MDT AND POWERSHELL, VOLUME 2 Michael Niehaus Andreas Hammarskjöld Director of Product Marketing Co-Founder Microsoft 2Pint Software [email protected] [email protected] http://blogs.technet.com/mniehaus Michael Niehaus @mniehaus Recovering Deploying developer Windows for 21 years Cookies Andreas Hammarskjöld @AndHammarskjold Coding addictive Deploying Wine 19 years BACK TO THE STONE AGES Remember “state of the art” for deployment in 2004? Business Desktop Deployment 1.0 Third-party imaging tools Other random command-line tools Kixtart scripts, batch files as “glue” Windows 3.1, Windows 95, Windows NT 4.0, Windows 2000 moving to Windows XP Needed minimal runtime footprint MOVING FORWARD Shifting to new technologies in 2004-2005: Business Desktop Deployment 2.0 and 2.5 Switched to ImageX (WIM) imaging tools Other random command-line tools VBScript as “glue” “Monad” beta released in 2005, released as PowerShell in 2006 Required Windows XP SP2 (2004), .NET Framework 2.0 (2005) Windows 95, Windows NT 4.0 to Windows XP THE MODERN AGE Solid foundation established in 2007: Business Desktop Deployment 2007 PowerShell-based MMC console Task sequencing engine borrowed from SMS 2003 OSDFP Other random command-line tools VBScript as “glue” HTML-based Hypertext Applications (HTAs) for wizards Windows 2000 to Windows XP, Windows XP to Windows Vista, Windows Vista to Windows 7, Windows 7 to Windows 10 DABBLING IN POWERSHELL PowerShell features added in MDT 2012 “Run PowerShell Script” task sequence action Custom PowerShell host Automatically captures script output into a CMTrace-friendly file Uses the task sequencer progress dialog for first-level PowerShell progress Task sequence variable provider Exposes task sequence variables via TSENV: and TSENVLIST: PowerShell drives Long-term vision was to slowly replace VBScripts with PowerShell scripts… “STAGNATION”: THE EXCUSES No architectural changes from BDD 2007 to MDT 2013 due to: Adding support for new operating system releases Requirements for new features (UEFI, BitLocker pre-provisioning, SecureBoot, in-place upgrade, DISM, etc.) Heavy use requires high quality, heavy testing About 39,000 lines of VBScript code (includes comments, blank lines) Limited personnel “It still works” VBSCRIPT VS. POWERSHELL VBScript PowerShell Language robustness Minimal Great Extensibility COM (ActiveX controls) Cmdlets, COM, .NET components, dynamical code (C#) Useful extensions A handful built into Windows Scripting Host, a few available, fairly hard to create (e.g. Scripting.FileSystemObject) Many built into PowerShell, additional available, reasonable easy to create Debugging and diagnostics capabilities Minimal Great IT pro knowledge Declining Growing Windows PE footprint ~5MB ~125MB Client-side requirements A still-supported OS Windows Management Framework (20MB), .NET 4.5 (60MB) on Windows 7, built into Windows 10 TOOLS VS. CMDLETS Tool(s) PowerShell Module Concerns or issues DISKPART.EXE Storage Unable to use PowerShell cmdlets to completely set up UEFI disks DISM.EXE DISM Somewhat fragile (e.g. must be loaded before MDT modules) SCANSTATE.EXE/ LOADSTATE.EXE (none) No module exists BCDBOOT.EXE (none) No module exists BCDEDIT.EXE (none) No module exists MANAGE-BDE.EXE BitLocker Don’t know yet… MSHTA.EXE .NET Framework Dynamically execute XAML PnpUtil.exe (MDT) PnpDevice Looks promising MICROSOFT DEPLOYMENT TOOLKIT: COMPONENTS Key Component Primary Purpose Suitability Workbench Gather all the content needed. Good, PowerShell-based tools for maintaining content support lots of automation possibilities (although on top of an aging MMC UI). Task Sequence Engine Orchestrate the process, tracking the state from old OS to Windows PE to new OS, across reboots. Good, overall capabilities meet the needs (with some enhancements, e.g. nested sequences, an easy possibility). Challenging use of state outside of task sequence. Task Sequence Templates Specify the steps to be performed to complete an OS deployment. OK, legacy carried forward from SMS 2003 underpinnings, somewhat risky to make significant modifications. Task Sequence Scripts VBScript with lots of Windows XP, SMS 2003, and other legacy “junk.” Do the real work. MICROSOFT DEPLOYMENT TOOLKIT: THEOREMS Some pieces aren’t worth replacing (at least not yet) Some organizations want a fully-supported solution Workbench, Task Sequence Engine Continue providing current, fully tested and supported task sequences and scripts Some organizations are willing to use community content Create new task sequence templates, scripts, and wizards that work with MDT, Workbench, and Task Sequence Engine Maintained and tested by open source volunteers INTRO: POWERSHELL DEPLOYMENT FOR MDT Open source scripts, wizards, task sequence templates Available via http://github.com/mniehaus/PSD Leverages Deployment Workbench, task sequence engine, and MDT PowerShell modules (task sequence variable, provider) Creates a new deployment share, completely separate from any other deployment shares Most definitely a work-in-progress Proof-of-concept starting point Enough to run simple task sequences, focusing on virtual machines (for now) Months of work still needed Setting up PSD for MDT SETTING UP PSD FOR MDT Simple process: Download zip file from http://github.com/mniehaus/PSD and extract the contents somewhere. Launch an elevated command prompt (or PowerShell ISE) and open the Install.ps1 file from the extracted Installer folder Make sure the path and share names are to your liking, edit if needed. Run the script to create a new PowerShell-only deployment share (no VBScripts used, although they are still there). Import an operating system (only Windows 10 will work right now). Create a task sequence using the “PSD Client” template. Populate CustomSettings.ini as desired. Update the deployment share to create an ISO. Boot the VM from the ISO, type in your task sequence ID in the wizard. A NEW DEVELOPMENT: USING A WEB DEPLOYMENT SHARE MDT has always used a file share for accessing content (via SMB) But it doesn’t have to be that way – using HTTP/HTTPS could work too, and potentially opens up new options (e.g. peer-to-peer caching, cloud-based deployment shares, etc.) The current scripts on GitHub support this: Specify “DeployRoot=http://myserver/DeploymentShare” to use it. Content needed is downloaded using BITS (when in the full OS) or individual file downloads (when in Windows PE) All content-retrieval logic goes through one function, making it easier to add other methods too (if ever needed) USING A WEB DEPLOYMENT SHARE Steps required: Create a web app in IIS, with the path pointing to the deployment share folder. Configure authentication as desired (Windows NTLM is suggested). Configure WebDAV, file extensions Configure CustomSettings.ini with the URL for the web site Setting up PSD for MDT LOTS STILL TO DO Features Operating Systems Scenarios Gather Windows 10 Bare Metal Partition and Format Windows 7 Custom Task Sequence Apply Image Windows 8.1 Refresh Configure (Unattend.xml) Windows Server 2008 R2 Replace Capture User State Windows Server 2012 Media Restore User State Windows Server 2012 R2 OEM Prestage Enable BitLocker Windows Server 2016 LTI Inject Drivers Windows Server 2016 Nano ZTI Inject Patches Install Updates from WU/WSUS Branding Sysprep/Capture Suspend Static IP Wizard Orchestrator Runbook OS Roles Validate UDI Bare Metal Deployment SO HOW DOES THIS WORK? Additional people can contribute Set up a GitHub account. Create your clone. Make your changes. Submit pull requests to integrate changes into the main project. The theory: New features can be added faster Focus won’t be on migration/upgrade Just create a new deployment share and start over Using Visual Studio 2017 Using Visual Studio Code IDEAS OR SUGGESTIONS? Some potential items to consider: Integrating PowerShell DSC into a task sequence Support for OneGet, Chocolately, etc. https://keithga.wordpress.com/2016/01/07/mdt-package-now-on-chocolatey-org-ready-forwindows-10/ Remove built-in apps Simplify start menu and task bar customization Q&A
© Copyright 2026 Paperzz