Microsoft have announced a change to their stance on App-V support.
Whilst the streaming server will still be deprecated, the App-V Client and Sequencer will now be “un-deprecated” and moved into Fixed Extended Support as part of Windows.
So good news if you consume App-V apps via ConfigMgr, not so good if you use them streamed over the network.
https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/app-v/appv-support-policy
I like to use PowerShell for all my scripting these days (all VB and batch files have now been rewritten in PoSh) and I also like to use RoboCopy for any file copies that I need to do such as in an OSD Task Sequence.
The pain in the arse with RoboCopy is the return/exit codes it uses which cause issues when used in PowerShell scripts.
The return codes used by PowerShell are:
0 No files were copied. No failure was encountered. No files were mismatched. The files already exist in the destination directory; therefore, the copy operation was skipped. 1 All files were copied successfully. 2 There are some additional files in the destination directory that are not present in the source directory. No files were copied. 3 Some files were copied. Additional files were present. No failure was encountered. 5 Some files were copied. Some files were mismatched. No failure was encountered. 6 Additional files and mismatched files exist. No files were copied and no failures were encountered. This means that the files already exist in the destination directory. 7 Files were copied, a file mismatch was present, and additional files were present. 8 Several files did not copy.
Because PowerShell expects an exit code of ‘0’ for success, if RoboCopy completes with an exit code of ‘1’ (i.e. All files were copied successfully) then it throws an exit code other than ‘0’.
In an OSD Task Sequence this is picked up as an error and will therefore cause the Task Sequence to fail. Bollocks.
This can easily be prevented using a wee bit of code at the end of the script used to run the RoboCopy.
In the example below I am copying a single ISO image using a PowerShell script in a Task Sequence (using a ‘Run PowerShell Script’ task). The resulting PowerShell exit code will equal ‘1’ as “all files will be copied successfully”.
<#
.SYNOPSIS
Copies VM Bootable ISO
.DESCRIPTION
Copies the VM Bootable ISO from the package folder to C:\Media
.EXAMPLE
PowerShell.exe -ExecutionPolicy ByPass -File <ScriptName>.ps1
.NOTES
Author: Jonathan Conway
Version: 1.0
Created: 29/11/2017
#>
# Set variable for newest ISO in package folder (in case there are more than one then the most recent will be chosen)
$ISO = Get-ChildItem '.\*.iso' | Sort-Object 'LastWriteTime' | Select-Object -last '1' | Select-Object -ExpandProperty 'Name'
# Run ROBOCOPY to copy the Bootable ISO image to "C:\Media"
& ROBOCOPY ".\" "C:\Media" $ISO
# Robocopy for a single file returns a exit code of "1" (i.e. All files were copied successfully) which causes a Task Sequence error - this "if" statement changes exit code to a "0"
if ($LASTEXITCODE -eq '1') {
EXIT 0
}
To prevent a Task Sequence failure I can intercept the ‘$LASTEXITCODE’ variable and exit the script with a ‘0’ using an ‘if’ statement.
This will then be picked up by the running Task Sequence and consumed as a ‘success’ which will subsequently allow the Task Sequence to progress without error.
Marvellous!
/ JC
Quick and simple way to see if the TPM on a computer is Enabled, Activated and Owned – all of which are required before using them for BitLocker:
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned_InitialValue
As long as they all return as “True” you’re good to go.
/ JC
Sometimes you will have an AD Service Account configured and you might not be sure what the password is – a good example of this that sometimes catches me out is the MCM Network Access Account.
To safely test the account username and password we can use PowerShell with the following simple and safe command:
Start-Process -FilePath winver.exe /c -Credential (Get-Credential)This will attempt to run “winver.exe” and a prompt will appear asking for credentials:
If the account credentials that you enter are not correct you will see the following error:
But if the credentials provided are correct then “winver.exe” will open as expected and no error message will be produced:
Simple but effective π
/ JC
To make sure you have CMTrace.exe available for use on machines that are deployed via ConfigMgr Task Sequences you can add a “Run Command Line” task immediately after the “Apply Operating System Image” that copies the executable from the boot image being used to deploy the OS (CMtrace.exe is included by default ConfigMgr WinPE boot images – WinPE is mapped as X:\ during OSD) and results in it being available once OSD completes:
cmd /c xcopy X:\SMS\BIN\x64\CMTrace.exe %OSDTargetSystemDrive%\Windows\System32\ /E /H /C /I /Q /YThis command line will need to be amended in the unlikely scenario (it’s 2017 after all) that you’re deploying a 32-bit Operating System to change the xcopy target path accordingly.
/ JC
Note: This was originally documented on TechNet yonks ago:Β Link
If you get a message in the Windows 10 Action Center saying “Finish installing device software” with a red/white cross and a UAC symbol on then it’s likely that a driver is missing, a driver needs some software installed or that Windows needs your permission to resolve one of these actions (hence the UAC symbol).
In can be an absolute pain to figure out which device/driver is causing this issue but one way to track it down is to click to allow the install to complete and then look in the file:
“C:\Windows\Inf\setupapi.dev.log”
Look for Finish-Install actions (typically they will be the latest entries in the log file if you’ve just clicked to complete the action immediately before looking) and that should lead to you to identifying the troublesome device. Back of the net.
/ JC
To quickly see which drive letters/volumes are available from a command promptΒ you can use wmic to get a quick summary.
The following command will give you the information you need:
wmic logicaldisk get description,name
/ JC
Microsoft look to be moving to a cumulative approach to updates with Windows 7 and 8.1 which seems to be similar to what they have already done for Windows 10.
Single Cumulative Updates instead of multiple individual patches moving forward. Better late than never I guess… π
See the full blog post on TechNet:
/ JC
Just a heads up – after wasting the best part of a day trying to figure out what was wrong it turns out that Language Packs for Windows 10 are release specific and only seem to work with the corresponding release of Windows.
What this means is that Language Packs for Windows 10 1511 won’t install offline via MDT when creating a reference image using 1607 Windows 10 media.
1511 Language Packs only work with 1511 media and NOT 1607 media.
Bugger.
Need to wait for 1607 Language Packs to be released then eh… π
/ JC
RoboCopy is used as a tool to copy folders but it can also be used to copy single files if required.
This is handy if you’re copying a large file (such as an ISO or WIM image) and want some sort of feedback from a command prompt on how it’s progressing (not something that happens with xcopy or copy).
Say you want to copy a file called BigFile.iso from the root of the C:\ Drive to the root of the E:\ drive you could use the following command
robocopy C:\ E:\ BigFile.iso
/ JC
Recently a customer wanted the ability to be able to rebuild Windows XP machines (!) via SCCM 2012 R2 by just adding machines into a rebuild collection.
This doesn’t work out of the box with the version of WinPE that ships with SCCM so to get it to work you need to create a custom Boot image based on WinPE 3.1, add it into ConfigMgr and associate it with the Windows XP Task Sequence – this allows WinPE to pre-stage onto the local disk and for the machine to successfully reboot into it.
The following code can be added into a Batch File and executed as an Administrator to automate the creation of the Boot Image and add the required components.
@echo off echo: echo # REMOVE DIRECTORY IF IT EXISTS echo: RD C:\TEMP\WinPE\LegacyWinPEx86 /S /Q echo: echo # CREATE X86 WINPE FOLDER STRUCTURE echo: CALL "C:\Program Files\Windows AIK\Tools\PETools\copype.cmd" x86 C:\TEMP\WinPE\LegacyWinPEx86 echo: echo # COPY WIM FILE TO ISO\SOURCES DIRECTORY AND RENAME AS BOOT.WIM echo: COPY C:\TEMP\WinPE\LegacyWinPEx86\winpe.wim C:\TEMP\WinPE\LegacyWinPEx86\ISO\sources\boot.wim echo: echo # MOUNT THE BOOT.WIM FILE IN THE MOUNT DIRECTORY echo: Dism /Mount-Wim /WimFile:C:\TEMP\WinPE\LegacyWinPEx86\ISO\sources\boot.wim /index:1 /MountDir:C:\TEMP\WinPE\LegacyWinPEx86\mount echo: echo # ADD OPTIONAL COMPONENTS TO WINPE IMAGE echo: Dism /image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-wmi.cab" Dism /image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-scripting.cab" Dism /image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-wds-tools.cab" Dism /image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-hta.cab" Dism /image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-mdac.cab" echo: echo # SET SCRATCH SPACE TO 128MB echo: Dism /Set-ScratchSpace:128 /Image:C:\TEMP\WinPE\LegacyWinPEx86\mount echo: echo # ADD ANY REQUIRED DRIVERS TO THE IMAGE echo: Dism /Image:C:\TEMP\WinPE\LegacyWinPEx86\mount /Add-Driver /Driver:C:\TEMP\WinPE\Drivers /Recurse echo: echo # UNMOUNT IMAGE AND COMMIT CHANGES echo: Dism /Unmount-Wim /MountDir:C:\TEMP\WinPE\LegacyWinPEx86\mount /Commit
/ JC
In can be useful to know that pressing Shift + F10 during a Windows OS deployment setup (i.e. after the WinPE phase has completed) opens up a command prompt to allow troubleshooting using tools like CMTrace.exe if they are available on the machine being built.
https://support.microsoft.com/en-us/kb/242380
/ JC
In the event that you’re using UUID or MAC Address to uniquely identify computers in a database (the MDT database or ConfigMgr for example) you might want a quick and easy way of getting these values from the Command Prompt on the target computer…
UUID
wmic csproduct get "UUID" > C:\UUID.txtMAC Address
wmic nic get "MACAddress" > C:\MAC.txtor
ipconfig /all | find /i "phy" > C:\MAC.txt/ JC
An easy way to run programs (like regedit.exe) as SYSTEM is by using PSExec which is part of the Microsoft Sysinternals Suite.
psexec -i -d -s ProgramName.exe
For example to use PSExec to run regedit on the local machine in the SYSTEM context (and be able to interact with it on the desktop) run the command:
psexec -i -d -s regedit.exe
/ JC
If you’ve ever come across an issue related to file paths being too long it can sometimes be tricky to locate the offending files/paths.
Useful free tool to do this with a GUI is “Path Length Checker” and you can grab it from Codeplex at the following address:
http://pathlengthchecker.codeplex.com/
/ JC
Replacement for the legacy net use command – PowerShell command to map a network drive is:
New-SmbMapping -LocalPath F: -RemotePath \\server\folder
(thanks to Daniel Davies at risual for this handy tip – link)
/ JC
It’s often useful to be able to view WMI information and subsequently create queries to use in MDT and ConfigMgr.
The best tool I’ve found for doing this is WMI Explorer which is a free tool available on Codeplex:
WMI Explorer: https://wmie.codeplex.com/
Alternatives that I have also used are:
Goverland Free WMI Explorer: http://www.goverlan.com/wmix.php
Windows PowerShell Scriptomatic: https://www.microsoft.com/en-us/download/details.aspx?id=24121
Microsoft Scriptomatic 2.0: http://www.microsoft.com/en-gb/download/details.aspx?id=12028
/ JC
To do day-to-day tasks on your .wim files it may be useful to use a tool with a graphical user interface.
The best tool I’ve come across to do this is DISM GUI which is published on the Codeplex website:
/ JC
To force MDT deployments away from the default screen resolution setting of 1024×768 add the following entries into CustomSettings.ini to force automatic detection of screen resolution:
XResolution=1
YResolution=1
/ JC
To ensure that laptops don’t enter a sleep state when you close the lid you can run a script at deployment time that utilises the powercfg.exe command line utility.
To set the action for “When I close the lid” to ‘Do nothing’ use the following commands in a PowerShell script as part of your MDT Task Sequence:
powercfg.exe -SETACVALUEINDEX "381b4222-f694-41f0-9685-ff5bb260df2e" "4f971e89-eebd-4455-a8de-9e59040e7347" "5ca83367-6e45-459f-a27b-476b1d01c936" 000 powercfg.exe -SETDCVALUEINDEX "381b4222-f694-41f0-9685-ff5bb260df2e" "4f971e89-eebd-4455-a8de-9e59040e7347" "5ca83367-6e45-459f-a27b-476b1d01c936" 000
/ JC
Simple registry fix will sort that:
http://support.microsoft.com/kb/951016
/ JC
Scenario: You’re deploying laptops via MDT into a Workgroup environment (I.e. no access to Power Plan GPO settings) but want to prevent computers from going to sleep, hibernating or turning off the HDD.
Solution: powercfg.exe
Simply add an MDT Application containing a Batch file a series of powercfg.exe commands.
My example below will disable (i.e. set to ‘0’) the ‘turning off’ of HDD, sleep and hibernation either plugged in (AC) or battery (DC):
@ECHO OFF powercfg.exe -change disk-timeout-ac 0 powercfg.exe -change disk-timeout-dc 0 powercfg.exe -change standby-timeout-ac 0 powercfg.exe -change standby-timeout-dc 0 powercfg.exe -change hibernate-timeout-ac 0 powercfg.exe -change hibernate-timeout-dc 0
/ JC
It seems (from Michael Niehaus’s post here) that some folders are missed out when replicating to Linked Deployment Shares and more importantly (in my case anyway) to Offline Media – in my scenario the folder being missed is some Custom GPOPacks that I have created and placed in the ‘%DeploymentRoot%\Templates\GPOPacks’ folder.
As Michael demonstrates there is a PowerShell command which can be used to ensure that this content is copied when creating Offline Media. This is what I used to add my GPOPacks into my Offline Media copy:
Import-Module 'C:\Program Files\Microsoft Deployment Toolkit\Bin\MicrosoftDeploymentToolkit.psd1' Restore-MDTPersistentDrive Set-ItemProperty -Path 'DS002:\Media\MEDIA001' -Name ExtraFolders -Value @(βTemplates\GPOPacksβ)
After running these commands and then updating the media content, the required folders were included in the Offline Media.
/ JC
WINDOWS CLIENT
Windows XP
select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1"
Windows 7
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1"
Windows 7 (32-bit)
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 7 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 8
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1"
Windows 8 (32-bit)
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 8.1
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1"
Windows 8.1 (32-bit)
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 8.1 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 10 RTM (32-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.10240%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 RTM (64-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.10240%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 10 1511Β (32-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.10586%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 1511 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.10586%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 10 1607 (AnniversaryΒ Update) (32-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.14393%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 1607 (AnniversaryΒ Update) (64-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.14393%" AND ProductType="1" AND OSArchitecture = "64-bit"
Windows 10 1703 (Creators Update) (32-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.15063%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
Windows 10 1703 (Creators Update) (64-bit)
select * from Win32_OperatingSystem WHERE Version like "10.0.15063%" AND ProductType="1" AND OSArchitecture = "64-bit"
WINDOWS SERVER
Windows Server 2003
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3"
Windows Server 2003 (Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2"
Windows Server 2003 R2
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3"
Windows Server 2003 R2 (Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2"
Windows Server 2008
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3"
Windows Server 2008 (Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2"
Windows Server 2008 (32-bit)
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 (32-bit, Β Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
Windows Server 2008 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND OSArchitecture = "64-bit"
Windows Server 2008 (64-bit, Β Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND OSArchitecture = "64-bit"
Windows Server 2008 R2 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="3"
Windows Server 2008 R2 (64-bit, Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="2"
Windows Server 2012 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="3"
Windows Server 2012 (64-bit, Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="2"
Windows Server 2012 R2 (64-bit)
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="3"
Windows Server 2012 R2 (64-bit, Domain Controller)
select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="2"
/ JC
Often used in MDT to ensure certain drivers or applications only get installed on certain hardware types, WMI queries on Model are very useful for Windows deployments to physical machines.
The following command will return the Make/Vendor of the hardware:
wmic csproduct get vendor
Vendor
Hewlett-Packard
The following command will return the Model of the hardware:
wmic csproduct get name
Name
HP Compaq 8000 Elite SFF PC
For reference – the list below shows the results for various HP hardware which I have needed to deploy:
/ JC
Conway's IT Blog 