In my current project, I face the problem described in this link : during an OSD Refresh Scenario, the computer stops after the first reboot and the TS can’t continue with OS Deployment. The problem is obviously coming from the encryption software that encrypts the WinPE and boot files, preventing the computer to reboot correctly on WinPE. Unfortunately for me, security is non negotiable for my customer and I couldn’t change the encryption policies as Kevin suggest in the previous link.
The next idea i had was to try to tell SCCM to put WinPE files in a folder I knew was not encrypted. After quick online searches, I realized that it would be really tricky and most likely not supported.
In the meantime, Johan Arwidmark sent me this link that exactly explains my problem but I was afraid of
- The encryption software blocked the second TS by encrypting SCCM files
- The potential unsupportability
And then I decided to apply almost the same approach with two different phases (basically treating the Refresh as a Replace) and trying to automate it as much as I could. Here was my battleplan :
- Create a Task Sequence for the first phase that will
- Captures user state using USMT on the network
- Modifies the boot order to force the computer to boot on the network
- Adds the computer to an SCCM collection where the second Task Sequence is advertised
- force a reboot after the end of the task sequence
- Create a Task Sequence for the second phase that will
- Deploys the OS
- Restores user state using USMT
- Modifies the boot order back
The second task sequence Is a default TS, all the challenges are concentrated in the first one, here’s is how I addressed them
Modify the boot order
This was scary at first sight, I never tried to do it before and I was afraid that a manual operation was necessary here. Hopefully, I was able to use a simple script using WMI classes provided by Lenovo since my customer had only Lenovo’s computer
Add the computer to a different collection
I wanted to go really fancy with this one, and use the new MDT 2012 update 1 feature that lets you invoke System Center Orchestrator Runbooks. But My customer didn’t have SCO and it would have taken too long to implement it. Finally I decided to used Maik Koster’s MDT webservice. Maik, once again, your webservice come in really handy !
Force a reboot at the end of the Task Sequence
For this one, I was looking for the same feature as the FINISHACTION variable provides for Lite Touch deployments. And this time, Deployment Guy Michael Murgolo’s post provided exactly what I needed.
and like that … I was able to automate this really tricky scenario using existing solutions, VICTORY