EasyBoot USB 1.1 has been released

Simpel, but very helpful tool to create Windows Boot or To-Go USB sticks

Download Link

It’s that simple, EasyBoot USB with 4 easy steps and you are ready to go.

  1. Insert USB stick
  2. Choose between the following types
    1. UEFI
    2. BIOS
    3. Windows To Go
  3. Browse to your ISO file
  4. Click Start

EasyBoot USB

The tool is pretty much self-explanatory

Do not hesitate to ping me with bugs, feature requests or ideas for new tools 🙂

 

 

 

Automating Windows 10 Enterprise Technical Preview with MDT 2013 Update 1 Preview

To follow-up on my earlier post “Deploying Windows 10 Enterprise Technical Preview with MDT 2012 Update 1 Preview” Let’s try to do a little automation to make the deployment experience a little smoother.

We just need to do a little configuration within the Microsoft Deployment Toolkit 2013 Update 1 Preview.

The first thing that comes to mind is, when we PXE/media boot our client.
We are shown the Microsoft Deployment Toolkit Welcome Wizard. We need to click Run the Deployment Wizard to install a new Operating System.

Note that in this picture is also the option to set Default Keyboard layout for Windows PE as well as a Static IP. I’m going to assume that we always have DHCP in place and accessible for our clients.

To skip the Welcome Wizard:

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. Click Edit Bootstrap.ini
    1. The bootstrap.ini contains configuration needed before we connect to our Deployment Share.
    2. Keep in mind that all changes here will not be reflected until a new media has been generated.
  5. in the [Default] section right under that path to your DeployRoot add: SkipBDDWelcome=YES
  6. Close the editor
  7. Click Ok to close Deployment Share Properties
  8. Right click your Deployment Share
  9. Click Update your deployment share
  10. Click Next
  11. Click Next
  12. Click Finish
  13. The ISO and WIM image within the Boot folder of your Deployment Share has now been updated – attached ISO media to VM or update WIM file on your Windows Deployment Server. I’m going to copy the Wim to my Hyper-V Host and mount it in my test VM.
  14. Boot your client to verify the changes

Next up – User Credentials Prompt

MDT User Credentials Wizard

Specify credentials for connecting to network shares

This is where need to type in the credentials for the Deployment Share. This is the last prompt before we start processing data from the Deployment Share – so we need to edit bootstrap.ini again

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. Click Edit Bootstrap.ini
  5. in the [Default] section right under that path to your SkipBDDWelcome add: UserID=<someusername>
    UserDomain=<domain or servername>
    UserPassword=<somepassword>

    1. The UserID can we a local account on the server hosting our Deployment Share.
    2. UserDomain must reflect if the account is Domain based or local on our Deployment Share server
    3. We only need NTFS read rights (and of course read share permissions) for the Deployment Share
  6. Close the editor
  7. Click Ok to close Deployment Share Properties
  8. Right click your Deployment Share
  9. Click Update your Deployment Share
  10. Click Next
  11. Click Next
  12. Click Finish
  13. Update your ISO or PXE Media
  14. Boot your client to verify the changes

We are now taken directly to the Task Sequence wizard

MDT Task Sequence list

Select a task sequence to execute on this computer

Let suppose that we only have and need one task sequence job – lets automate this step as well

Changes will be a bit easier this time, hence we don’t need to update the ISO or PXE media each time – we are now working with CustomSettings.ini

  1. Right Click your Deployment Share
  2. Click Properties
  3. Click Rules
  4. in the [Default] section right under the last line (In my case its SkipBitLocker=Yes) add:
    1. SkipTaskSequence=Yes
    2.  TaskSequenceID=IW10ETPX64
      1. The Task Sequence ID can be found in Task Sequences tab under the Deployment Share
  5. MDT Task Sequence list

    List of Task Sequences within your Deployment Share

  6. Click Ok
  7. Boot your client to verify the changes

You should now be brought directly to the Computer Details page

Domain or workgroup information

Domain or workgroup information

I’m going to keep this window visible for the computer naming part, but it can of course be skipped. It will require two skip options:

  • SkipComputerName=Yes
  • SkipDomainMembership=Yes

You could also just prepopulate the fields in CustomSettings.ini for either Domain or Group

Domain:

  • JoinDomain=ClientGeeks.com
  • MachineObjectOU=OU=Staging,DC=CLientgeeks,DC=com

Workgroup:

  • JoinWorkgroup=SomeWorkGroup

It will automatically use the account used to connect the network share, you can for obviously reasons use a different account

  • JoinDomain=ClientGeeks.local
  • DomainAdmin=DomainJoinAccount
  • DomainAdminDomain=Clientgeeks.com
  • DomainAdminPassword=Pa$$w0rd1

The great part of working with CustomSettings.ini is that there is no need to rebuild boot media – changes are effective immediately – go ahead and give it a try

When you boot your client again with the latests additions, we have arrived at Move Data and Settings:

move user data and settings

Move data and settings from a previous version of Windows

The default option for this step is: Do not move user data and settings, If we where to just skip this step, the outcome would be no data and settings backup

  • SkipUserData=YES

Some other configuration options are:

  • USMTOfflineMigration=True
  • DoNotFormatAndPartition=Yes
  • OSDStateStorePath=\\MDT01\StateStore$

Configure CustomSettings.ini and boot the client again – you could also just click next, BUT we know that testing is good, and more testing is better! 😉

Next up is the Locale and Time Zone selection

Specify locale and time preferences

Specify locale and time preferences

The valid skip options:

  • SkipLocaleSelection=Yes
  • SkipTimeZone=Yes

I’m going to configure the optional options just as default

  • KeyboardLocale=0409:00000409
  • UserLocale=0409:00000409
  • UILanguage=en-us
  • TimeZone=004
  • TimeZoneName=Pacific Standard Time

If you ready and retry – you should now only be prompted with a “Ready to begin” and a blank details section, don’t see any need for this page, so let’s just skip this as well

Ready to begin

Ready to begin

This can be skipped with the follwing option:

  • SkipSummary=Yes

Let try it out! 🙂

Hopefully you have achieved an automated installation progress now

Installation Progress

Installation Progress

The IT Organization and Running Package name can also we changed, here is an example that includes the current date and tasksequence ID using a variable – can of course just be static text.

  • _SMSTSOrgName=ClientGeeks.com #day(date) & “-” & month(date) & “-” & year(date)#
  • _SMSTSPackageName=%TaskSequenceID%
Customized Installation Progress Window

Customized Installation Progress Window

Here is a snip of my CusomSettings.ini and Bootstrap.ini – yours should look similar to this

CustomSettings.ini

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES

SkipTaskSequence=Yes
TaskSequenceID=IW10ETPX64

SkipComputerName=Yes
SkipDomainMembership=Yes

JoinDomain=ClientGeeks.com
MachineObjectOU=OU=Staging,DC=ClientGeeks,DC=com

SkipUserData=Yes

SkipLocaleSelection=Yes
SkipTimeZone=Yes

KeyboardLocale=0409:00000409
UserLocale=0409:00000409
UILanguage=en-us
TimeZone=004
TimeZoneName=Pacific Standard Time

SkipSummary=Yes

_SMSTSOrgName=ClientGeeks.com #day(date) & “-” & month(date) & “-” & year(date)#
_SMSTSPackageName=%TaskSequenceID%

Bootstrap.ini:

[Settings]
Priority=Default

[Default]
DeployRoot=\\MDT01\DeploymentShare$

SkipBDDWelcome=YES

UserID=svc-mdt-install
UserDomain=ClientGeeks.com
UserPassword=Password1

Have fun deploying! 🙂

Raspberry Pi 2 Overclocking options

Raspberry Pi 2 Overclocking options

  • arm_freq– Frequency of ARM in MHz.
  • core_freq -Frequency of GPU processor core in MHz. It has an impact on ARM performance since it drives L2 cache.sdram_freq -Frequency of SDRAM in MHz.
  • over_voltage – ARM/GPU core voltage adjust. Values above 6 are only allowed when force_turbo or current_limit_override are specified (which set the warranty bit).
  • force_turbo – Disables dynamic cpufreq driver and minimum settings below. Voids Warranty.
  • initial_turbo -Enables turbo mode from boot for the given value in seconds (up to 60) or until cpufreq sets a frequency. Default 0
  • arm_freq_min – Minimum value of arm_freq used for dynamic clocking.
  • core_freq_min – Minimum value of core_freq used for dynamic clocking.
  • sdram_freq_min – Minimum value of sdram_freq used for dynamic clocking.
  • temp_limit – Overheat protection. Sets clocks and voltages to default when the SoC reaches this Celsius value. Setting this higher than default voids warranty. Default 85
  • disable_splash – If set to 1, avoids the rainbow splash screen on boot.
  • boot_delay – Wait for x number of seconds in start.elf before loading kernel. Default 1
  • gpu_mem – GPU memory in megabyte. Sets the memory split between the ARM and GPU. ARM gets the remaining memory.

 

force_turbo=1 Voids Warranty!!!

Deploying Windows 10 Enterprise Technical Preview with MDT 2013 Update 1 Preview

Start the Microsoft Deployment Toolkit Workbench

  1. Open Deployment Workbench
  2. Right Click Deployment Shares
  3. Click New Deployment Share
  4. Change Deployment Share Path to match your environment – in my case I change to D:\DeploymentShare
  5. Click Next
  6. Change the share name or leave as is
  7. Click Next
  8. Change Deployment share description or leave as is
  9. Click Next
  10. Remove all the checks – we will configure these at a later point (CustomSettings.ini)
  11. Click Next
  12. Review details
  13. Click Next
  14. Click Close

Now we have the a deployment share to work from – Now we need some data

Let’s start by importing Windows 10 Enterprise Technical Preview

If you haven’t already downloaded the iso – get it though the Windows Insider Program (http://windows.microsoft.com/da-dk/windows/preview-iso)

  1. Expand Deployment Shares
  2. Expand the newly created MDT Deployment Share
  3. Right click Operating Systems
  4. Click Import Operating System
  5. Mark Full set of source Files
  6. Click Next
  7. Browse to the content of the ISO downloaded from the Windows Insider Program – I mounted the ISO onto my MDT VM, you could also just extract the content and move it to a reachable location UNC or otherwise.
  8. Click Next
  9. Destination Name will show up as Windows 8.1 Enterprise x64 – change this to Windows 10 Enterprise Technical Preview x64
  10. Click Next
  11. Review the details
  12. Click Next
  13. Click Finish
    1. The imported operating system will name appear in Operating Systems with the name Windows 8.1 Enterprise in Windows 10 Enterprise Technical Preview x64 Install.wim

Now let’s go ahead and create Task Sequence to install this nice vanilla version of Windows 10 Enterprise Technical Preview

  1. Right Click Task Sequences
  2. Click New Task Sequence
  3. Type in an ID for your new install task sequence – I will Type IW10ETPX64, could be anything
  4. Type Task sequence name – I will type Install Windows 10 Enterprise Technical Preview x64
  5. Maybe we even type a comment – I will type todays date, this field is not mandatory
  6. Click Next
  7. Choose Standard Client Task Sequence
  8. Click Next
  9. Choose the newly import Windows 10 Enterprise Technical Preview x64 Install.wim
  10. Click Next
  11. We could specify the MAK Key that we got from the Windows Insider Program, but it’s not required
  12. Click Next
  13. Type in Full Name, Organization Name and homepage
  14. Click Next
  15. Type a local administrator password
  16. Click Next
  17. Review the details
  18. Click Next
  19. Click Finish

So now we got the task sequence ready – so what’s next?

Let’s start the creation of the needed boot images (or either ISO or PXE boot)

  1. Right click the Deployment Share
  2. Click Update Deployment Share
  3. Click Next
  4. Click Next
  5. Click Finish

Browse to your Deployment Share in Windows Explorer

Locate the boot folder – We now have the newly generated boot files. Wim files if we want to PXE boot using Windows Deployment Services, or ISO if we want to use a Boot CD.

I’m going to copy the LiteTouchPE_x64.iso to my Hyper-V host, so I can test boot a VM.
Let’s boot and see what happens

  1. Insert the boot media into your VM or test computer (keep in mind we still haven’t added any drivers
  2. Boot on the media

We are now being presented with the Deployment Wizard Welcome screen

If we to automate or just plain and simple skip this window

    • Add SkipBDDWelcome=Yes to bootstrap.ini
  1. Click Run the Deployment Wizard to install a new Operating System
  2. We are now being prompted for Network credentials to access the share
    1. Type in valid user credentials
    2. This can be automated or skipped with
      1. UserID, UserDomain and UserPassword in Bootstrap.ini
  3. Click OK

Now we are connect to the deployment share – all changes needed from heron out is done within the task sequecen, CustomSettings.ini or within the Deployment Share

  1. Choose your Task Sequence – Install Windows 10 Enterprise Technical Preview x64
    1. This can be automated with the SkipTaskSequence=Yes & TaskSeuqneceID=IW10ETPX64 (ID of your task seuqecen) – the changes is needed in CustomSettings.ini
  2. Click Next
  3. Type in a computer name
    1. Of course we can automate this as well… – CustomSettings.ini
  4. Type in Domain or Workgroup information
  5. Click Next
  6. Choose whether or not to move data and settings from previous versions of Windows
  7. Click Next
  8. Choose to restore user data – we don’t in this case
  9. Click Next
  10. Choose your locale and time preferences
    1. Again – we ca automate this in…… CustomS……s.ini
  11. Click Next
  12. Review the details
  13. Click Begin

The computer is now being installed with the Windows 10 Enterprise Technical Preview

Automating the process will be covered in another post, as well as adding applications and customizing J

Installing MDT 2013 Update 1 Preview

Deploying Windows 10 Technical Preview with MDT 2013 Update 1 Preview

Download MDT 2013 Update 1 Preview from connect (https://connect.microsoft.com/ConfigurationManagervnext/MicrosoftDeploymentToolkit)

  1. Start MicrosoftDeploymentToolkit2013_x64.msi
  2. Click Next
  3. Mark I accept the terms in the License Agreement
  4. Click Next
  5. Click Next (the needed components are selected by default)
  6. Click Next
  7. Click Install
  8. Click Finish

Microsoft Deployment Toolkit Update 1 Preview has now been installed

Now Download the Windows Assessment and Deployment Kit for Windows 10 Technical Preview (http://www.microsoft.com/en-us/download/details.aspx?id=45522)

  1. Start Adksetup.exe
  2. Click Next
  3. Click Next
  4. Click Accept
  5. Review the feature list to install – in this case we need to following:
    1. Deployment Tools (tools to customiza and manage Windows images and to automate installation)
    2. Windows Preinstallation Environment (Windows PE) (Minimal operating system designed to prepare a computer for installation and servicing of Windows)
    3. Imaging And Configuration Designer (ICD) (Tool to streamline image customizations, deployment and provisioning across all Windows devices)
    4. User State Migration Toolkit (USMT) (Tools to migrate user data from a previous installation of Windows to a new installation)
    5. Microsoft SQL Server 2012 Express (Database to develop and deploy desktop, web and small server applications)
  6. Click Install
  7. Click Close

It’s that simple 🙂

Intel NUC adding the missing SMBIOS information

Today I encountered the Intel NUC (NUC5i3RYH).

The task was simple, Add Drivers to WinPE & Create Driver Package for Windows 8.1

Unfortunately, the Intel NUC (NUC5i3RYH) was missing vital SMBIOS information ;(

The System Management BIOS (SMBIOS) defines access methods and data structures for BIOS that stores information on specific computers.

Example SMBIOS categories include:

  • Manufacturer
  • Product Name
  • Version
  • Serial Number
  • System SKU Number
  • System family
  • Chassis Asset Tag

I ran the following commandline: wmic csproduct get *

The result concluded that all information (except the SMBIOS GUID) was missing.

In my case, I needed the Product Name to match the actual model number – The info is needed to apply a specific driver package for the model using Configuration Manager or MDT

The Product Name can be verified using commandline: wmic csproduct get name

When assigning drivers from the task sequence in Configuration Manager or MDT I usually use:

SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%TYPE%”

or for Lenovo

SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE ‘%TYPE%’

So what to do?

Intel has released a tool to modify the bios: Intel® Integrator Toolkit (download: https://downloadcenter.intel.com/download/22856)

Using the tool is pretty simple:

  1. Download and Install Intel® Integrator Toolkit
  2. Start the tool
  3. Select download and customize bios in the wizard
  4. Choose your model from the list
  5. Select your BIOS
  6. Click Download and customize
  7. In the SMBIOS tab add the info you need
  8. Click Save
  9. In File Menu, click Create BIOS Install Package
  10. Save your EXE file
  11. Now run the file on the model you need to update with the information – it works from within Windows or from Windows PE.

After the reboot you will need to confirm the BIOS upgrade.

The added information is now available for use

Windows 10 – Windows Updates troubleshooting

If you experience problems with Windows Updates and need to debug on the actual process, WindowsUpdates.log has always been a good place to start……… but not on Windows 10

According to Microsoft these steps are relevant only for the January Tech Preview of Windows 10.

Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written. To decode the resulting ETL files and create a log that you can read, follow these steps.

  1. Download the public symbols by following the directions here. Install these symbols to a directory such as C:\symbols.
  2. Download the Tracefmt.exe tool by following the instructions here.
  3. Open a command prompt with administrative rights.
  4. Create a temporary folder, such as %systemdrive%\WULogs.
  5. Locate the directory that contains Tracefmt.exe, as downloaded and installed in step 2. Then, copy Tracefmt.exe to %systemdrive%\WULogs.
  6. Run the following commands at a command prompt, in the order presented:
    • cd /d %systemdrive%\WULogs
    • copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
    • tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols

For example, the last line might resemble the following:

tracefmt.exe -o windowsupate.log Windowsupdate.103937.1.etl Windowsupdate.103937.10.etl -r c:\Symbols

Lucky for us, we don’t always need to dig deep – there is a deprecated logfile we can use for now (January Tech Preview) WindowsUpdate_AU_deprecated.log

Allowing non-Administrators to control Hyper-V

By default Hyper-V is configured such that only members of the administrators group can create and control virtual machines.  I am going to show you how to allow a non-administrative user to create and control virtual machines.

Hyper-V uses the new authorization management framework in Windows to allow you to configure what users can and cannot do with virtual machines.

Hyper-V can be configured to store it’s authorization configuration in Active Directory or in a local XML file.  After initial installation it will always be configured to use a local XML file located at \programdata\Microsoft\Windows\Hyper-V\InitialStore.xml on the system partition.  To edit this file you will need to:

Open the Run dialog (launch it from the Start menu or press Windows Key + R).
Start mmc.exe
Open the File menu and select Add/Remove Snap-in…
From the Available snap-ins list select Authorization Manager.
Click Add > and then click OK.
Click on the new Authorization Manager node in the left panel.
Open the Action menu and select Open Authorization Store…
Choose XML file for the Select the authorization store type: option and then use the Browse… to open \programdata\Microsoft\Windows\Hyper-V\InitialStore.xml on the system partition (programdata is a hidden directory so you will need to type it in first).
Click OK.
Expand InitialStore.xml then Microsoft Hyper-V services then Role Assignments and finally select Administrator.
Open the Action menu and select Assign Users and Groups then From Windows and Active Directory…
Enter the name of the user that you want to be able to control Hyper-V and click OK.
Close the MMC window (you can save or discard your changes to Console 1 – this does not affect the authorization manager changes that you just made).

The user that you added will be able to completely control Hyper-V even if they are not an administrator on the physical computer.

How To: Debug missing Drivers in MDT

Came across this great post by Keith Garner (http://ow.ly/JeHHD) on Microsoft Social forum

Its the most thorough debugging guide I’ve seen on drivers in MDT

How to debug Network Driver Problems

One of the earliest hurdles an MDT administrator will come across is the management of device drivers, specifically networking drivers. With most other drivers, like Audio, printer, and video drivers, a quick call to Windows Update or install over the network will resolve the Installation. However unless the Network (and storage) Drivers are installed into Windows from the start, it will be much more difficult to install the rest of the system.

This post should help you get started if you find a machine that did not install a device driver properly, and you want to know how to find and import the correct drivers.

Installing network drivers in the full OS

  • Step 1 – Try network connection again
    It’s possible that you might get a DHCP error from MDT, but when you try again later to connect the Deployment Share it works! This may be caused by a slow or malfunctioning DHCP server in your network. Re-check your DHCP servers, ensure that PortFast is enabled on your routers. If all else fails get your network administrators to document the DHCP delay. A long delay in modern networks is unnecessary.
  • Step 2 – Verify connectivity
    You may not have a driver problem but a network problem. Check the physical connection on the computer (Network installs on MDT *REQUIRE* a wired network connection, no Wi-Fi). Open a web browser. Check the IP Address (ipconfig.exe /all). Ping the Deployment Server, manually connect to the Deployment Share. IF you can’t connect to the Deployment Share, neither can MDT.
  • Step 3 – Find the Correct Driver Package
    Before you load the driver into MDT, first verify that you have the correct driver. There are scenarios where you may *think* you have the correct driver, but the driver will never run because the package is designed for a different OS/SKU/Platform/whatever. Install the driver package by:
    â—‹ Open the Device Manager (devmgmt.msc).
    â—‹ Find the network device in the list (ensure this is the wired device, not the wireless device)
    â—‹ Right click on “Properties” and click on the “Details” tab.
    â—‹ From the “Details” tab, select the property “Hardware Ids” select all the values, and copy to the clipboard, it would be a good idea to save for later. Should look something like:
    PCI\VEN_8086&DEV_1502&SUBSYS_21F317AA&REV_04
    PCI\VEN_8086&DEV_1502&SUBSYS_21F317AA
    PCI\VEN_8086&DEV_1502&CC_020000
    PCI\VEN_8086&DEV_1502&CC_0200
    â—‹ From the “Driver” tab, click on “Update Driver…”, click on “Browse my computer for driver software” locate the driver package on the local machine or USB Drive, and install the package.
    â—‹ You should get a confirmation that the driver package was installed.
    â—‹ IF you do not get confirmation, MDT driver installation may not work.

Windows will install the driver starting with the *.inf install package, and will typically include a *.sys (binary) and a *.cat (digital Signature). If the driver package has been re-packaged into a *.cab, *.zip, or other compressed *.exe file, the package must be extracted first. This is a hard requirement for any driver used by MDT and/or SCCM. All driver packages that are signed by Microsoft (WHQL) will be installed from the *.inf file, and you should only use devices that have the Microsoft WHQL Logo as a sign of quality.

If you need a help on where to find driver packages for your devices, the 3 largest Computer OEM manufacturers supply drivers grouped by Make and Model that are easily imported into MDT and SCCM. See: http://deploymentbunny.com/2014/07/08/back-to-basicwhere-to-find-drivers-for-servers-and-clients/

  • Step 4 – Load driver into MDT
    If you have more than 20 driver packages, or if you anticipate you will have more than 20 drivers, you should start grouping your drivers in sub-folders for organization. One popular method is to group by Computer Make and Model. Ensure that you are using the correct Driver Selection Profile in your task sequence. If you are unsure, disable any selection profile(s) to ensure the driver is installed correctly.
  • Step 5 – Run the full MDT installation
    During installation MDT will perform the following:
    â—‹ Run the PNPEnum.exe utility and capture output to PnPEnum.xml. The VEN_Xxxx and DEV_Yyyy from the “HardwareIDs” property above must be present in this list. Otherwise we won’t have a match.
    â—‹ Search through the %DeployRoot%\control\drivers.xml file looking for a match for the HardwareID. MDT may filter the search based on the folder search type.
    â—‹ MDT will copy each matching driver to the local c:\drivers directory using the xcopy.exe command. You can search (grep) for the string “xcopy” in the ZTIDrivers.log file, that will get you list of all driver packages matched by MDT.
    â—‹ MDT will allow the machine to boot into the NEW OS, and Driver Installation will begin in the OS. IF there are multiple drivers found and copied locally, the Windows (not MDT) will determine the best one. The c:\windows\inf\SetupAPI.*.log files will detail which drivers copied locally were installed (or *not* installed).

Installing Network Drivers in WinPE

  • Step 6 – Try the network connection again
    (See above
  • Step 7 – Verify Connectivity from within WinPE
    Verifying network connectivity will be a bit more difficult in WinPE, since we have a limited User Interface, so all investigation must be done in the debugging mode (Press F8) cmd.exe
    â—‹ Try connecting to the Deployment Share:
    c:\> net use * \\MDT\DeploymentShare$ /u:UserDomain\UserName *
    â—‹ Try pinging the Deployment Server:
    c:\> Ping.exe MDT.Corp.contoso.com
    â—‹ Verify that you have an IP address ( ipconfig /all ) If you have an AutoConfiguration address – Driver OK – WinPE can’t reach the DHCP server. If you have “Media Disconnected” – Driver OK – Physical adapter not plugged to network. If no devices are listed – Driver bad – Driver not installed.
    â—‹ Check the x:\windows\system32\WpeInit.log – This log will show the network driver (if found) being installed.
  • Step 8 – Verify driver packages are getting included into WinPE
    Firstly, verify the correct driver package from within the full OS above. By default MDT will import *all* Storage and Networking drivers into your WinPE image. However it is possible to change the subset of files copied via “Selection Profile” or other method. Cross check your WinPE Driver Settings.
    â—‹ From within the MDT console, right click on the root of your Deployment Share and select properties.
    â—‹ Click on the “Windows PE” tab, and the “Drivers and Patches” sub tab for both x86 and x64.
    â—‹ Your Network Drivers package must be in the “Selection Profile” if enabled.Finally verify that the correct Network Driver package is being copied to WinPE. If necessary this may include setting up a debugger to watch the MDT Provider build the WinPE Image from scratch. My preference is to use the SysInternals  http://live.sysinternals.com/Dbgview.exe tool.
    â—‹ Open up the MDT console.
    â—‹ Download and run the DbgView.exe tool.
    â—‹ Update the deployment share in question.
    â—‹ The DbgView tool should show what drivers were copied to each WinPE Image.

Other

  • Whenever you add a driver into the MDT console, you must update the deployment share for that drivers to be added to your WinPE Image. If you are unsure, select “Completely regenerate the boot images.” to ensure the drivers is imported. Additionally, you must copy the updated LitetouchPE_x??.wim and *.iso files to the other consumers of the WinPE image like WDS/PXE and or any USB offline media.
  • Note that some Broadcom NetXtreme class of drivers have a multi-function driver architecture that may have difficulty loading in WinPE. Ensure that you load the “RIS” class of drivers from Broadcom in your MDT environment.
  • Note that by default MDT does *NOT* support the installation of Windows over Wireless network devices (Wi-Fi). The MDT installation sources must either be available through wired networking, or offline (USB Flash) media.
  • This post does not discuss origination of drivers within MDT ( Chaos vs. Total Control ), that is a different topic. http://www.deploymentresearch.com/Research/tabid/62/EntryId/112/MDT-2013-Lite-Touch-Driver-Management.aspx

Further Help

If you are still having problems with drivers in via MDT, ask the experts in the MDT Technet Forum:

  • Include a short description of the problem. Including the Make/Mode if necessary.
  • Include the HardwareIDs from the Device Manager (Devmgmt.msc) into the post (from above).
  • Copy your known good driver package (step 3 above) to OneDrive.
  • Copy the following log files to a public site like OneDrive and include the link:
    â—‹ PnpEnum.xml (from Client)
    â—‹ Bdd.log (From Client) – or at least the ZTIDrivers.log file.
    â—‹ c:\windows\inf\SetupAPI.*.log (from client)
    â—‹ %DeployRoot%\control\Driver*.xml
    â—‹ %DeployRoot%\control\SelectionProfile*.xml
    â—‹ %DeployRoot%\control\settings.xml (if problems in WinPE)
    â—‹ x:\windows\System32\WpeInit.log (if problems in WinPE)
    â—‹ If the MDT server is not including your driver package in WinPE include the DBGView log.

Poweshell under the security context of another user (RunAs)

Recently i needed to run some powershell scripts under multiple security context’s – the main reason for this was my client’s strict delegation model.

We ended up with multiple service account with rights only to the needed systems (Its not such a bad thing!)

The result was this powershell script to change security context

$SPAccountName = “<username>”;
$AccountPassword = “<password>”;
$AccountPasswordAsSecureString = $AccountPassword | ConvertTo-SecureString -Force -AsPlainText
$credential = New-Object System.Management.Automation.PsCredential(“$env:userdomain\$SPAccountName”,$AccountPasswordAsSecureString)
$SvcAccSession = New-PSSession -Credential $credential;
Invoke-Command -Session $SvcAccSession -Script { Import-Module ActiveDirectory }
Invoke-Command -Session $SvcAccSession -Script { Get-AdGroupMember “Some-group”}

In the above example we just get the member of some application group – but really, you can do whatever you like.

If you need it to query a specific server you can use -Computername <servername> right after New-PSSession.

This method also came in rather handy when running service-side powershell execution invoked by a webservice.. but more on that later