-
SCCM Zero Touch Deployments initiated without the SCCM Client?
-
I was recently at a client that was migrating to SCCM from another software delivery product with workstations not in a domain yet they still wanted to use SCCM OS Deployments to deploy their workstations during the migration. Since the current machines were not in an AD domain it was decided to not add the SCCM client to the existing workstations prior to deployment. Although SCCM does not natively support zero touch deployments to non SCCM machines, with a small amount of scripting it can be done.
High level steps:
-
Gather inventory and import the machine into SCCM into a private deployment collection.
-
Create Task Sequence Boot Media and modify it to not have user interaction
-
Create a wrapper for the Boot Media so it can be deployed via a 3rd party software delivery product as well as run from a network share
-
Create a Mandatory Advertisement of the OS Task sequence to the machines you wish to deploy
-
Use the 3rd party software delivery product to run the Task Sequence Boot Media on the machines you wish to deploy (when you wish to deploy them).
It sounds easy enough, but the devil is in the details.... So let me help fill in the details (and even provide some scripts to help ;)
-
Gather inventory and import the machine into SCCM into a private deployment collection.
-
This is actually one of the harder parts. Use whatever you can to inventory your machines and indentify what applications are installed on the machines. Then compare the installed application list to applications that will be packaged into SMS (or already are). Ensure when you import the computer into SCCM that you link those applications to those computers. (Via a custom Task Sequence or Task Sequence variables).
-
Ensure that while importing the machines that they are placed in a new collection based on their deployment.
-
Create Task Sequence Boot Media and modify it to not have user interaction
-
Create your task sequence boot media as normal (either to CD and burn it or to USB) ensuring there is no password required.
-
Copy the contents of this media to a folder on your hard drive (I will call it the ZeroTouchFolder)
-
Modify the ZeroTouchFolder\SMS\Data\TSMBOOTSTRAP.INI changing the line Unattended=false to Unattended=true (this will prevent the boot media wizard from asking for user input to continue)
-
Create a wrapper for the Boot Media so it can be deployed via a 3rd party software delivery product as well as run from a network share
-
This is a two step process. The first is to create a wrapper that will run the SCCM boot media
-
Create a batch file in ZeroTouchFolder called StartSCCM.cmd using either step 1 or 2 below.
-
This batch file will map the network drive to the SCCM Boot media you are creating. This process MUST run from a network share with a mapped drive letter. If your 3rd party software delivery program can automatically run the process from a mapped drive, then you can simply add the following line to your StartSCCM.CMD
SMS\bin\i386\TSMBAutorun.exe
-
If however your 3rd party software delivery program can not automatically map a drive for you prior to running your command (such as with Novell) you will need to do it in your batch file using the following lines:
net use v: /delete
net use v: %~dp0. /user:DOMAIN\USERID PASSWORD
pushd v:\
SMS\bin\i386\TSMBAutorun.exe
-
In order for the SCCM boot media to run correctly from a network share, the process must run as the SYSTEM account. If your 3rd party software can run the StartSCCM.cmd as the system account you can skip this next section. If your 3rd party software delivery program can not automatically run the process as the SYSTEM computer account you will need to create a Batch file in ZeroTouchFolder called Install.cmd
-
Create a batch file in ZeroTouchFolder called Install.cmd. This batch file will launch the StartSCCM.CMD file created earlier under the SYSTEM account on the workstation.
@echo off
REM Prepare drive to run
if not exist c:\temp md c:\temp
copy %~dp0.\StartSCCM.cmd c:\temp
REM Get the current time
for /f "Tokens=1,2 delims=:" %%i IN ('echo %time%') do set athour=%%i
for /f "Tokens=1,2 delims=:" %%i IN ('echo %time%') do set atmin=%%j
REM check to see if launching at minute 58 or 59. If so, Set time to next hour.
if %atmin%==59 goto :roll
if %atmin%==58 goto :roll
goto :normal
:roll
REM Set new time and roll the hour up one and set the minute to 01
set /a athour=%athour%+1
set atmin=01
REM check to make sure we didn't roll the hour to 24
goto :checkhour
:checkhour
REM Check to see if hour is at 24
if %athour%==24 set /a athour=0
goto :end
:normal
set /a atmin=%atmin%+2
goto :end
:end
Echo Setting SCCMRun.cmd AT scedule for: %athour%:%atmin%
REM at %athour%:%atmin% /interactive "cmd.exe"
at %athour%:%atmin% "c:\temp\StartSCCM.cmd"
-
Create a Mandatory Advertisement of the OS Task sequence to the collection created during the import.
-
Use the 3rd party software delivery product to run the Task Sequence Boot Media on the machines you wish to deploy (when you wish to deploy them).
-
Use the 3rd party software delivery product (such as Novell, Altiris, etc...) to launch the Task Sequence Boot Media Install.cmd (launching not as the system) or StartSCCM.cmd (launching as the system) at the desired deployment time.
Well this took me a long time to post, but I hope the detailed steps are helpful for others.
If you do use this, all I ask is that you just post a reply to my blog entry to let me know it was helpful!
-
Create Bootable USB Media without Vista in SCCM
-
Have you ever tried to create a USB bootable media for a task sequence in SCCM but did not have access to an already bootable USB media or a Vista machine with the SCCM console?
If you have a vista machine (or server 2008) it is easy to create a bootable USB media. Simply format the media as NTFS and then use the disk management utility - right click on the media and select "Mark Partition as Active".
If you do NOT have access to a Vista or server 2008 machine you can still achieve the same result with a little more work using just the SCCM console and a writable DVD+-R or CDR. Just follow these steps.
-
Ensure your boot image has "Enable command support (testing only)" selected. (Done via the boot image properties page, Windows PE tab. Usually with the x86 image unless you wish to use the x64 image for this).
-
Select any of your task sequences and "Create Task Sequence Media".
-
Create Bootable media and choose a CD/DVD set - Pointing to a Media File name of your choice.
-
Burn the media to a blank CDR.
-
Boot the burned media on a machine (any machine with USB will work, you will not format the HD so you can use a production machine if necessary). Once booted to the SCCM screen, hit F8. (do NOT continue with the wizard if you are using a production machine)
-
While the machine is booting PE 2.0 plug the USB media you wish to use into the USB slot.
-
From the command window run "diskpart"
-
In Diskpart run the command "list volume"
-
A list of volumes will appear. Determine which volume is the USB media.
-
In Diskpart run the command "select volume X" where X is the volume number of the USB media.
-
In Diskpart run the command "active".
-
You can now use the media as often as you like in the SCCM console as bootable media (you do not need to run this process every time, once it is active (bootable) it will remain so unless you delete the partition).
I hope this tip helps!
-
SCCM Server 2003 Required Services (aka, what not to disable through Group Policy)
-
Have you ever worked in a locked down environment where even your SCCM server has group polices running against it?
Well if you are ever in this situation and are having issues (or prefer to avoid SCCM issues ranging from components failing to install such as the MP or SMP...) you need to ensure the following Server 2003 services are NOT disabled on your SCCM server:
HTTP SSL (default set to manual)
World Wide Web Publishing (default set to automatic)
Com+ System Application (default set to manual)
Distributed Transaction Coordinator (default set to automatic)
Task Scheduler (default set to automatic)
Remote Procedure Call (RPC) Locator (default set to manual)
Additionally ensure that “Guests” are NOT denied batch login Rights.
I hope this helps others avoid the pain I went through!
-
David Norling-Christensen joins The BlogCast Repository
-
So who exactly am I?
I am David Norling-Christensen and have been with Intrinsic Technologies for 7+ years on the Desktop & Server Technologies Team. I specialize in zero touch OS deployments and all supporting technologies. This includes Active Directory (focus on GPO's), SMS, SCCM, Windows Vista, XP, Server 2003 and 2008. Before Intrinsic Technologies I worked for Allstate Insurance for 3 years on the Enterprise Base Image Team creating and supporting their operating system deployments for NT 4.0 and Windows 2000.
So why have I started blogging now?
I have been helped so many times when I am tackling a technical challenge by information others share on the web. I started blogging now because there are many times that I have to create a technical solution that no one else has (or at least has published). Additionally at times here is a lack of information on a subject and I feel that other people could benefit from me sharing the information I gathered.
My blog posts will not be regular, but hopefully they are useful.
David Norling-Christensen