This is the final article of a series creating a custom Boot wizard to dynamically choose the Task Sequence to run on the local computer. (See Create your custom Boot Wizard - some advanced stuff, Create your custom Boot Wizard - Display dynamic data and Create your custom Boot Wizard - Execute the Wizard, process the results and create the Boot Image for Reference).
Now we will make this Boot Image available to all our clients no matter if they are already known to ConfigMgr/SCCM or not.
We will start with deploying the Boot Image via WDS/PXE as this the most scalable solution. Later I will also show how to do the same with CD/DVD Boot Medias. To ease our life we use the PXE Service Point (PSP) Role on our Servers to make our Boot Image available which we have created in the last article. If you add the PSP Role to a server it will create a network share called "SMSPXEIMAGES$" to share the "RemoteInstall" Folder. This Network Share will then be available in the list of Distribution Points for your packages. You need to have at least one x86 and one x64 Boot Image on that share. The x64 is only needed to have some files from the Boot image available to answer PXE Requests of 64 Bit client (and most clients today will identify themselves as 64 Bit capable these days). Limit the amount of packages on this share. You will only need those Boot Images used in your Task Sequences.
When you add the PSP Role to the Server make sure that you enable the "Unknown Computer support" which is available with SCCM 2007 R2.
Now if a client Boots up via network it sends out a PXE Request to our Server (You need to configure DHCP Options 66 and 67 or IP Helpers if the server is not in the local subnet). The Server takes this requests and first checks if the client is already known. If it is known it will resolve the RessourceID of that client. If not, the "Unknown Computer support" does this job by "simply" mapping this unknown computer to a generic account so all unknown computers will be resolved to the same RessourceID (actually they can differ depending on the architecture but you don't need to care about this). If you would like to know more about this just read the really great Blog Posts from Steve Rachui (Unknown Computers in SCCM 2007 R2 - overview and Unknown computers in SCCM 2007 R2 - How it works). Btw, if you experience problems with the unknown computer support check the smspxe.log file on your Server with the PSP role and find the RessourceID of the accounts it is using. In some cases this can be "messed up" a bit as these RessourceIDs point to obsolete records. In this case you need to adjust the "Unknown Computers" collection. Read this Forum Post from Mark Allcock for more information about it.
OK, the Server has now the RessourceID of the Client. The next step is to check if there are any OSD Task Sequences advertised to that Client. So it must be member of a collection with an advertised OSD TS. We want to have this Boot Image available for all our clients, no matter if they are known or not. So the first trick is, we simply use the "All Systems" (which will contain all known clients) and "Unknown Computers" (contains the generic accounts unknown computers will be mapped to) collections!
STOP!
Advertising an OSD Task Sequence to all my Clients? Wouldn't that immediately reimage all my 5k/20k/100K+ machines? Actually you are right. If you are not careful or something unexpected happens (and this will always happen according to Murphy) you will just bust the complete company. Actually a good time to look for a different employment. But maybe they are also happy that they all got a new shiny, well tested, fast, reliable, standardized Operating System ;-)
But this wouldn't be very helpful if there isn't a way to achieve this. First we will make sure that our Task Sequence can't install any Operating System at all. We will only use it to host our Boot Image. But we need to have an OSD Task Sequence. A generic Task Sequence can not be used with PXE.
Here comes the second trick. To turn a general Task Sequence into an OSD Task Sequence it needs to contain the Step "Apply Operating System Image". But it doesn't matter if this step is enabled or not ;-). So create a blank Task Sequence and add the "Apply Operating System Image" Step only and choose any available OS image. It actually doesn't matter as we will never use it.
Then disable this step and save the Task Sequence.
You might want to give it a name like "Boot Wizard only" or similar. After that right click on the Task Sequence and choose Properties. On the Tab check the ... and choose our new Boot Image. Click OK and now we have an OSD Task Sequence with our Boot wizard which won't be able to do anything else then displaying this wizard.
Now we need to make it available to our Clients. Start with the Unknown Computers. Advertise your new "Boot Wizard Only" Task Sequence to the "Unknown Computers" Collection. If you have several primaries do this on the central to have it available for all. Keep the advertisement optional. No further restrictions are necessary.
Second advertise the Task sequence to the "All Systems" collection. Also keep it optional. We now have the problem that this "Boot Wizard only" Task Sequence will show up on every client if they click on "Run advertised program". It will actually not be a problem if a user runs this at the Task Sequence does not contain any step it could execute but it might lead to confusion. To avoid this simply limit the Task Sequence to run only on a small group of computers. Let's say all Windows 2000 machines or all 2008 Servers. Then you only need to inform a quite small amount of people what this is and that they don't need to be afraid of it. You will find this option again on the "Advanced" Tab of the Task Sequence Properties:
OK, give this change some time to make it's way through the infrastructure. We are now back where we were interrupted on our PXE Process.
We have the RessourceID of the Client and now check for available Advertisements. Now every machine has at least one Advertisement with an OSD Task Sequence. Either via "All Systems" or "Unknown Computers". It might have additional OSD Advertisement due to some prestaging etc. But just remember the standards for our Deployments. We have all "real" OSD Advertisements mandatory and our "Boot Wizard Only" is optional. So the PXE Server will prefer the mandatory Advertisements. Now if the Client has already a specific OSD Task Sequence advertised it will execute this one. It could even use the same Boot Image as our Wizard will not pop up if an OSD Advertisement is available already (And that's why we excluded all "SMS..." collections ;-) ).
OK, the Client does not have a different OSD TS Advertised, so it will use our "Boot Wizard only" Task Sequence and boot up our new Boot Image. The wizard pops up, we choose a Task Sequence, the computer will be added to the collection, we wait for the advertisement and voila. Everything works as expected.
STOP!
This Client booted as it had a Task Sequence advertised. And you can not(!) switch from one Task Sequence to a different Task Sequence. You would need to reboot first!
That's right. But the Boot wizard is called using the "Pre-execution Media Hook". And this is called "pre-execution" as it will run before the Task Sequence even started. So at the time the wizard is shown the computer is not aware of any Task Sequence. It has not asked for any yet. And that's the reason for the waiting loop in the wizard as we need to make sure that the new Task Sequence is available before we exit the wizard. As soon as the wizard finishes, the "normal" execution will take place. So the Computer will ask for available Advertisements. If this happens to fast it will only get the "Boot Wizard only" Task Sequence and show you a dialog to run this Task Sequence as it is optional and so won't be executed automatically. We now could simply reboot and boot from network again and PXE would find the mandatory advertisement of the collection we just added the computer to (there is a limitation I will just write about in a moment). But this leads to confusion. As said already, we added a loop into the wizard which waits for the new advertisement. So if the wizard ends and the client asks for available OSD Task sequences it should get at least two Advertisement. As one is mandatory it will immediately execute it. If it has several mandatory advertisement it will simply show a list of all available to choose from. Try to avoid this.
Another word about PXE. The PXE Server will cache the information about Advertisements locally. In standard this will be 60 Minutes. You might want to reduce this time to a shorter time to avoid some problems. To do this you need to change the registry on the PSP server. Look for the Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\PXE. It has an attribute called "CacheExpire". Just set it to e.g. 120.
Now there might be situations, where we can't use PXE so you might want to have a CD/DVD Image available to do the same. Actually this is quite simple. In the ConfigMgr console right click on any Task Sequence (simply take your new "Boot Wizard only" Task Sequence) and choose "Create Task Sequence Media from the context menu.
This will open a wizard which will guide you through the process of creating a Task Sequence Media. As we want to be able to use it to Boot computers, choose "Bootable Media" on the first Wizard page
Then choose "CD/DVD Set" (Haven't tried this with USB Sticks yet :-) ) and specify the path and name of the new iso image.
On the next page you can specifiy to protect the media with a password. I also suggest to not(!) check the "Enable unknown computer support". Our Custom Boot Wizard will take care about this.
And finally choose the new Boot Image we have just created and also choose an appropiate Distribution Point.
After you have finished the wizard it will take a couple of minutes and then you will have a new iso image as specified before. You can take it to Boot any computer. If necessary our Custom Boot Wizard will pop up and add the computer to SCCM and also to the choosen collection. Etc.
There is just one drawback. Even if you can choose a Distribution Point on the last page, the Boot Media will always talk to the Server it has been created from. So if you have a central and a couple child primaries, and you created the boot media on the central it will never work as expected. Our Custom Wizard will add the computer to the correct collection, but as the Computer is trying to get the advertisements from the central, he will never see them.
So you would need to create a Boot Media for each primary. And be aware that you need to also recreate all of them as soon as you change the Wizard and/or the Boot image (New Drivers, etc) if you want to have the changes available on the Boot Medias. But even if you have a couple of Primaries, this shouldn't take to much time. And to make it even easier, this Task can be scripted. Johan Arwidmark has written a Blog Post about how to create a SCCM Task Sequence boot media using vbscript. Just download the script and change the values according to your environment. If you now create a script per Primary with the necessary values it takes you only a couple of clicks to have them all updated. Or combine them in one.
I would say GREAT! We have achieved to start different Task Sequences with one simple generic Boot Image/Wizard which runs via PXE/WDS and CD/DVD. You can add new collections and Task Sequences and the Wizard will show them on the fly. You can hide collections if necessary. What else can you expect?
As this was mainly to publish some ideas and give you a start, the wizard is quite simple. You might wish to add more functionality into it, as typical scenarios are a bit (or some times much) more complex.
Also see Using a custom Boot Wizard to boot known and unknown computers in SCCM and choose a Task Sequence to run - Step by Step for a Step by Step guide covering all the different aspects we walked through the last posts. And you also might want to have a look on the post about How To handle Custom Settings/Properties which shows an example how you could pre-stage the collection ID for certain computers using the MDT Web FrontEnd.
If you want to exchange some ideas about this (or other things) just meet me at this years MMS or drop me a note. :-)
And as mentioned already in the last articles, you will find all files, scripts etc. on our new codeplex page http://mdtcustomizations.codeplex.com/ (Direct link to example files). This has been created as a repository for MDT Scripts, Front ends, Web services and Utilities for use with ConfigMgr/SCCM. Just give it a try and don't save on feedback.