none
LTI OEM Task Sequence usage

    Question

  • I'm trying to achieve the following;

    1) Deploy a captured image to a laptop in a remote configuration center using USB media without network access. This means that a Join Domain step is not possible.

    2) Once deployed, the laptop is shut down and shipped to customer. Once on site with network access, resume the TS and domain join. This should be possible without the original USB media.


    My first attempt was to create a Standard TS and include a Suspend step during State Restore. This requires the USB media to Resume so isn't a solution.

    My second attempt was to create an LTI OEM TS, which copies the Deployment Share to the HDD. However I need to automate the 1st step (choose OEM TS), reboot after copying the Deployment Share tot he HDD, and then immediately begin the 2nd step (choose Deploy TS). I am struggling to understand 1) if this is possible, and 2) which customsettings.ini to edit for each step.

    Thanks,

    Monday, March 31, 2014 10:15 PM

Answers

  • I've been trying to develop this process as well. It is apparently not widely used, because there isn't a lot of reliable documentation around on it.

    I think you're missing the concept of where the automation happens. (Easy to do, I know.)  What you want to do first is create a media deployment point in your mdt console.

    You'll want to create a selection profile of what you want on it, apps, drivers, OS, task sequence, etc. Since this will be your share on the media, put on everything you will need for deployment, but the more you put on, the bigger your finished product will be.

    I created "OEM" folders under each category, and copied the apps, drivers, etc that I wanted into them. Then the selection profile points to those folders.

    You'll create two task sequences, the LTI OEM task, and your production deployment task, which may or may not be the one you usually use. Remember if you copy the task sequence into another folder, its only a pointer to it. If you make changes to the TS in one folder, the changes happen everywhere

    The LTI OEM task only prestages the media files onto the hard drive, the other task is what will run to deploy the PCs.

    After you create the media deployment point, it will have its own set of ini files, boot images, and so on. So changes on your share and the media don't interact. Edit your media customsettings.ini as needed with whatever media specific options you want.

    After you get your media deployment files lined up, you run Update Media Content. This creates a big-ass ISO file that you are supposed to boot from. How you are supposed to create a DVD from a 10 -15 gb ISO is not explained. :)

    I load that right into VMWare, where you can boot directly from the ISO. It will boot into the deployment wizard, and you will see your two task sequences. Use the LTI OEM preload sequence. It formats your HDD, puts a bootable WinPE partition on it, and copies your deployment files to a second partition. Then it cleans up after itself, and deletes the LTI OEM task sequence.

    At this point, you want to clone that hdd. Boot to PE and Ghost it, or if you're a glutton for punishment, use ImageX. If you do, you will need to write your own scripts to format the target hard drives and apply the wims. Ghost of course, does all that for you.

    Now take that cloned hard drive and copy it to the machines you want to deploy. Use a thumb drive, PXE boot and multicast, whatever. After you copy the image to them, next time they reboot, they will come up into MDT running from the hard drive.

    If your customsettings are configured for zero touch, you're good to go. If not, you'll need to click through the wizard as needed.



    • Edited by JoeZeppy Tuesday, April 01, 2014 3:30 PM
    • Marked as answer by DeanEllerby Tuesday, April 01, 2014 3:59 PM
    Tuesday, April 01, 2014 3:27 PM

All replies

  • How about copying the media the local machine (as part of the task sequence), using the task sequencer add a step to change the DeployRoot variable to the new local copy and then shutdown the machine at one of the restart points.  When the machine comes back up on site it should now point to the local deploy root and carry on the task sequence.

    You will need to ensure the new DeployRoot value is on the local client so ensure variables.dat is copied just before you shutdown the machine.

    Tuesday, April 01, 2014 11:22 AM
  • I've been trying to develop this process as well. It is apparently not widely used, because there isn't a lot of reliable documentation around on it.

    I think you're missing the concept of where the automation happens. (Easy to do, I know.)  What you want to do first is create a media deployment point in your mdt console.

    You'll want to create a selection profile of what you want on it, apps, drivers, OS, task sequence, etc. Since this will be your share on the media, put on everything you will need for deployment, but the more you put on, the bigger your finished product will be.

    I created "OEM" folders under each category, and copied the apps, drivers, etc that I wanted into them. Then the selection profile points to those folders.

    You'll create two task sequences, the LTI OEM task, and your production deployment task, which may or may not be the one you usually use. Remember if you copy the task sequence into another folder, its only a pointer to it. If you make changes to the TS in one folder, the changes happen everywhere

    The LTI OEM task only prestages the media files onto the hard drive, the other task is what will run to deploy the PCs.

    After you create the media deployment point, it will have its own set of ini files, boot images, and so on. So changes on your share and the media don't interact. Edit your media customsettings.ini as needed with whatever media specific options you want.

    After you get your media deployment files lined up, you run Update Media Content. This creates a big-ass ISO file that you are supposed to boot from. How you are supposed to create a DVD from a 10 -15 gb ISO is not explained. :)

    I load that right into VMWare, where you can boot directly from the ISO. It will boot into the deployment wizard, and you will see your two task sequences. Use the LTI OEM preload sequence. It formats your HDD, puts a bootable WinPE partition on it, and copies your deployment files to a second partition. Then it cleans up after itself, and deletes the LTI OEM task sequence.

    At this point, you want to clone that hdd. Boot to PE and Ghost it, or if you're a glutton for punishment, use ImageX. If you do, you will need to write your own scripts to format the target hard drives and apply the wims. Ghost of course, does all that for you.

    Now take that cloned hard drive and copy it to the machines you want to deploy. Use a thumb drive, PXE boot and multicast, whatever. After you copy the image to them, next time they reboot, they will come up into MDT running from the hard drive.

    If your customsettings are configured for zero touch, you're good to go. If not, you'll need to click through the wizard as needed.



    • Edited by JoeZeppy Tuesday, April 01, 2014 3:30 PM
    • Marked as answer by DeanEllerby Tuesday, April 01, 2014 3:59 PM
    Tuesday, April 01, 2014 3:27 PM
  • Excellent post. Explains the process perfectly.

    In this case my aim is to have 99% of the deployment complete before the laptop arrives at the customer. Only Domain Join and Bitlocker (key in AD) will be applied by the on-site engineer.

    I agree that if the customsettings are correct, it should be zero touch for the on-site engineer, but it could still be a 20+ minute wait for the machine to be ready, whereas a domain join should only take a minute or so.


    I guess I have a choice:
    End the TS before the domain join, and just let the engineer do a manual domain join.
    OR
    Suspend the TS before the domain join, provide a USB key with the media on and have the engineer "Resume" the TS when connected to the LAN.

    JoeZeppy; thanks for your help.
    Tuesday, April 01, 2014 3:59 PM
  • I'm not sure if that will work for you. Remember, all the set up, plug and play, computer naming, is front loaded. So if you start a task sequence, "freeze" it, then make copies, they will all be identical. Unless you put a step in your task sequence to rename and reboot the PC, then do a ZTISuspend and save it right before that. That wouldn't help with plug and play, and your SID's would all be identical.

    I too am frustrated by the OEM process. Other than not needing network access to build the PCs, there doesn't seem to be much speed advantage. Why I need to expand the install wim to the hard drive during deployment, after I've already copied the entire share including the wim to the hard drive during the first phase, is lost on me.

    And you still need network access to join the domain. The only place I'm seeing an advantage is for disaster recovery, where you need to build 100 PCs all at the same time, as quickly as possible. Multicasting the OEM build to all the PCs and then having the deploy run from the hard drive would save a ton of bandwidth. That's kind of where I've focused my use case, because I do have a need for that. Once I get that working, maybe I will see something that I don't now.

    I actually tried doing a mini-setup a la XP, I added setup scripts to an unattend.xml, copied drivers locally, dropped other commands into setupcomplete.cmd, figured out how to prompt for computername during first boot, and so on. Then I just sysprepped and Ghosted it.  Even that wasn't as fast as you'd think, although it was better. Win 7 setup is just slow.

    Wednesday, April 02, 2014 12:34 PM
  • For "Suspend the TS before the domain join, provide a USB key with the media on and have the engineer "Resume" the TS when connected to the LAN." I wasn't planning on cloning anything.

    At the configuration site, the deployment engineer inserts USB media and runs Stage 1 of the TS which applies the reference image and finishes on Suspend. Then at the customer site, the on-site engineer inserts USB media and runs Stage 2 (which is just domain join, bitlocker and cleanup).

    This would be done on each machine - unfortunately I'm unable to put any infrastructure into the configuration site, so a deployment share or PXE environment isn't possible.

    Wednesday, April 02, 2014 12:50 PM
  • Ok, I went back and re-read your inital question. I may have gotten lost in the OEM process, because thats what I'm focusing on myself right now.

    You are building laptops in a room somewhere, and then sending them elsewhere for final delivery to the end user.

    You dont have network access in this room, so you want to build them from media.

    You want to do everything except join the domain, and then a tech wil be available to do the domain join at the end users location.

    You plan to deploy an image to each PC from media or LTI OEM in your build room, the TS will pause via ltiSuspend. then you will turn it off and ship it to the end user. the tech there will turn it on, it  will resume the TS and finish up.

    If that is all you need, why don't you just put them in a workgroup and have the tech log on as local admin and join them on site. If he isn't privy to a domain join account, you could script the join and then encode it or wrap it in an exe. If you dont want him to have the local admin password, create a temp password on the image, and the script can change that, too, or set a GPO.

    LTI OEM is a big pain in the neck for the single benefit of automating a domain join. Seems like overkill compared to handling that afterwards.

    unrelated side question: You dont have *any* network at all? or you just dont have access to your corporate LAN? Because anything can be a deployment share. A spare laptop with Win 7 and a bootable flash drive or dvd is all you need. There's even desktop OS pxe solutions. I've used 3com PXE boot services on XP and Win 7, works fine.

    Even with no existing network, a cheap switch and some lan cables set up on a workbench is good enough to crank out some PCs.


    • Edited by JoeZeppy Wednesday, April 02, 2014 4:49 PM
    Wednesday, April 02, 2014 4:41 PM
  • LTI OEM is a big pain in the neck for the single benefit of automating a domain join. Seems like overkill compared to handling that afterwards.

    I suppose I may be trying to automate for the sake of it. 

    The two steps I was hoping to achieve (domain join and bitlocker) could easy be handled by the on-site engineer. He's a capable and trusted guy, with domain admin. 

    It would be interesting to understand if it was possible to pre-provision bitlocker during OSD, and then not enable until after the TS has ended (and the laptop has access to the corp network)

    Regarding the side question, the build environment is a large configuration center, with the potential / capability to build hundreds of computers per day for several customers / projects. My concern was that if I was to require an infrastructure of some sort (network, small server for mdt + dhcp), this would not be scalable for future projects / customers. Granted, offline media doesn't scale too well either, but benefits from requiring only amount of effort upfront. 

    Thanks for your suggestions - given the task, I think I will opt for the safer, less complicated option and end the TS before the domain join. The engineer is more than capable of adding the computer to the domain and kicking off bitlocker.

    Dean


    Wednesday, April 02, 2014 8:36 PM