Thursday, November 22, 2012 7:15 PM
Before discussing what I would like to do, here are some details regarding my current configuration:
- MDT 2012 Update 1 installed on member server running 2008 R2 Standard, WDS, WSUS and SQLExpress.
- Two deployment shares configured (MDTBuildLab$ and MDTDeploy$), both configured to use separate databases.
- MDTBuildLab$ is used to build Windows 7 Professional x86 and x64 reference images; MDTDeploy$ is used to deploy the reference images. All applications, and
related task sequences, reside on the MDTBuildLab$ share. Only reference images, imported as operating sytems, reside on the MDTDeploy$ share.
- Databases on both deployment shares are configured for Computers, Roles and Locations.
- Priority in customsettings.ini is set as CSettings, CApps, Roles, Locations, LSettings, LApps, LRoles, MMSettings, MMApps, MMRoles, RSettings, RApps, Default.
Bootstrap.ini priority is based on DefaultGateway.
- Computers are pre-configured in the database based on their MAC address. Each computer is then assigned a role based on whatever task needs to be run.
- All applications, with the exception of MS Office, are installed via a .wsf app-wrapper.
Both the reference builds and deploys are working well. We have designed our configuration so all work is done upfront, before the deploy, so no decision making is required at the time of deploy.
The KEY is to define each computer in the database via it's MAC address. Once that's done, our deploy process is to PXE boot the workstation and select the correct boot .wim via WDS. The deploy then completes without any further intervention. The CATCH is that any computer connecting to the deployment shares, that isn't defined in the database, is "unknown". If I PXE boot, or map a drive to MDTBuildLab$ from the desktop and run litetouch.vbs, nothing happens because the computer isn't defined in the database (note: all deploy wizard menus, with the exception of Final Summary, are set to skip via Location in the database). For the most part, this is a good thing as we don't want any computer accessing MDT that we don't know about.
What we do want is the ability to install any MDT application from any unknown workstation desktop. Ideally, we'd map a drive to the deployment share and run "something" that would bring up the list of available appications to install.
I have tried modifying the database Location settings to not skip BDDWelcome, Task Sequence and Application. In doing this I can, from an unknown workstation, map a drive to the deployment share and run litetouch.vbs which brings up the list of apps available to install. Unfortunately, this also opens up PXE boot access to MDT for this workstation as well which is undesireable.
I suppose I could also just map a drive to the deployment share, go to the Applications folder and run the .wsf wrapper for the application. To do that I would have to hard-code the path to ZTIUtility.vbs which is undesireable.
I'm sure there must be other ways to do this without compromising the security we have setup by using MAC Address filtering. Any suggestions would be appreciated. Thank you!
Thursday, November 22, 2012 9:22 PM
Would it be an option to start the litetouch wizard using an alternative customsettings.ini file? Simply do not configure it to use the database configuration.
litetouch.vbs /tasksequenceID:<TSID> /skiptasksequence:YES /rulesfile:mycustomrules.ini
Create a new Custom task sequence (this will by default only have 1 item in the task sequence, an Install Applications task). If this for example would be given the TSID SW-ANYPC
You'd then be able to start that specific task sequence from the command line/shortcut
litetouch.vbs /tasksequenceID:SW-ANYPC /skiptasksequence:YES /rulesfile:mycustomrules.ini
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCSA, MCC-2011.
How to configure Windows RE/OEM Recovery Partition with MDT
How to configure Windows RE/OEM Recovery Partition with MDT 2012 Update 1
- Marked As Answer by Development Renatus Friday, November 23, 2012 7:56 PM
Friday, November 23, 2012 7:57 PMThank you Stephan. Your suggestion works well for what I want to do. Tested and deployed!