OSD April Notes

We had a great meeting in April with some real OSD rockstars.  It was an action packed full house. 

Here are some notes -

Mike And Troy from 1e presenting.

SMSTSlog size is reset. There is a bug where the variables are reset. The variables are read only and not able to be manipulated.

This bug still exists in R2, it might be resolved in CU3.

TSENV2.exe set _SMSTSLogMaxSize=XXXXXXXXXXXXXX   This tool used to be free, but is no longer. It comes with 1E Nomad.

1e has a free tools page. (thanks to Johan) http://www.1e.com/free-tools/

SetSmstslog.exe -> this sets the log file size (correctly)

Pre-Staging Content in OSD - do it.

(no one is using auto apply drivers)

Use WMI to determine the make and model of the hardware. Check the amount of free disk space on the drive. You need this if you are going to be pre-staging content.

Pre-staging the content allows you to do hundreds of migrations at once.

1. Pre-Flight      check
2. Pre-Stage content      locally

OSD over Wi-Fi

• Use full media to avoid slowdowns with status messages not being able to be sent.
• Use XML to create the Wi-Fi profile. The xml can be exported using netsh wlan.

PXE Booting (this is boring)

D-iscover
O-ffer
R-equest
A-ck

• The rumor is that windows 10 certified devices must be UEFI.
• Some UEFI devices require a x64 boot media, others require x86. This presents a challenge.
• You can query _SMSTSBootUEFI. You have to switch off legacy things in the dell bios in order to use UEFI or have the task sequence determine this is UEFI enabled.
• Using a third party disk encryption makes in place upgrades almost impossible with UEFI. #McAfeeSucks
• You need IP helpers at the routers to handle multiple subnets. Spanning tree protocol has a 45 second delay before it starts forwarding traffic.

Notes sent in to us from Troy:

Pre-flight Checks in the Ultimate Task Sequence - http://www.1e.com/blogs/2014/10/07/including-pre-flight-checks-in-your-ultimate-task-sequence-2/

Testing Required PXE Booting without the OS Deployment - http://miketerrill.net/2015/04/08/testing-required-pxe-booting-without-the-os-deployment/

• PXE Boot files in RemoteInstall folder explained - http://henkhoogendoorn.blogspot.com/2012/02/pxe-boot-files-in-remoteinstall-folder.html
• PXE Boot files in RemoteInstall folder explained (includes UEFI) - http://henkhoogendoorn.blogspot.com/2014/03/pxe-boot-files-in-remoteinstall-folder.html
• Deep Dive PXE Boot Flow - http://blogs.technet.com/b/pingpawan/archive/2014/01/12/deep-dive-pxe-boot-flow-for-sccm-2007-2012.aspx
• PXE Guided Walkthrough for Troubleshooting - http://support.microsoft.com/kb/3012951
• PXE Managing Network Boot Programs - http://technet.microsoft.com/en-us/library/cc732351(WS.10).aspx
• PXE DHCP Options 60, 66 & 67 - http://support.microsoft.com/kb/259670/en-us
• List of TCP and UDP ports - http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
• 60 - vendor-specific client version e.g. use only when DHCP and WDS are on same server
• Network Boot Referral
• 66 - Boot server host name (Bootp)
• 67 - Boot file name (Bootp)
• 68
• 69 - Tftp
• 4011 - ProxyDHCP server (used when DHCP/PXE on same server; Not able to share port 67)

Johan - (SSD and Carrots)

Get SSD drives. Use DeDup in Server 2012 R2. This is a no brainer. You can use PowerShell to force a dedup. This is on Johan's Blog. http://deploymentresearch.com/

You can get a 5" x 5" lab server that is really nice.

Biggest Win 10 challenge - they do not provide a .wim or .iso for windows 10.

You can get an encrypted wim (esd file). Run PowerShell to convert it to an ISO.

http://deploymentresearch.com/Research/Post/399/How-to-REALLY-create-a-Windows-10-build-10041-ISO-no-3rd-party-tools-needed

Offline Servicing - Do not do this! Use MDT for build a capture. http://deploymentresearch.com/Research/Post/357/Building-reference-images-like-a-boss

Use MDT for litetouch Build and capture. This handles updates much better than native ConfigMgr. This requires WSUS (a separate instance)

If you build your image using ConfigMgr, the client gets prestages. This does not happen with LiteTouch MDT.

Use 2 cpus for your virtual machine. Do not use physical machines. This will upset Johan. Use 4gbs of ram or updates will fail.

You set a flag in your unattend file to keep existing drivers. This is useful for capturing a VM and then deploying to a VM.

Why integrate MDT ?

• 280 additional enhancements.
• Development Framework built in
• Simulation Environment
• Gather
• Gather.ps1 available on Johan's blog.

Maik Koster - event handler references. Can be used for automatically backing up task sequences. Bing his name to find the information.

You can export task sequences to XML and then directly modify the xml to change things that would have taken variables previously. (retry variables)

SMSTSPostAction - Use this to reboot a machine after a build finishes. (shutdown /r /t 0) this will also cause group policy updates to be applied.

You can create a web service to move machine objects to an OU.

You can run Orchestrator runbooks directly from an MDT task sequence.

This happens using the Network Access Account, this must have the correct permissions.

Apps vs. Packages

• Both can be installed in a task sequence.
• Applications will fail in task sequences unless you are running CU4.
• Not all bugs are fixed in CU4.
• Revisions are problematic with task sequences. The task sequences will use the wrong revision when you have too many revisions.
• There are tools to convert applications to packages.
• Packages are faster because applications have more overhead.
• Packages are tried and true, been around a long time.

Michael Niehaus - Windows 10

The end of wipe and load

Runtime Configuration - customization without imaging. Self-service methodology.

Hardware requirements for windows 10 is unchanged.

Some x64 devices will not run x64 windows (super rare)

Application remediation not a huge issue in windows 10. You can be reactive, don't expect many problems.

Internet Explorer - always a challenge. IE11 will be built into windows 10. "Spartan" is designed for modern webpages, it is not designed for legacy web apps. IE11 will be required for this. Enterprise mode will be your friend.

IE11 will be the only supported browser on windows 7 in Jan 2016. (Be prepared)

Spartan is a mix between a modern app and a desktop app.

Have IE11 fully deployed in order to make your windows 10 deployment easier.

Manage your enterprise mode and use the available tools to proactively determine what sites may need enterprise mode.

Developers write code, test against chrome and then move on. #developersAreEvil

In place upgrades are not possible if you want to change architecture.

3rd party disk encryption cannot work with in place upgrade #mcafeesucks

There is good rollback for any upgrades that fail.

Upgrades happen faster too (90minutes)

In Place upgrade is preferred upgrade path, this eliminates need for application reinstallation.

Windows.OLD is left behind for 30 days. Disk cleanup wizard will remove this if you want.

Task sequence will built into ConfigMgr vNext for an in place upgrade.(cool)

Windows 10 can upgrade from pro to enterprise without having to do an in place upgrade.

Recovery image not needed with win10, it used the winsxs. That works until you do a reset and then it's all gone. You can use provisioning packages to avoid this problem.

There will be a SP2 to ConfigMgr to add support for windows 10.

Windows Update.log is now binary! (this is done to save space) It also allows for more granular troubleshooting. You can see snap shots in time.

(windows performance toolkit) can be used to view the binary logs / playback

Using dism when you apply an OS you can now use /compact:on this will save you considerable space. This is useful for small drives.