MDT 2013 Update 2 UDI Wizard – domain join credentials issue

I recently upgraded to MDT Update 2 integrated with SCCM 1602.  Previously I used to install Windows 7 using MDT UDI (2013 I think?) and configured the OSDJoinDomain and OSDJoinPassword variables as collection variables on the collections I had the task sequence.  But after the 2013 update 2 install, on my new task sequence for Windows 10 they would show up like the below and it wouldn’t join the domain.

Capture3.PNG

So thanks to some help on this TechNet forum we were able to come up with a workaround.

  1. Create two custom variables and place them just before the UDI Wizard step in your task sequence.  One will be the account used to join the domain and the other the accounts password.Capture4.PNGCapture5
  2. Then open up the UDI Wizard Designer and on the new computer details page under “domain join credentials” put in the custom variables you setup into the default value boxes (remember to use %% around your task sequence variables).Capture6
  3. Then simply save your changes and update your MDT Toolkit package in SCCM.  Then you should be all set.

 

Simple RoboCopy Function for quick transfers

A couple of weeks ago I got to thinking, I do these little robocopy transfers all the time why not write a function so I can do a transfer and I don’t have to go looking up all the parameters.  So after a few minutes, the below script was born.  Simply run the script in Powershell, and it will prompt for the old folder (source) and the new folder (destination).  Once the copy is complete it will monitor the source directory and copy any changes until you exit the script which is great when a user is still working in the source directory such as when you need to move a home directory.  It also sticks a log file in the directory you ran the script.  Just keep in mind that this is setup to be a mirror copy and if you reverse the source and destination you will copy the blank destination to your source and end up with a blank directory.

It’s an extremely simple script but maybe it will save someone a little time.  Also in case you haven’t aren’t familiar with robocopy it is the best folder syncing tool out there and has been available since Windows Server 2003.  It won’t sync single files but will sync folders up wherever you need them, resume transfers where they left off on flaky network connections, allows throttling and much more.

function fun-robocopy {
$ScriptPath = (Get-Item -Path ".\" -Verbose).FullName
$Logfile = $ScriptPath+"\Robocopy Logfile.log"
$OLDFolder = Read-Host -Prompt 'Input Old folder to move'
$NewFolder = Read-Host -Prompt 'Input New folder to move to'
Robocopy $OldFolder $NewFolder /MIR /COPYALL /V /FP /XO /LOG+:$Logfile /TEE /Z /MON:1 /MOT:30 /W:5 /R:2
}
fun-robocopy
snip_20160531170841

Shutting off WiFi when connected to a wired connection

In the company I work for we commonly have laptops that are connected to a wired connection and are also connected to WiFi.  This isn’t good practice and DNS gets a little weird when it gets registered IP addresses from both the WiFi adapter and a registration from the wired connection.  I have been using a VB script from intelliadmin that monitors the wired connection and disables the WiFi adapter when the wired connection is plugged in which works great.  You can do as intelliadmin suggests and run it as a group policy computer configuration logon script.  The problem that I ran into with that method is that as group policy runs when a computer starts up if it’s not connected to the network the script wouldn’t run.  Even worse I ran into issues where the user would have their computer connected to a wired connection and shut it off with the wireless connection still disabled. If the user booted up off-network they would call in complaining they had no WiFi.  The solution was to copy intelliadmins vb script local and run as a scheduled task on the local machine.

  1. Use the below batch script to copy the file somewhere local on the machine.  Set this up as a computer startup script via GPO.
xcopy \\domain.com\sysvol\startupscriptgpolocation\netswitch.vbs "%ALLUSERSPROFILE%\scripts\" /D

2. Then setup a scheduled task up via group policy to run the script as system with the
action setup as start a program with the program/script (If you need help see this                    TechNet article) “%ALLUSERSPROFILE%\scripts\netswitch.vbs” and your parameters          (i.e.  “Local Area Connection” “Wireless Connection”).

Now whether your users are off-network or on-network, they will only use the WiFi adapter when an Ethernet Connection is unavailable.

IE Enterprise Mode Site list won’t load sites put into site list manager

I was working on setting up Enterprise Mode Site list for some internal legacy sites so that IE 11 would automatically start them in Enterprise mode.  I followed this article from the billamore.com blog (very well put together article by the way) on how to setup logging and deploy sites you want ran in enterprise mode this way if you have a site that hasn’t been upgraded to be up to par with IE 11 it will still work.  Well I couldn’t seem to figure out why it wasn’t loading the sites in enterprise mode.  All the reg entries were there everything seemed fine.  Well after using this Powershell script a few times to clear the downloaded site list I found a forum on technet that had my answer buried all the way at the bottom.  You can’t use http:// at the start of the site it has to simply be the top level domain for example “domain.com”.  I figured since it simply said URL http://domain.com would work just fine or even http://domain.com/page1.  Guess I figured wrong.snip_20160524164001

MDT UDI Wizard won’t update

Well I finally got a good image of Windows 10 with my custom settings yesterday so now it was on to iron out my deploy task sequence for SCCM integrated with MDT 2013.  I was working on getting my existing UDIWizard_Config.xml files from my MDT 2013 toolkit files for Windows 10 to work with MDT 2013 Update 2.  Why create an entire new file when you can simply reuse my wizard settings as I have a lot of custom settings for OU’s and such.  It seemed that no matter what I did it held onto the old settings and wouldn’t update.  Finally through a mention in a technet forum I discovered that the applications in the install programs page in the wizard caused it to fail and use the old UDIWizard_Config.xml from before.  So I simply deleted all my software in the wizard and re-validated the site settings with configuration manager and then went in and clicked update distribution points.  Eureka, upon pxe booting all my new settings were there. Goes to show what I get for reusing UDI Wizard settings.  So yes you can reuse your UDI wizard settings from previous MDT Versions but proceed with caution.

snip_20160524102205

Windows PE initialization fails with error code 0x80220014

I’ve continued to fight a bunch of issues trying to get imaging to work the way I want it in SCCM 1511/1602.  Well another issue I was running into was when capturing from an SCCM capture disc I would get Windows PE initialization failed with error code 0x80220014.  Well what I discovered is this Microsoft Hotfix fixes the issue and is still an issue in SCCM Current Branch 1602.

 

snip_20160523163222

I have been integrating MDT with SCCM for a long time and followed the below steps from Microsoft to fix the initializing issue when capturing using my MDT boot image. Below are the steps from Microsoft with a few notes and changes on how to do this with an existing MDT Boot image This must be done on a machine with Windows ADK for Windows 10 is installed.

Step 1: Preparation

  1. Extract the contents of the hotfix. For example, extract the contents to the %userprofile%\downloads folder.
  2. Start an elevated “Deployment and Imaging Tools Environment” command prompt.

snip_20160523154044

Step 2: Prepare Windows PE

Create the Windows PE customization working directory, and then mount the image file. To do this, type the following commands, and then press Enter after each command:


dism /mount-wim /wimfile:”E:\Sources\Imaging\OS\MDT Boot images\MDT Boot image W10 64bit SP2\Winpe.wim” /index:1 /mountdir:E:\mount

Note: Point the /wimfile parameter to the winpe.wim you have been using that is having the boot problem.  There will be an second WinPE.packagenumber.wim that SCCM creates from the winpe.wim.  Leave it alone it will get updated when we update the distribution points.  For the /mountdir parameter just create an folder somewhere as the mount directory, here I just created an mount folder at the root of E.

Step 3: Save schema.dat state

Back up the permissions that are applied to the existing schema.dat file before you replace it. To back up the file, type the following command, and then press Enter:

icacls E:\mount\Windows\System32\schema.dat /save “%temp%\AclFile”

 

Step 4: Update the schema.dat file

To replace the schema.dat file that has the updated version, you must take ownership of the file and grant permissions to the local administrators group. To do this, type the following commands, and then press Enter after each command:

takeown /F E:\mount\Windows\System32\schema.dat /A

icacls E:\mount\Windows\System32\schema.dat /grant BUILTIN\Administrators:(F)

xcopy “%userprofile%\Downloads\schema-x64.dat” E:\mount\Windows\System32\schema.dat /Y

Note: the Xcopy is assuming you extracted the hotfix in the downloads folder.

Step 5: Reset permissions and ownership

When the schema.dat file is replaced, the permissions saved in step 5 must be restored by running the following commands:

icacls E:\mount\Windows\System32\schema.dat /setowner “NT SERVICE\TrustedInstaller”

icacls E:\mount\Windows\System32\ /restore “%temp%\AclFile”

 

Step 6: Commit Windows PE changes

Commit the changes to the winpe.wim file. To do this, type the following command, and then press Enter:

dism /unmount-wim /mountdir:E:\mount /Commit

Step 7: Update Distribution points

Click update distribution points on the MDT boot image and then wait for drivers to be injected into your fixed boot image.

snip_20160523155257

Step 8: Recreate capture media

If your doing this like me and using capture media make sure and recreate it so it uses your new boot image.

How Candy Crush can break your Windows 10 image capture

I’ve been struggling to get SCCM 1602 and imaging of windows 10 to play nice and the below is one of the latest issues I’ve encountered.  If your running Windows 10 build 1511 and try to capture you might encounter error code 0x00004005.  One of the possible causes can be all the Appx packages (Candy Crush and Twitter etc.) Microsoft decided to install even in Enterprise edition (that one I don’t understand I could see home even pro but enterprise?).  As was pointed out in this technet article running a Get-AppxPackage -AllUsers | Remove-AppxPackage remedies the issue before capture.