SCCM Task Sequence GUI - How to set up the TS to work with a GUI


Before I have posted how you can create a TS for windows 10, add a GUI to your TS and run a script to configure your windows 10 install. However all of this has become out dated and so I wanted to update all of that. This how to will walk you through how to create a TS that will allow you to choose a windows 10 or windows 7 image, name the computer, add the computer description to AD, Choose form a list what applications you want to install, Choose to enable BitLocker and set the PIN as well as create a local account.


Prerequisites:
  • MDT integrated to SCCM
  • A boot image with the following components added
    • Windows Powershell(WinPE-DismCmdlest)
    • HTML(WinPE-HTA)
    • Microsoft .NET (WinPE-NetFx)
    • Windows Powershell (WinPE-Powershell)
  • A windows 10 and windows 7 image 

1. Download the package I have put together containing the scripts you will need
https://1drv.ms/f/s!AnpNDdE496wIgrs7X0mk96S6Iv5oTA

2. If you have not already done so download and install MDT on your SCCM site server.

3. Once MDT is installed navigate to where you have installed MDT for me that was C:\Program Files, You will then want to copy the ServiceUI.exe from C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64 and C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86. Copy Each exe into the corresponding TSGUI folders you downloaded in step 1. Just like SCCM boot images you need to use the correct serviceUI.exe with its corresponding image architecture.

4. Where you keep your SCCM package and application content create a folder called OSD, copy each folder from the script package downloaded in step 1 to the OSD folder.

5. Open your SCCM management console navigate to Software Library > Application Management > Packages and create a folder called OSD. Create a package called TSGUI_x64, check the box this package contains source files and point to the TSGUI_x64 folder in your content library, click next. Then choose the radial "Do not create a program" click next and complete the package. Do not forget to distribute the package to your distribution points.

NOTE: When you update the TSGUI script you will need to update the distribution points with this package content to have the change take affect.

6. Open the Create-Account.ps1 script and modify the user name and password for the script. This script will create  a local account that cannot change its password and sets the password to never expire. This can come in handy when deploying an image to a device that wont spend much time on the network.

7. Create a package for the Create-Account AddADDescription and Windows10Setup scripts just like the one you created in step 5. 

8.  Navigate to Task Sequences and create a new custom task sequence.


9. Click Next and name your TS Then choose your custom boot image with the additional components added.

10. The task sequence  you created will be completely blank, you can use some of the other options from building the TS but I find with the amount of customization you need to do starting from fresh is just as good. In the TS create a new group called Task Sequence GUI. Then add a Run Command Line Task to the TS. Name the task UI and use the following from the Command Line


ServiceUI.exe -process:TSProgressUI.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File TSGUI.ps1

Then Check the box for the package and choose your package for TSGUI_x64


11. Create a new group called Install OS, in that group add a restart computer task and name it Restart in Windows PE.


Go to the options tab and add a variable
Variable: _SMSTSInWinPE
Condition: equals
Value: false


12. Add a format and partition disk task to the TS, name the task Partition Disk 0 - BIOS. This task will partition the disk if it is have been setup to use a BIOS instead of UEFI. Under volumes create a new partition entire. Name the partition System Reserved, partition type Primary,size 350 MB, check "Make this the boot partition", check "Do not assign a drive letter to this partition" and choose NTFS for the file system.


Create another partition entry named Windows, Partition type Primary, use 99% of the remaining free space, File system NTFS, variable os


Now add the last partition entry named Windows, partition type Recovery, use 1% of remaining free space.



13. On the Partition Disk 0 - BIOS action go to the options tab and create a variable
Variable: _SMSTSBootUEFI
Condition: not equals
Value: true

 This variable is what will control what partition type will be used if the system was booted up using BIOS then the Partition Disk 0 - BIOS action will apply.

14.  Add another format and partition disk task to the TS named Partition Disk 0 - UEFI. Change the Disk type to GPT and check the box "Make this the boot disk". Under volumes add a partition entry named EFI, partition type EFI, size 500 MB.


Add another partition entry named MSR, partition type MSR and size 128 MB


Now add a partition entry named Windows, partition type Primary, use 99% of remaining free space, file system NTFS and under advanced options add "OS" as the variable.



Add 1 last partition entry named Windows, partition type Recovery and use 1% of remaining free space.




15. Go to the options tab of the Partition Disk 0 - UEFI task and create a variable with the below settings.

Variable: _SMSTSBootUEFI
Condition: equals
Value: true


16.  Right after the Partition Disk 0 - UEFI task you will add a " Set Task Sequence Variable" task Name the task Set OSDPreserveDriveLetter UEFI, use OSDPreserveDriveLetter for the Task Sequence Variable and TRUE for the Value. Now got to options and set the same variable as step 15. This task needs to be in place because depending on your OS you are trying to install and the WinPE version there can be issue where the OS will not install on C drive.



17. Now you need to create a "Set Task Sequence Variable" task for a computer that has been booted using BIOS. Name the task Set OSDPreserveDriveLetter BIOS, use OSDPreserveDriveLetter for the Task Sequence Variable and FALSE for the Value. Next on the options tab create a variabel just like in step 13.


18. Add a task to apply the "Operating System Image" name this task Apply Windows 10 Image. Browse for your windows 10 image and choose the correct image index for your image. For the Destination choose " Logical drive letter stored in a variable" and type os for the variable name. This will apply the image to the partition you set the variable to in step 14. Now you need to go to the options table and create a variable.

Variable: OSType
Condition: equals
Value: Windows10


This is where some of the script for the GUI comes into play. In the script there are sections that will create the variable as well as set the variable you can see this in this line

We then use that variable to trigger specific parts of the TS in this case if you choose Windows 10 x64 from the GUI drop down then the windows 10 image will apply.

19. Now create an Apply Operating System Image task for your windows 7 image. just like the last step but for the variable use Windows7 for the Value.

20.  Create an Apply Windows Settings task and enter the correct information for your organization followed by an Apply Network Settings task.

21. Under the Install OS group create another group called Install Drivers under this group you will add the tasks needed to install drivers. There are 2 different ways to do this, You can us the  Auto Apply Drivers task which will look at all driver categories and choose the best driver for your device or you can use the Apply Driver Package task. I have had success with both however with recent versions of Dell drivers I have had issue when using the auto apply task and the device getting the wrong driver. If you choose to use the Apply Driver Package task you will need to the options tab to add 2 conditions. The first condition will be for detecting that the computer model matches the driver and the second will be for determining what OS is installed.




22. Create a new group called Setup Operating System

23. Add a Setup Windows and ConfigMgr task to the Setup Operating System group. For the package browse to your configuration manger client package and you can enter a few Installation properties here is what I use.

CCMLOGLEVEL=0 CCMLOGMAXSIZE=16000000 CCMLOGMAXHISTORY=1 CCMDEBUGLOGGING=0 SMSCACHSIZE=25600

You can get more properties and information on what each dose from Microsoft's article


24. Add a Run Command Line task and name it Set AD Description. This task will run the SetADDescription script updating the devices description in Active Directory. For the Command line use the following


cscript.exe SetADDescription.vbs "%Description%"

Next check the box for the package and point it to your SetAdDesciption package you created in step 7. Next check the box "Run this step as the following account" you will need to enter the credentials of an account that has the rights to modify the description field of objects in AD, I created a service account just for this job.


25. Add A group called Optional Software. In this group you will put the tasks for software that is listed on the GUI. Create a task for each Application, On the options tab of the application add a variable. This variabel will match up with this section in the script 


The first entry is the name that shows in the GUI and the second entry is the name of the TS variable. If you would want Google Chrome to install when selected you would put a the following for the variable in the TS

Variable: Chrome
Condition: equals
Value: True



You will do this for each application you want to be an optional task

26. Once all of your applications are added create a group called Post Config. In the group you will place all OS and device configuration task that need to be done after the image has been applied.

27. Add a Run Command Line task named Windows 10 Config and brows for the Windows 10 Setup package you created in step 7. You may want to look at the scripts comments to determine what switches you will want to use for your environment, The scrip dose a lot and I go into more detail on all that it can do in my later post. However to get you started here is what I recommend you put in the command line

%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command ".\Windows10Setup.ps1 -RemoveApps -DisableCortana -DisableWindowsTips -DisbaleConsumerExperience -DisableXboxServices -DisableAds -DisableWindowsStore -SetPageFile -StartMenuLayout StartXMLs\StartMenuLayout.xml"

I also recommend putting a Time-out on this task of about 35 minutes and add a variable to the options tab so it only runs on windows 10


 28. Next add another Run Command Line task named Add Local Account. This task will use the "Check this box to create a local account" check box to determine if the account is created. Browse to the Add Local Account package you created in step 7 then use the following for the Command Line


%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File Create-User.ps1

Then under the options tab add a variable

Variable: AddLocalAccount
Condition: equals
Value: True



If you do not want to use this step then don't add its task and on the GUI script comment out the following line


29. For the last task add the Enable BitLocker task. Choose "Current operating system drive" and "TPM and PIN". Please note this task is intended to work with storing the recovery key in AD and I do not check the box for the "Wait for BitLocker to complete the drive encryption process on all drives before Configuration Manager continues to run the task" If you check this box the the TS will not end untill the drive has been encrypted. This will greatly increase the run time of the TS and prevents anything else from being done. If you do not check the box you will want this task to be the very last task in your TS. last on the Options tab enter the following variable.

Variable: EnableBitLocker
Condition: equals
Value: True


 The PIN is set when yo enter the PIN on the GUI, SCCM has the variable builtin and if not specified when this task is used SCCM will prompt you for the PIN.



Comments

Popular posts from this blog

Office 365 Deployment - Office 365 Upgrade Task Sequence

SCCM Task Sequence with GUI - How to install more then one image with a single Task Sequence