
    3. Modify the ZeroTouchFolder\SMS\Data\TSMBOOTSTRAP.INI changing the line Unattended=false to Unattended=true (this will prevent the boot media wizard from asking for user input to continue)
  3. Create a wrapper for the Boot Media so it can be deployed via a 3rd party software delivery product as well as run from a network share
    1. This is a two step process.  The first is to create a wrapper that will run the SCCM boot media
    2. Create a batch file in ZeroTouchFolder called StartSCCM.cmd using either step 1 or 2 below.
      1. This batch file will map the network drive to the SCCM Boot media you are creating.  This process MUST run from a network share with a mapped drive letter.  If your 3rd party software delivery program can automatically run the process from a mapped drive, then you can simply add the following line to your StartSCCM.CMD
          2. SMS\bin\i386\TSMBAutorun.exe
      2. If however your 3rd party software delivery program can not automatically map a drive for you prior to running your command (such as with Novell) you will need to do it in your batch file using the following lines:
          3. net use v: /delete
          net use v: %~dp0. /user:DOMAIN\USERID PASSWORD
          pushd v:\
          SMS\bin\i386\TSMBAutorun.exe
    3. In order for the SCCM boot media to run correctly from a network share, the process must run as the SYSTEM account.  If your 3rd party software can run the StartSCCM.cmd as the system account you can skip this next section.  If your 3rd party software delivery program can not automatically run the process as the SYSTEM computer account you will need to create a Batch file in ZeroTouchFolder called Install.cmd
      1. Create a batch file in ZeroTouchFolder called Install.cmd.  This batch file will launch the StartSCCM.CMD file created earlier under the SYSTEM account on the workstation.
          2. @echo off
          REM Prepare drive to run
          if not exist c:\temp md c:\temp
          copy %~dp0.\StartSCCM.cmd c:\temp
          REM Get the current time
          for /f "Tokens=1,2 delims=:" %%i IN ('echo %time%') do set athour=%%i
          for /f "Tokens=1,2 delims=:" %%i IN ('echo %time%') do set atmin=%%j
          REM check to see if launching at minute 58 or 59.  If so, Set time to next hour.
          if %atmin%==59 goto :roll
          if %atmin%==58 goto :roll
          goto :normal
          :roll
          REM Set new time and roll the hour up one and set the minute to 01
          set /a athour=%athour%+1
          set atmin=01
          REM check to make sure we didn't roll the hour to 24
          goto :checkhour
          :checkhour
          REM Check to see if hour is at 24
          if %athour%==24 set /a athour=0
          goto :end
          :normal
          set /a atmin=%atmin%+2
          goto :end
          :end
          Echo Setting SCCMRun.cmd AT scedule for: %athour%:%atmin%
          REM at %athour%:%atmin% /interactive "cmd.exe"
          at %athour%:%atmin% "c:\temp\StartSCCM.cmd"
  4. Create a Mandatory Advertisement of the OS Task sequence to the collection created during the import.
  5. Use the 3rd party software delivery product to run the Task Sequence Boot Media on the machines you wish to deploy (when you wish to deploy them).
    1. Use the 3rd party software delivery product (such as Novell, Altiris, etc...) to launch the Task Sequence Boot Media Install.cmd (launching  not as the system) or StartSCCM.cmd (launching as the system) at the desired deployment time.

Well this took me a long time to post, but I hope the detailed steps are helpful for others.

If you do use this, all I ask is that you just post a reply to my blog entry to let me know it was helpful!

 

Share this post:                                       
Published 13 May 2008 10:12 AM by DavidN-C
Filed under: ,

Comments

No Comments