How to go about things! RRS feed

  • Question

  • Hi,

    I have an environment which has SCCM 2007 installed.

    This was put in place originally to replace Altiris and to distribute images created by hand on specific machines. The image was built manually, then captured by SCCM and then deployed by SCCM. We also wanted it for its reporting and application deployment capabilities once machines had been pushed out...

    This has worked well, but now we are looking at being a bit smarter...

    We have already sussed the driver task steps and now have a series of steps for each machine model pointing to their respective driver packages via WMI queries...

    Our idea now is to essentially create as few as possible base images which have a series of common applications. Then deploy these images using SCCM and add any missing applications that are unique to a single area as part of the SCCM OSD where they can be done per task sequence to an area. We could have just used a base build of Windows and Office, however we have areas with Visual Studio, and areas with Adobe CS6 etc., so adding these as a task sequence install application step through SCCM would mean the build time would be very long!

    We are now using MDT 2012 SP1 (Without WDS/PXE) to attempt to build the images...

    So far we have created 5 base image task sequences (Standard Client Task Sequence Template):

    All we have done within each sequence is enable the ZTIWindowsUpdate tasks and add in our Install Application tasks.. so essentially each sequence when deployed installs Windows 7 SP1 x86 from original media imported into MDT, then uses ZTIWindowsUpdate, and then installs the applications required by each task sequence automatically... (Any tricky ones without silent installs use AutoIT scripting), then ZTIWindowsUpdate again and it then syspreps and re-captures the image, which we then transfer to SCCM for deployment...

    We are using KMS activation.

    Due to the sheer volume of Windows Updates after Windows 7 SP1, rebuilding each image is taking a lot of time simply to do this step... Is it OK to create a 6th task sequence which essentially just installs and updates Windows 7 SP1, then syspreps and captures... Then use this image as the base image for the other 5 task sequences rather than installing from scratch and updating each time I need to add something to the image??

    I guess what I am having trouble with are some rumours! Firstly because I am using KMS... I am assuming I do not need to worry about the sysprep rearm limit dilemma for reusing images...

    My other query is regarding unattend.xml... I have not even touched this file, but I see people mentioning it... I have a large customsettings.ini which has things like


    KeyBoardLocale etc..

    I take it this is being used as the basis for my unattend.xml?

    I am not using Audit mode or copying the admin profile to All Users either, simply because I have all this automated within the build itself? Am I missing something with my steps?

    Friday, August 9, 2013 7:41 PM

All replies

  • Your environment is similar to mine, except we keep it limited to a single image that we build in MDT.  We refer to the OS as Layer 0, the apps and config added in the MDT reference image as Layer 1, and applications added via SCCM during deployment as Layer 2.  We also use Layer 2 to apply the appropriate drivers via WMI queries and add applications based in PnP IDs, Collection Variables, domain membership, etc.  It's a great way to go!

    Question 1: Use a single base to build the other bases from.

    There are a few ways you could do this.  Assuming that you are building your reference images in Virtual Machines, you could create a Task Sequence that installs a clean OS and runs through the Windows Update the first time, sets all shared configuration and apps, and then ends.  No sysprep and no capture.  Then you snapshot the machine, and run the "finishing" Task Sequence for each specific image.  It would not do the install of the OS, it would basically pick up at apps install, config, the second Windows Update (for all the apps just installed) then complete with the Sysprep and Capture.  Soon as it's done, you could revert the Snapshot and run the next "finishing" Task Sequence.  It *might* save you same time, but it's not ideal in my mind.

    Your other option is to do automated builds.  Assuming that you are using Hyper-V and Virtual Machines, you could do something like what I blogged about here (  Create a VM for each specific image that you build, configure CustomSettings.ini per the MACs, set any special rules, setup the Powershell, and create the Task Scheduler entries to start them all on whatever time basis you need.  Knowing that patch Tuesday will never fall after the 15th, you could set them each to run automatically on the 16th or 17th and your images would essential batch auto-build monthly.  Now you are just left collecting the WIMs, importing them into SCCM, and validating.  If you have Orchestrator in your environment, you can take it to the next level and have each "Build" Task Sequence kick off a Run-Book that copies the new WIM to SCCM, imports it, and then images a machine with it so that you just come in that next morning and have 6 VMs waiting for you to validate the monthly image.  Let automation make life easy. : )

    Question 2: Unattend.xml

    The Unattend.xml is in your %DeployRoot%\Control\<TS ID> folder.  The ZTIConfigure script reads a predefined list of values provided (CustomSettings.ini, Task Sequence steps, MDT Database, etc) and injects those values into the Unattend.xml file to be used when the machine boots.  It will ultimately be used twice in MDT (during the Apply OS and during the Sysprep and Capture), and then in SCCM you actually specify an Unattend.xml to be used when you deploy there, but that's a file you check in as a Package and reference and is separate from the one used in MDT.


    Question 3: Audit mode / CopyProfile

    Since you are building your WIMs in MDT, there is no need to deal with Sysprep directly.  The steps used by MDT handle all that for you.  I do not use CopyProfile either (and along with many others think it an abomination) and think you are on the right path if you aren't using it and you are doing all the config with automated steps in MDT during the image build.  If all your stuff is working as desired, then no, you aren't missing anything. : )

    David Coulter | | @DCtheGeek

    Friday, August 9, 2013 9:20 PM