SCCM MDT 2013 Windows 10 TS explained

1.

Partition if necessary – It checks for all the conditions if

_SMSTSInWinPE = True – It means that PC is not in Full OS, but in WinPE stage. All the _SMS* variables are read only built in SCCM Task sequence variables.

_SMSTSMediaType != OEMMedia – It means that system does not have prestaged OS on it. Prestaged media for Microsoft System Center Configuration Manager 2007 R3 operating system deployment contains bootable media and image files that are copied to the hard disk drive of a computer. Prestaged media works together with your existing task sequences to provide a complete operating system deployment. The media can be accessed locally by a task sequence to install a new operating system instead of downloading images across the network. This allows operating system deployment where the computer cannot otherwise be provisioned completely. Because if prestage media is present then disk is ready and does not need to formatted. When a prestage media ( wim file) is created it has task sequence variable _SMSTSMediaType set to OEMMedia. It can also reduce network traffic. Other values could be Boot Media, Full Media, PXE or OEMMedia.

LogicalDisk =3 means it has a local disk.DeviceID = X: means drive letter.FileSystem = NTFS means file system is NTFS.*It means that system should not be NTFS partitioned with logical disk and should not have a drive letter.

2.

If in Memory X:\Deploy\Scripts\ZTIConfirmDiskpart.vbs exist – ZTIConfirmdiskpart gives message confirming if you want to format the drive or not.DiskIndex = 0, is the index number of the disk containing partition.Disk Partition Type = installable file system and NTFS

It runs if zticonfirmdiskpart exist and system is non ntfs.

3.

Prompts for a message, if it is OK to format the disk.

4.

This step would check for _SMSTSBootUEFI variable, if system has a UEFIBoot then it would do a GPT partitioning.GUID partition can have partitons of 2.2 TB and supports 128 partitions.WinRE tools do not have drive letter assigned. It supports failover of windows partition and for bitlocker.EFI – EFI is the system partition of UEFI based computers. Computer boots from this partition . It is formatted with FAT32 . This partition is managed by Operating system and should not contain any other files.

MSR – Microsoft reserved partition – MSR partition is used for drive management. There is one MSR partition for each drive.OSDisk – It is where operating system files reside along with data.

Stores the drive letter for OS install partition in OSDTemporaryDrive variable. It could be changed to OSDisk as this is the variable used in Apply operating system task.

5,

If it is not UEFI bios system then partition using standard MBR.

6.

Runs this steps if ZTIConfirmaDiskpart.vbs does not exist OR system has a logical disk with no drive letter.

Partitioning is same as above but without prompting for confirm message.

7.

This sets a variable ImageOSVer as 10, in case of TS was created for deploying Windows 7 then this would have been 6.XXX something.

8.

As during wizard we did not select User Driven Installation option hence this variable is set to YES.

9.

MDT toolkit package we specified in wizard.

10.

Checks by creating a Windows script host object to see if Windows script host is working. It creates a generic shell, network, filesystem and process object. Also checks if MSXML 6.0 is present.

11.

When you use the MDT Toolkit (standalone, with WDS, with SCCM, it does not matter) the toolkit will as a part of the process run a script called ZTIGather.wsf, this script will do an asset inventory and also read the customsettings.ini file. This will result in a massive amount of information stored in memory (and in a file) during deployment that we then can use to dynamically update the unattend.xml file on the fly and also control conditions and that way also settings and steps in the TaskSequence. ZTIGather,xml gathers information from properties defined in CustomSettings.ini, MDT database,ZTIGather.xml. To test it out manually, boot up in WinPE and press F8 to open a command prompt, then type this:

cscript Z:\Scripts\ZTIGather.wsf /debug:TRUE

It’s recommended that you delete the c:\minint folder (or x:\minint in WinPE) before running these tests to gather fresh data(and after running these tests). Or you could delete the variables.dat as that’s where the data is collected and later gathered in subsequent runs.12.

Non Replace group runs if system is not in WinPE OS.

13.

Validate step runs to check minimum configuration.

14.

ZTIbioscheck step runs ztibioscheck.wsf and checks the BIOS version of the target computers against the list of incompatible BIOS versions in the ZTIBIOSCheck.xml file. Modify the ZTIBIOSCheck.xml file to contain the list of BIOS versions incompatible with the target operating system in the operating system build. 15.

State Capture group runs if OS is not WinPE16.

’UDI Wizard step runs if SkipWizard variable is set to No, but this will not run because this value is yes as we selected to skip UDI in SCCM TS wizard.

The UDI Wizard defaults to using the UDIWizard_Config.xml file in the Scripts folder in the MDT Files package for configuration. You can override the default configuration file that the wizard uses by modifying the UDI Wizardtask sequence step to use the /definition parameter.cscript.exe “%DeployRoot%\Scripts\UDIWizard.wsf” /definition:<path\file_name>.xml. Displays the UDI webpage designed using UDI designer.

17.

Copy SMS logs runs if UDIWizard step was not selected in wizard and OSDStateStorePath existsOSDStateStorePath – This variable is used by MDT, it is the local or UNC path where user state is saved. By default it has no value. The variable is set is during TS creation we select option to capture settings.

Copy the log files from SMS log path location to state store path.

18.

Disabled bitlocker if OSDBitLockerStatus is protected OR IsBDE equals True. Testing your Task Sequence in the REFRESH scenario (initiating the Task Sequence from within the running OS) and find that if Bitlocker is enabled then your standard Task Sequence fails – as it cannot stage the boot image to your OS drive.  You then add the ‘Disable Bitlocker’ task to the Refresh section of your Task Sequence and this works nicely.  The UDI Task Sequence runs OSDBitlockerState.vbs, if Bitlocker is enabled on that partition it will set the ‘OSDBitlockerStatus’ variable to ‘Protected’. ZTIGather.wsf sets the IsBDE variable.

19.

Sets the background, under path %Deployroot%\tools\x86\step_01

20.

Captures the group membership by using /capture parameter and /restore for restoring.

21.

Captures the target computer's domain and workgroup membership information and network adapter configuration.

22.

This property determines whether MDT uses USMT to perform an offline user state migration. In an offline migration, the capture is performed in Windows PE instead of the existing operating system. This variable is set during gather step of MDT defined in ZTIGather.XML file.Offline migration is using USMT is performed for:·     UDI always, regardless of the setting of the USMTOfflineMigration property

·     ZTI only for the MDT Refresh Computer deployment scenario and only when the USMTOfflineMigration property is set to "TRUE"

USMT can perform offline migration of user state from a computer. In an offline migration, the capture is performed in Windows PE instead of the existing operating system. The advantages of performing an offline user state migration are:·     You do not need to log on to the computer on which you are capturing user state.·     Hardware resources and files are more readily accessible by ScanState and other USMT tools.·     Performance may increase on older computers that have limited hardware resources and numerous software applications.·     Doing so may help avoid conflicts where a file is in use by another application or service.·     You may be able to use an offline migration to recover files and settings if a computer no longer starts properly.The disadvantage of performing an offline user state migration is that some user settings are not captured but rather can only be captured while running USMT in the target operating system.

23.

Gives you the ability to estimate the amount of space required for the state store, and then determine whether to store it on the local hard drive or across the network on the ConfigMgr state migration point (SMP) role. This script sets the USMTLocal variable which is used later.

24.

This step runs is USMTLocal not equals true, means hardlinking is not enabled. It is used to request access to a state migration point when capturing state from a computer or restoring state to a computer. The Request State Store task sequence action can be run only in a standard operating system and will not run in the Windows Preinstallation Environment (WinPE).

25.

 This step captures the user state data and stores it on the state migration point or locally using links.

26.

It release connection to SMP.

27.

Runs in case on WinPE only

28.

Format Disk group runs if if it not prestage media and OSDDiskPart is not False, OSDDiskPart of false means drive should not be allowed to format

29.

Runs only if it is not prestage media and system has UEFI BIOS

The variable set for OSDisk is OSDisk.

30.

Runs if it is not prestage media and it’s not UEFI BIOS.

Creates partition for bitlocker and sets OSDisk variable.

31.

Sets OSDDiskpart variable as true

32.

Specifies the mode to be used when enabling BitLocker on  the target computer. Valid values include:TPM. This  value indicates that the Enable BitLocker using TPM only  option is selected and that only TPM will be used when enabling BitLocker on  the target computer.TPMPIN.  This value indicates that the Enable BitLocker using TPM and  Pin option is selected and that TPM and a user-specified PIN will be  used when enabling BitLocker on the target computer.TPMKEY.  This value indicates that the Enable BitLocker using TPM and  Startup Keyoption is selected and that TPM and a startup key will be  used when enabling BitLocker on the target computer.KEY. This  value indicates that the Enable BitLocker using only an  External Startup Keyoption is selected and that only an external  startup key will be used when enabling BitLocker on the target computer.

You can do that in customsettings.ini or a collection etc. depending on how you normally manage your variables. The "Pre-Provision Bitlocker" and "Enable Bitlocker" steps in the standard MDT template assume that the user is using the task sequence in UDI mode - and the UDI wizard will generate the necessary variables for these to work. 

Applies bitlocker to OSDisk. The Pre-provision BitLocker task sequence step in Microsoft System Center 2012 Configuration Manager allows you to enable BitLocker from the Windows Preinstallation Environment (Windows PE) prior to operating system deployment. Only the used drive space is encrypted, and therefore, encryption times are much faster. This is done with a randomly generated clear protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. The ability to pre-provision BitLocker was introduced with Windows 8 and Windows Server 2012. However, you can pre-provision BitLocker on a hard drive and install Windows 7 as long as you follow specific steps. After Windows 7 Setup completes, you must set a BitLocker key protector because the Windows 7 BitLocker control panel does not support BitLocker with a clear protector. You must add a key protector by using the Enable BitLocker step or by using the manage-bde.exe command-line tool.https://blogs.technet.microsoft.com/tip_of_the_day/2013/12/09/tip-of-the-day-bitlocker-pre-provisioning/

33.

Same as above, checking for presense of variable

Creating variable IsBDEPreProvisioned = TRUE

34.

If there are any local networking adapters with static IP addresses saved, this script captures those settings and saves them to the local environment—for example, C:\MININT\SMSOSD\

OSDLogs\Variables.dat. This script can be useful in capturing static IP settings for a large number of computers for automation.

35.

Runs if DeploymentType Variable value is REFRESH, The variable could have 3 values NEWCOMPUTER, REFRESH or REPLACE.NEWCOMPUTER The target computer is a new computer that has never been a

member of the network.

REFRESH The target computer is an existing computer on the network that needs the desktop environment standard to be redeployed.

REPLACE An existing computer on the network is being replaced with a new computer. The user state migration data is transferred from the existing computer to a new computer.

This value is gathered by gather step of MDT.

36.

Reboots the sytem in WinPE37.

Runs if OSDDiskPart is != True, True value suggest that target disk partition will be formatted. OSDDiskpart variable is set during gather step38.

Would run if USMTOfflineMigration = TRUE, means USMT migration would run in WinPe. This variable is set during gather step of MDT defined in ZTIGather.XML file. As we run the TS in Full OS refresh scenario, hence it is not set true.39.

Would run when if system does not have prestage media and that target disk partition will not be formatted. OSDDiskpart variable is set during gather step.

This script initializes USMT to capture and restore user state on the target computer, creates hardlinking.

40.

This step runs if after USMT capture Reg hive exists the unload it

41.

This steps runs if OSDStateStorePath exists. This is set when running gather.

Copies the SCCM log files to this path.42.

This script performs a backup of the target computer using the ImageX utility. If ComputerBackupLocation is specified in CS.ini or MDT then it does not backup. This is specified in gather.xml. It takes a backup of non syspreped image.

43.

Sets the background, under path %Deployroot%\tools\x86\step_02

44.

For System Center 2012 Configuration Manager SP1 and later. This variable determines whether or not the task sequence uses the drive letter captured in the operating system image WIM file when applying that image to a destination computer. In Configuration Manager with no service pack, the drive letter captured in the WIM file is used when applying the operating system image WIM file. In Configuration Manager SP1, you can set the value for this variable to False to use the location that you specify for the Destination setting in the Apply Operating System task sequence step.

45.

Applies Operating System Wim file. 46.

%scriptroot% is the script folder in MDT toolkit. It runs if it does not exist. It is used to execute this step only if needed, explained below. Just to save time.

“Use Toolkit Package” takes the contents of the MDT toolkit package (scripts, tools, etc.) and makes a copy of them on the local hard disk, setting various task sequence variables (DeployRoot, ScriptRoot, ToolRoot, etc.) to let us keep track of where they are.  As a result of this, we don’t need to download them for every

single step. In a bare metal deployment, we “temporarily” format and partition the disk if there were no existing partitions, then download the package (as the download would fail if there were no partitions present).  Later, the disk is repartitioned and reformatted, so that content was lost.  Right after that, the package is downloaded and cached again. In a refresh deployment, we initially download the files to the C: drive and set all the variables to point to that location.  But when rebooting into Windows PE or a new OS, the drive letter may change.  As a result, the variables are no longer valid.  We have to download all the files just so that we can run the ZTISCCM.wsf script to find the already-cached local files. In MDT 2012, we added some conditions to the “Use Toolkit Package” steps so that they only execute when necessary.  So when are they necessary?  Any time the variables (DeployRoot, ScriptRoot, ToolRoot, etc.) aren’t valid.  So the condition was added to say “If not %ScriptRoot% exists”.  That way, the step is skipped when it isn’t needed.

47.

48.

49.

This script configures the Unattend.xml, Sysprep.inf, or Unattend.txt file with the property values specified earlier in the MDT deployment process. The script configures the appropriate file based on the operating system being deployed.This script reads the ZTIConfigure.xml file to determine how to update the Unattend.xml, Sysprep.inf, or Unattend.txt file with the appropriate values specified in the deployment properties. The ZTIConfigure.xml file contains the information to translate properties to settings in the Unattend.xml, Sysprep.inf, or Unattend.txt filehttp://deploymentoasys.com/2016/01/28/zticonfigure-xml-answer-file-mapping-explained/So why is any of this important? Well, if you plan on tweaking the answer file in WSIM you will need to make sure that you aren’t making changes to the settings that will be overwritten by the ZTIConfigure merge process. For example, let’s say that you decide that you want to put the product key and the desired computer name in the answer file. If the ProductKey andOSDComputerName properties are present in the rules file and have values assigned to them, the values that you added to the answer file will be overwritten during the deployment.For this reason, if you want to manually add settings to an MDT answer file, just make sure you know which settings will be overwritten and which settings will persist.50.

51.

Sets image in location Sets the background, under path %Deployroot%\tools\x86\step_03

52.

53.

54.

Sets image in location Sets the background, under path %Deployroot%\tools\x86\step_04

55.

Select only to install updates who are mandatory or All. Including available as well.

New addition in SP2 to retry if computer restarts unexpectedly.  Prior to System Center 2012 Configuration Manager SP2, the task sequence step does not retry and cannot suppress restarts so the software update installation fails if a restart occurs. Therefore, prior to System Center 2012 Configuration Manager SP2 you must use the software update feature to install the software update when it requires a restart.

56.

Tattoes deployment information in WMI and registry. ZTITatoo.mof file is present in script folder specifying the tattooing information.

57.

Explained above in step 32 bitlocker is provisioned and now its time to enable it.

This script installs and configures BitLocker on the target computer. BitLocker configuration is limited to New Computer scenarios that have hard disks configured with a single partition.Note   For ZTI and UDI deployments, the UILanguage property must be set in CustomSettings.ini or in the MDT DB, because ZTIBde.wsf tries to read the locale from the UILanguage property.58.

Used to deploy packages. The software that is installed must meet the following criteria: It must run under the local system account and not the user account. It should not interact with the desktop. The program must run silently or in an

unattended mode. It must not initiate a restart on its own. The software must request a restart using the

standard restart code, a 3010 exit code. This ensures that the task sequence step will properly handle the restart. If the software does return a 3010 exit code, the underlying task sequence engine will perform the restart. After the restart, the task sequence will automatically continue.

Each variable name consists of its common base name plus a numerical suffix starting at 001. The value for each variable must contain a package ID and the name of the software separated by a colon. For example,Variable Name VariableValuePACKAGES001 CEN00054:Install AdobePACKAGES002 CEN000E3:Install silentPACKAGES003 CEN00023:InstallAdd the above variables in deployment collection and PCs will get the packages installed.It could also be installed using customsettings.ini by adding entries like belowPackages001=PRI000CE:Per-system unattended – GSPackages002=PRI000CD:Install VPN

59.

This script allows you to define and name variables using identifying information about the program to run—for example, ComputerApplications100, ComputerApplications110, or CollectionApplications150. Then, when this script is run, Configuration Manager 2012 or Configuration Manager 2007 R3 finds all variables that match a pattern (for example, all variable names that contain the string Applications) and

builds a sequential list, without gaps, using the base name COALESCEDAPPS. Also converts three digit code to 2 digitFor exampleFor example, if the following variables were defined (using computer variables, collection variables, or in CustomSettings.ini or the MDT DB, for example):·     ComputerApplications100=XXX00001:Program·     ComputerApplications110=XXX00002:Program·     CollectionApplications150=XXX00003:Program·     Coalescedapps190=XXX00004:ProgramAfter the script runs, the list would be:·     COALESCEDAPPS01=XXX00004:Program·     COALESCEDAPPS02=XXX00001:Program·     COALESCEDAPPS03=XXX00002:Program·     COALESCEDAPPS04=XXX00003:Program

60.

Used to deploy applications based on dynamic variables.

61.

It’s a flag to indicate if machine should be syspreped and captured as new WIM. This flag is set as false in our case as we did not select the option to capture the image, hence this step will not run.

Restores the local group membership62.

Sets the image step_05

63.

OSDStateStorePath – This variable is used by MDT, it is the local or UNC path where user state is saved. By default it has no value. The variable is set is during TS creation we select option to capture settings.

Connects to the state store path.

64.

Runs the step if OSDStateStore path exist and in that path either USMT or USMT3 folder exist, For example in my test run it created USMT folder under statestore folder in D(OS installed on D drive) drive.

Restores all captured profiles65.

Copy the SMS logs to statestore path if it exists

66.

This script moves the captured user state and backup files to C:\Windows\Temp\StateStore

67.

Runs if variable APPLYGPOPACK != NO, If you do not want to apply any GPO Packs then task sequence step can be skipped by setting the variable ApplyGPOPack to NO in customsettings.ini.

Allows to apply GPO Packs created using Security Compliance Manager (SCM) during the deployment process. SCM is a great tool that allows you to create and manage group policy baselines in an easy to use interface. These polices are then able to be applied at the domain level or as  “Local GPO Packs”. MDT can now deploy these “Local GPO Packs” during deployment.All GPO packs are stored in the Templates folder within the Distribution Share. For example <Distribution Share>\Templates\GPOPacks\<GPO Pack Folder>. When you specify your own GPO Pack you must override the default GPO pack using the GPOPackPath variable in the customsettings.ini file. This is a relative path from the <Distribution Share>\Templates\GPOPacks\ folder. For exampleGPOPackPath = Win7-HighSecurity68.

Copy the Smsts.log and BDD.log files to a subfolder beneath the share that the SLShare property specifies. The subfolder takes the name that OSDComputerName, _SMSTSMachineName, or HostName specifies.SLShare is the path specified in CS.ini69.

Group runs if DoCapture is set to yes.

70.

Prepares configmgr client for capture by removing smscfg.ini, removing configmgr certificates, clearing client cache, clearing assigned site, deleting policies and removes trusted key root.

71.

Runs sysprep and reboots PC in WinPE.Automatically build mass storage driver list

Select this option to have Sysprep automatically build a list of mass storage drivers from the reference computer. This option enables the Build Mass Storage Drivers option in the sysprep.inf file on the reference computer. For more information about this setting, refer to the Sysprep documentation.

Do not reset activation flagSelect this option to prevent Sysprep from resetting the product activation flag.

72.

Captures the image

73.

Runs if UDI wizard is skipped and we are not capturing image.

74.

Copies from MDT share\tools\OSDresults folder to

75.

Scans the USMT logs files for progress.

76.

Sets value to variable OSDEndTime

77.

Gets the variable for OSD results

78.

Brands values to registry HKLM\Software\Microsoft\MPSD\OSD Registry key

79.

Echo OSDGUID

80.

Scans installed apps and adds it to log file

81.

Creates log files with OSD results

82.

Create event id 41015 that ZTI deployment done

83.

Runs if user cancels OSD wizard.

84.

Sets ErrorReturnCode to retrun code by last action in TS

85.

Sets TS variable SMSTSErrorDialogTimeout to 1.

86.

87.

Creates EventID 41014

88.

Runs if last step in TS fails, used in case TS fails for any reason apart from user cancelling

89.

Sets ErrorReturnCode to retrun code by last action in TS

90.

This script moves the captured user state and backup files to C:\Windows\Temp\StateStore

91.

Copy smsts.log and bdd.log to SLShare, SLShare is defined in CS.ini

92.

Creates EventID 41014