This is for my own future reference - nothing new here.
IIS
· Add ISS Role.
· ADD ASP.NET .
WEBDAV
· Install WEBDAV.
· Enable WEBDAV.
· Add Authoring Rule - (All Users, Read) and (Administrator, Read, Source, Write).
Windows Authentication
· This is an IIS Role Service – add it.
· Enable on Default Website – Authentication.
Authorization Rules
· Install Desktop Experience Feature.
· Add URL Authorization Role – IIS – Security.
· Restart IIS Manager.
· Verify Authorization Rule exists for All User s- Allow.
IIS 6 Management Compatibility
· Add this Role.
Bits Server Extension Feature
· Add this Role.
ASP.NET Role
· Add this on Reporting Point – This is an IIS Role service.
Remote Differential Compression Feature
· Install this feature
It looks like some of us may be able to get our hands on a legit copy of Beta 7 tomorrow. Did anyone clear this with my wife?
Microsoft CES overview
I've added to my OSD back end script the code that will add a specified user, and other hard coded AD security groups to the local groups on the OSD target machine.
Link directly to the post
Link to my OSD scripts table of contents
Here is a quick table of contents to all of my OSD scripting posts. I am hoping to go back and clean up some of the posts and will also continue to add as I come across items.
Post 1 - Introduction
Post 2 - Simple Front End
Post 3 - Larger Front End
Post 4 - Back End Script
Post 5 - Troubleshooting
Due to the Task Sequence dependencies troubleshooting custom OSD scripts can be somewhat of a pain. Here are a few basic tips that may not be so obvious when beginning this process.
1. Remove all Task Sequence dependencies and interactions. Basically write up a script that will perform what you want it to perform (set AD computer Description for example). Get this working and then add in the Task Sequence interaction.
2. On you boot image make sure you “Enable Command support”. This is done on the Windows PE tab of the boot images properties.
3. I often elected to leave my custom scripts off of the task sequence rather running them manually until they were in working order. Do so by pressing F8 to open up a command prompt. Connect to a network share on which the scripts are stored, this can be done with the following “net use j: \\server\share”. Depending on security you may have to add some credentials. Once complete simply run your scripts, or copy them local and run if needed. Considering they are being executed inside of the Task Sequence environment all TS variables should be valid. If you run into an error, make changes on the script and run it again. Once you have opened up a command prompt, the TS will not reboot the machine until the command prompt is closed. This allows for ample time to hack through the scripts. One thing to note, I found doing this before the Post Install reboot to be the most helpful place. Even though the machine will not re-boot with the command prompt open, during the State Restore group the TS environment seams to close and your variables will no longer be valid.
4. Here is a script that will echo back all TS variables. I use this quite often when needing a solid validation on these values. I run it just as I do the scripts in the above step.
Dim oVar, oTSEnv
Set oTSEnv = CreateObject("Microsoft.SMS.TSEnvironment")
For Each oVar In oTSEnv.GetVariables
WScript.Echo " "& oVar & "=" & oTSEnv(oVar)
Next
5. Finally – when making changes to your TS scripts remember to update your DP’s.
This is all really just basic stuff but I thought I would wrap up these blogs with my trouble shooting experiences.
Here is the back end script that does all of the work. I've made some comments on the script in efforts to keep this post less wordy and more scripty. Again if you have any specific questions please let me know.
Set env = Createobject("Microsoft.SMS.TSEnvironment") 'Calling the TS Environmen
strDescription = env("OSDComputerDescription") 'From the Front End Script
strOU = env("OSDDomainOUName") 'From the Front End Script
strManaged = env("OSDManaged") 'From the Front End Script
strComputer = env("OSDComputerName") 'From the Front End Script
strAdminUserName = env("OSDAdminUserName") 'From the Small UserName/Password Script
strAdminPassword = env("OSDAdminPassword") 'From the Small UserName/Password Script
strUser = env("OSDUserName") 'From the Front End Script
'''''''''''''''''''''''''''''''''''''''''Set Computer Description on AD object.
strDNComputer = "CN=" & strComputer & "," & strOU
Const ADS_SECURE_AUTHENTICATION = &H0001
Const ADS_SERVER_BIND = &H0200
Set OpenAD = GetObject("LDAP:")
Set objComputer = OpenAD.OpenDSObject("LDAP://DomainController.domain.com/" & strDNComputer, strAdminUserName, strAdminPassword, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
objComputer.Put "Description" , strDescription
objComputer.SetInfo
'''''''''''''''''''''''''''''''''''''''Set computer description on local computer
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry = GetObject ("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "System\CurrentControlSet\Services\lanmanserver\parameters"
strValueName = "srvcomment"
objRegistry.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strDescription
'''''''''''''''''''''''''''''''''''''''Add Computer to security groups based on the managed scenario.
Const ADS_PROPERTY_APPEND = 3
If strManaged = "(LM)" Then
strGroup = "CN=isManaged,OU=Policy,DC=Domain,DC=com"
Set objGroup = OpenAD.OpenDSObject("LDAP://DomainController.domain.com/" & strGroup, strAdminUserName, strAdminPassword, ADS_USE_ENCRYPTION + ADS_SECURE_AUTHENTICATION)
Else
strGroup = "CN=isnotManaged,OU=Policy,DC=net,DC=smith,DC=com"
Set objGroup = OpenAD.OpenDSObject("LDAP://DomainController.domain.com/" & strGroup, strAdminUserName, strAdminPassword, ADS_USE_ENCRYPTION + ADS_SECURE_AUTHENTICATION)
End If
objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strDNComputer)
objGroup.SetInfo
'''''''''''''''''''''''''''''''''''''''Add user and other security groups to local security groups
If strManaged = "(LM)" Then
Set oGrp = GetObject("WinNT://" & strComputer & "/Power Users")
Set oUsr = GetObject("WinNT://domain/Domain Users")
oGrp.Add(oUsr.ADsPath)
Else
Set oGrp = GetObject("WinNT://" & strComputer & "/Administrators")
Set oUsr = GetObject("WinNT://" & strUser)
Set oUsr2 = GetObject("WinNT://ADSecurityGroup")
oGrp.Add(oUsr.ADsPath)
oGrp.Add(oUsr2.ADsPath)
End IF
That is all I've got on these scripts at this time. I will continue to update this blog with additional scripts and SMS/CM/Crazy world goodness as I come across it.
neilp
So I've shown an example of a simple script and how to accept data and store it in a TS variable. Here I am going to post two scripts. The first VB Script will copy some files to the target machines, and the second is the Larger Front End Script. Items that will be collected are
Computer Name: - will set the native OSDComputerName variable. After setting this variable, no other action is needed to set the computer name.
User Name: - will set the custom OSDUserName variable.
Business Unit / OU: - this will set the native OSDDomainOUName. I have theee radio buttons for three different biasness units, basically three different OU structures. You can just consolidate this or expand on this as needed.
Managed / Un-Managed: - this will set the custom OSDManaged variable and aid in adding the computer object to security groups. Think of this as computer roles - you can basically change these to anything you may need to trigger and action off of later in the back end script.
Description: this sets the custom OSDComputerDescription variable and aids in giving the computer object a description as well as set the local computer description.
First thing first - OU's. The way I have chosen to populate the available OU's is to manually type these out in a text file (actually three, one for each business unit) and copy these text files to the local machine for retrieval. I understand that you could pragmatically populate this list but this works out better for me and is quite simple, clean, and effective. Each text file is in the format of
OU1 Workstations
LDAP://OU=OU1,OU=Workstations,DC=domain,DC=com
OU1 Laptops
LDAP://OU=OU1,OU=Laptops,DC=domain,DC=com
and so on. The first line is the label that will show up on the .HTA script and the second line is the value that will be placed in the OSDDomainOUName variable. Once created add the files to the Scripts folder under the MDT tollkit package.
To copy these files to the target machine, create the following script, add it to your task sequence (I have mine as the first task under Preinstall - New Computer Only), and also copy it to the Scripts folder under the MDT tollkit package..
Set sho = Wscript.CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1))
Set strSysFolder = FSO.GetSpecialFolder(1) 'get system32 folder
'Copy the dll to the system folder
FSO.CopyFile strcurrentdir & "\bunit1.txt",strSysFolder & "\"
FSO.CopyFile strcurrentdir & "\bunit2.txt",strSysFolder & "\"
FSO.CopyFile strcurrentdir & "\bunit3.txt",strSysFolder & "\"
wscript.quit
This should copy the file(s) down to the x:\windows\system32 folder on your target machine.
Here is the .HTA script's output
And here is the script.
<html>
<head>
<title>Front End Scripts</title>
<HTA:APPLICATION
APPLICATIONNAME="OSD GATHER"
SCROLL="yes"
SINGLEINSTANCE="yes"
WINDOWSTATE="normal"
BORDER="thin"
>
</head>
<script language="vbscript" type="text/vbscript">
Sub Window_onLoad
window.resizeTo 430,590
End Sub
Sub ButtonFinishClick
Dim OU
OU = AvailableOU.Value
For Each objButton in managed
If objButton.Checked Then
strManaged = objButton.Value
End If
Next
Dim compdescription
compdescription = computerdescription.Value
SET env = CreateObject("Microsoft.SMS.TSEnvironment")
env("OSDComputerName") = computername.Value
env("OSDUserName") = Username.Value
env("OSDDomainOUName") = OU
env("OSDComputerDescription") = compdescription
env("OSDManaged") = strManaged
window.Close
End Sub
Sub OU
For Each objOption in AvailableOU.Options
objOption.RemoveNode
Next
For Each objButton in Bunit
If objButton.Checked Then
strFileName = objButton.Value
End If
Next
ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile ("x:\windows\system32\" & strFileName, ForReading)
Do Until objFile.AtEndOfStream
strLine = objFile.ReadLine
strValue = objFile.ReadLine
Set objOption = Document.createElement("OPTION")
objOption.Text = strLine
objOption.Value = strValue
AvailableOU.Add(objOption)
Loop
objFile.Close
End Sub
</script>
<body>
<p>Computer Name:</p>
<input type=text id="computerName" name=computerName size=40><br />
<p>User Email:</p>
<input type=text id="UserName" name=UserName size=40><br />
<p>Buisness Unit:<p>
<input type="radio" name="Bunit" value="bunit1.txt" onClick="OU">Bunit1
<input type="radio" name="Bunit" value="Bunit2.txt" onClick="OU">Bunit2
<input type="radio" name="Bunit" value="Bunit3.txt" onClick="OU">Bunit3<br /><br />
<select size="7" name="AvailableOU" style="width:350"></select><br /><br />
<input type="radio" name="managed" value="(LM)">Managed
<input type="radio" name="managed" value="(UM)">Un-Managed<br /><br />
<p>Computer Description:</p>
<input type=text id="computerdescription" name=computerdescription size=40><br /><br />
<button accesskey=N type=submit id=buttonFinish onclick=ButtonFinishClick ><U>F</U>inish</button>
</body>
</html>
When you click on any of the Business Unit radio buttons the script will look for the corresponding OU text file and populate the list box with the OU data. Obviously you can scale this to meet your needs.
So basically just like on the previous posts simple script, all we are doing is gathering some data - although more of it and through different web application components, and then assigning this data to to different TS variables. Also once complete just add this to the MDT Scripts directory, and also to the task sequence as we did before. Also do not forget to update your Distribution Points.
I did not comment much in this script, I apologize for that. If anyone has specific questions please let me know.
Next I will provide the back end script which performs all of the work.
neilp
I currently use two Front end scripts in my OSD process, one to collect some user credentials and the second to collect the rest of the computer/user/other info. This is the first of those. The script prompts for a user name and password which are both then stored in two “custom task sequence” variables. Refer to the article “About Task Sequence Variables” for more information about TS variables. This script is a good simple example of both the framework of an .HTA script, the invoking of the Task Sequence environment, and the creation of Task Sequence variables. Once set these variables will exist throughout the life cycle of the running task sequence – quite brilliant.
I use this particular script to gather some credentials that I can later pass to a back end script that will "do some stuff" with the computer object in AD.
<html>
<head>
<title>Admin Account</title>
<HTA:APPLICATION
APPLICATIONNAME="Log IN"
SCROLL="No"
SINGLEINSTANCE="yes"
WINDOWSTATE="normal"
BORDER="thin"
>
</head>
<script language="vbscript" type="text/vbscript">
Sub Window_onLoad
window.resizeTo 320,260
End Sub
Sub ButtonFinishClick
SET env = CreateObject("Microsoft.SMS.TSEnvironment")
env("OSDAdminUserName") = AdminUserName.Value
env("OSDAdminPassword") = AdminPassword.Value
window.Close
End Sub
</script>
<body>
<p>Admin User:</p>
<input type=text id="AdminUserName" name=AdminUserName size=40><br /><br />
<p>Password:</p>
<input type=password id="AdminPassword" name=AdminPassword size=40><br /><br />
<button accesskey=N type=submit id=buttonFinish onclick=ButtonFinishClick ><U>F</U>inish</button>
</body>
</html>
So the majority of this is a simple .HTA stuff, basic HTML. What I would like to focus on is everything between Sub ButtonFinishClick and the following End Sub (the text in Red).
1. SET env = CreateObject("Microsoft.SMS.TSEnvironment")
2. env("OSDAdminUserName") = AdminUserName.Value
3. env("OSDAdminPassword") = AdminPassword.Value
Line number 1. is establishing a connection with the Task Sequence environment.
Line number 2. and 3. both create a new TS variable and assign it a value. So on Line 2. the TS variable name is OSDAdminUserName and the value is whatever was entered into the AdminUserName text box.
As you will see in a later post, on the back end script we will simply invoke the TS environment once again using line 1. and then will have access to the data stored in each of these TS variables for use in said back end script.
What to do with these scripts once completed?
Adding .HTA Support to the Boot Image.
Natively the CM boot images do not support .HTA files. One way to insert this capability into your boot images is to create a custom boot image using MDT. If you have the Microsoft Deployment Toolkit integrated with CM then you can simply right click on "Boot Images" node and then click on "Create Boot Image using Microsoft Deployment", this will begin the Wizard. If you are not using the MDT then you can find some info on how to customize the here.
Making the script available to the TS.
What I have done with the script is to place it in the Scripts folder of the MDT Toolkit package (this was created when importing the MDT task sequence). Make sure you update the distribution points after this. Next I added a command line under the "New Computer Only" group of the task sequence with a command line of
%deployroot%\scripts\admincridentials.hta
Once this is done you should be good to go.
neilp
Having started working with the Configuration Manager OSD functionality a several months back a few things became quickly apparent
- While the OS deployment process works well, there are many tailored settings that can not be achieved natively out of the product.
- The product is very conducive to overcoming this through custom scripting and is actually quite extensible when doing so.
Through my time spent on myitforum.com and technet I come across many people with the same requirements or desires from the product and have decided to lay out what I have done to customize the OSD imaging process. Over the next few post I will highlight some of my scripts and try to explain what is going on inside.
** Disclaimer – I am an amateurish scripter. Sure I am getting better over the years, but by no means am I any kind of scripting authority. Also the environment in which I work is somewhat of a mess due to internal and external constraints. I’ve had to account for this mess in some of these scripts, what may seams a roundabout way of achieving something may actually be by design.
With all of that said – here is a bit of the foundation. I am using SCCM OSD with the MDT integration. Everything I have done has been with MDT integration; however I believe it should all work fine without the MDT. I started my OSD modification by examining and borrowing some from Johan Arwidmark’s “Pretty Good Frontend script" for BDD 2007. Throughout my blogs I will refer to my .HTA scripts as the Front End, and to any other scripts as the Back End. Finally here is one must read article - About Task Sequence Variables, and also a list of native OSD Task Sequence variables - (this can come in handy).
I hope to have my next post up shortly which will look at a very basic yet useful Front End script.
neilp
Thanks Rod for the myITforum.com blog. It is a great pleasure to be among such a group. My Name is Neil Peterson, I may have met or worked with some of you either through the forums or at MMS. Hopefully I have something to write here that may be of value to the Systems Management community as the myITforum blogs and forums have been a great resource for me over the years.
neilp