PowerShell is King – Bulk import applications I MDT

The Deployment Bunny - Wed, 09/03/2014 - 09:30

Often I need to import applications into the Deployment workbench and that is fine. The process is easy and fast, but it is boring and if you have more then 5 apps it is really boring. Based on the fact that almost all my apps in MDT is deployed using VB or PowerShell wrappers its is just one file in a folder and then there is a subfolder with the content. You don’t need to be a genius to figure out that 90% of all the apps pretty much have the same folder and file structure in the root of the application folder, so why don’t we use PowerShell to import all the apps based on some guessing?

The Logic:

This parts can be modified, edit, or you can add your own. Basically it reads the from the folder structure you specify and the script will then scan the folder structure for folders, assuming that every folder is an application. If it finds .msi, .msu, exe, .bat, .wsf, or .ps1 files it will then import them as applications. The important thing is that it will import the first “hit”. That means that you should store the real setup files in a subfolder, I usually use .\Source as the source folder. Here you can see the .WSF part logic

Part of the script.

The command line:

This is the tricky part, since there is no way to know that it will be a guessing game and the command line might need to be modified after import, but I rather modify 2-3 applications instead of importing all of them manually.

The default cmdline for all imported apps will be:

.EXE "$Install /q" .MSI "msiexec.exe /i $Install /qn" .MSU "wusa.exe $Install /Quiet /NoRestart" .PS1 "PowerShell.exe -ExecutionPolicy ByPass -File $Install" .WSF "cscript.exe $Install" The Script:

The script is rather easy, it takes 2 parameters. The folder from where to import and the deployment share. You need to have MDT installed since it is using PowerShell cmdlets from MDT. The syntax for the script looks like this:

.\Import-MDTApps.ps1 -ImportFolder C:\Script\AppFolder -MDTFolder C:\MDTBuildLab

you could also add –Verbose if you like lots of text on the screen.

Output when using –Verbose during import.

You can download the script here:


Categories: MDT

Issue – Emulex Nic in Windows Server 2012 R2 with VMQ still does not work

The Deployment Bunny - Wed, 09/03/2014 - 05:40

Today, working at a customer deploying Hyper-V hosts with Emulex CNA1100 we run into issues (did not surprise me, since the issue have been around for more than a year, but I still try and test to see if it ever gets better).

The issue is that VMQ still needs to be disabled on every Emulex NIC. That bad thing is that the issue has been around for a very, very long time. It took a very long time for the vendor to acknowledge the issue and now they state that there is a solution soon to be released. I really hope that, but I have heard it before…

Read more here:

My simple recommendation is to disable VMQ in all Emulex Network adapters if they are installed in Windows Server 2012 R2 or buy something that works and use VMQ.

When they release something that actually works I will remove this blog post.


Categories: MDT

‘Unnamed VM’ could not initialize… The security ID structure is invalid (0x80070539)

Virtual PC Guy's WebLog - Wed, 09/03/2014 - 02:13

While working on a system recently, I imported an old virtual machine – which then failed to start with this error message:

What to do?  Well – thankfully the solution is already documented here:

But how did this happen?  And what is going on?

Well, Hyper-V allows you to grant access to the virtual machine screen for non-administrative users.  You can do this using the Grant-VMConnectAccess cmdlet.  However, if virtual machine screen access has been granted to a user account that no longer exists, Hyper-V does not handle it correctly.

Now, System Center Virtual Machine Manager uses Grant-VMConnectAccess automatically on all virtual machines.  So the easiest way to hit this problem is to take a virtual machine that is managed by SCVMM and move it to a Hyper-V server in a different domain.

Personally, I used a slightly different method than what is documented in the KB article above.  What I did was to open a PowerShell window and ran this command:

What am I doing here?

Using Grant-VMConnectAccess to add my current account causes Hyper-V to remove any invalid entries from the access table.  However, I do not actually need access (I am a Hyper-V Administrator – so I always have access).  Furthermore, if I just run Grant-VMConnectAccess, I will hit this problem again if I move the virtual machine to a host on a different domain.  So granting access and immediately revoking it solves the problem and makes sure it does not happen again.


Categories: MDT

ConfigMgr 2012 Evaluation version expired

Coretech Blog » Kent Agerlund - Mon, 09/01/2014 - 07:44
So what actually happens when an evaluation version expires? You will notice a few things, like the ConfigMgr administrator console very clearly tells you it expired. As you can see from above you will still be able to open the console but only with Read permisions. Trying to perform actions via PowerShell will give you […]
Categories: MDT

Issue (Hyper-V/SCVMM) – VMM cannot complete the host operation on the HOST server because of error:Storage for virtual machine ‘HOSTNAME’ failed with error ‘The device is not ready.’ (0x80070015)

The Deployment Bunny - Thu, 08/28/2014 - 09:22
Issue: When trying to migrate a VM’s storage to a local device using SCVMM you could see this:

Error (12700)
VMM cannot complete the host operation on the HOST server because of the error: Storage migration for virtual machine ‘VM’ (GUID) failed with error ‘The device is not ready.’ (0x80070015).

Operation not allowed for virtual machine ‘VM’ because Hyper-V state is yet to be initialized from the virtual machine configuration. Try again in a few minutes.(Virtual machine ID )
Unknown error (0x800c)

When trying to migrate a VM’s storage to a local device using Hyper-V manager you could see this:

"Storage migration for virtual machine"HOST’ failed.
Operation not allowed because the replication state is not initialized.
Storage migration for virtual machine "HOST’ failed with error ‘The device is not ready’ (0x80070015)."


So far the only solution I have found, tried (and it did work) is to restart the Hyper-V management service.

Categories: MDT

My sessions at TechEd Europe 2014

The Deployment Bunny - Wed, 08/27/2014 - 10:00
TechEd Europa 2014

TechEd Europe is Microsoft’s premier technology conference for IT Professionals and Enterprise Developers, providing the technical education, product evaluation, and community resources to plan, architect, deploy, manage and secure a connected enterprise. TechEd Europe will be held October 28-31 at Fira Barcelona in Barcelona, Spain. For more information:

PRC05: Deploying and Managing Windows in the Real World

What does it take for organizations to deploy and manage Windows 8.1 and Windows Phone? During this all-day seminar, examine the requirements needed to execute the entire process. We ensure that you understand what has changed in Windows 8.1, how you prepare for a Windows 8.1 migration, how to create your Windows 8.1 image, how to deploy Windows 8.1, and how to deploy Windows Store apps to the already-deployed computers using an enterprise app store. Regardless of whether you are new to Windows deployment and management, new to Windows 8.1, or an existing Windows 7 or Windows XP expert, there will be benefits for all attendees, from “how-to’s” to best practices, to tips and tricks

WIN-B314: Deploying Windows 8.1 Using Microsoft Deployment Toolkit (MDT)

If your job contains the duty of deploying Windows 8/8.1 and you would like to do this using the free tools provided by Microsoft, this session is for you. During the session we cover the basic steps to install the solution and the configure it. We explain things like reference images, Windows Deployment Services, Microsoft Deployment Toolkit, Lite Touch, new computer scenario, refresh old computers and how to replace old computers while keeping the user data and re-installing applications.

A message from Mike:

You are invited and very much welcome to my sessions. If you do have the time to join the sessions, please don’t hesitate to swing by the podium before or after sessions, it’s ok to just say hi. I hope to see U.

Categories: MDT

Managing 3rd. party Software Updates with System Center 2012 ConfigMgr & Secunia CSI Part II

Coretech Blog » Kent Agerlund - Wed, 08/27/2014 - 05:51
In Part I focused on installing and configuring Secunia CSI 7 and System Center 2012 R2 ConfigMgr. In this part I will explain how you can deploy software updates. I do anticipate that you already have a working Software Update Management infrastructure managed by System Center 2012 R2 ConfigMgr. Deploying 3rd party software updates The […]
Categories: MDT

Policy Flow – The Details

Steve Rachui's Manageability blog - Tue, 08/26/2014 - 02:05
The term ‘policy’ applies to many technical and non-technical discussions. Policy can have several meanings but for the ConfigMgr administrator the meaning is specific. Simply put, policy is that detail used to communicate work and configurations specific...(read more)
Categories: MDT

Follow up questions from my 3rd party software update webinar

Coretech Blog » Kent Agerlund - Thu, 08/21/2014 - 10:32
As promised here are the follow up questions we didn’t time to cover during the 60 min webinar – Q & A from the webinar Q1 When you have applied an update for Flash e.g., how do you repair that version if the application gets broken? Repair so it reverts back to "old" version […]
Categories: MDT

Managing 3rd. party Software Updates with System Center 2012 ConfigMgr & Secunia CSI Part I

Coretech Blog » Kent Agerlund - Thu, 08/21/2014 - 06:30
Question if often get when visiting customers;”Is there really a need for managing our 3rd. party applications when we already patch Adobe Reader and JAVA”? The short answer is Yes, and the longer answer is please look at the numbers. The absolute number of vulnerabilities detected in 2013 was 13,073, discovered in 2,289 products from […]
Categories: MDT

PowerShell is King – Download all VC++ runtimes using a script

The Deployment Bunny - Tue, 08/05/2014 - 16:40

Yes, it is true, sine I create reference images for customers i always need the VC++ runtimes, and yes i need all of them. Microsoft actually has one page with all the latest versions, well the page points to all the separate downloads, anyway. Since automation is nice and PowerShell is a god workhorse to do the job i used one of my old download engine and modified it slightly.

How does it work?

The script reads 2 parameters from the command line, the XML file and the download folder. In the XML file each file has its settings (some of them not used here), basically the URL, name of file, where to store it and things like that. The script does a for each loop until all files has been downloaded, if one file could not be downloaded, just run the script once more and it will download the missing files, not touching the existing ones

Step-By-Step, kind of

Download the script and the XML file from this location

Remove the Windows Download Blocking (You know, right click on file, properties, unblock)

Execute the script from an elevated PowerShell prompt like this

.\Get-Downloads.ps1 -DownloadFile .\download.xml –DownloadFolder  ‘C:\Downloads’

Wait until done

In the C:\Downloads folder you should now have a separate folder for all VC++ runtimes.


Categories: MDT

Looking at Memory Usage on Hosts when Creating a New VM

Virtual PC Guy's WebLog - Sat, 08/02/2014 - 04:15

In my house I have two Hyper-V servers running multiple virtual machines with dynamic memory enabled.  This can make it a bit tricky when I want to create a new virtual machine - and I need to figure out the best server to use.  Thankfully - this little bit of PowerShell comes to the rescue:

 "Hyper-V-1", "Hyper-V-2" | %{"Memory Available on " + $_ + " : " + ("{0:N2}" -f (((get-vmhost $_).MemoryCapacity / 1GB) - ((get-vm -computername $_ | measure MemoryAssigned -sum).sum / 1GB))).ToString() + " GB"}

"Hyper-V-1" and "Hyper-V-2" are the names of my hosts.  This snippet gets the total memory in each host, subtracts the memory currently being used by virtual machines, and shows the results.  Like this:

So I can see that Hyper-V-2 has more memory available right now.

This is obviously a simple approach (it does not account for changing memory demand) but it is quick and easy to do.


Categories: MDT

Setting SMSDP When MDT Doesn’t Set It For You

The Deployment Guys - Fri, 08/01/2014 - 20:09

Although you won’t find it mentioned in the MDT documentation, in an OSD task sequence the MDT Gather step will attempt to set a variable called SMSDP to the distribution point server name from which the boot image was obtained.  This can be handy if you want to do something like copy the logs to a “local” DP.

  MDT does this in the GetDP function in the script ZTIGather.wsf.  It uses the following logic:

  • Get the boot image ID by looking at the value of the _SMSTSBootImageID variable, e.g. PRI00001.
  • Use that value to form the name of the variable to retrieve, _SMSTS%_SMSTSBootImageID%, e.g. _SMSTSPRI00001, then retrieve the value of that variable.
  • Split that variable on all “,” values, then pick the first non-SMSPXEIMAGES$ path.
  • Parse the string to get just the server name.

Unfortunately, this method that MDT uses to determine the “local” DP name has some issues.  First, if you do not have a boot image associated with the task sequence then SMSDP will never have a value.  Second, during a refresh task sequence the _SMSTS%_SMSTSBootImageID% variable will not have any value until the content is requested and downloaded.  So from the beginning of the task sequence until the reboot into WinPE, SMSDP will never have a value.

To get around these limitations I created a function that will use the following logic:

  • Load task sequence XML from the _SMSTSTaskSequence variable.
  • Find the package IDs for the referenced packages.
  • For each package query the _SMST<package ID>, _SMSTSMB<package ID>, and the _SMSTHTTP<package ID> variables in turn.
  • If a value is found it will split that variable on all “,” values, then pick the first non-SMSPXEIMAGES$ path.
  • Parse the string to get just the server name.

    So with this logic, as long as any package has been requested and download SMSDP should get a value.  Since the Use Toolkit Step runs very early, this code only has to runs after that step to be successful.  I created a function called GetSMSDP and placed it in the HelperFunctions class of the library script that I have been building up over the years called MDTLibHelperClasses.vbs.

    I have provided two methods of using this function.  The first is to call it directly from CustomSettings.ini using MDTLibHelperClasses.vbs as a User Exit script during the Gather step.  Place MDTLibHelperClasses.vbs in the MDT Toolkit package Scripts folder.  You will also need to place a MDTExitInclude.vbs from a previous post in the MDT Toolkit package Scripts folder.  Make the following additions to CustomSetting.ini in the MDT Settings package:

    Priority=IncludeExitScripts, SetSMSDP
    Properties=ExitScripts(*), SMSDP



    The second method is to run this as a script in a Run Command Line step.  Place MDTSetSMSDP.wsf and MDTLibHelperClasses.vbs in the MDT Toolkit package Scripts folder.  The create a Run Command Line step shortly after the first Gather step with the following command line:

    cscript "%DeployRoot%\Scripts\MDTSetSMSDP.wsf"

    Both MDTSetSMSDP.wsf and version 2.1.3 of MDTLibHelperClasses.vbs (the latest as of this writing) can be found in the attached Zip file.


    Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use.

    This post was contributed by Michael Murgolo, a Senior Consultant with Microsoft Services - U.S. East Region.

    Categories: MDT

    Updated Documentation on Supported Guest Operating Systems

    Virtual PC Guy's WebLog - Mon, 07/21/2014 - 12:31

    A couple of weeks ago I posted about the fact that Windows Server 2012 R2 is not supported on top of Windows Server 2008 R2

    This generated a lot of feedback about the need to improve our documentation for which operating systems are supported on which versions of Hyper-V.  So the Hyper-V documentation team has been busy at work.  Specifically they have pulled the guest OS support information out of the current Hyper-V overview and split it into 2 topics:

    They have also added a note about Windows Server 2012 being the last version of Windows that will be supported as a guest operating system on 2008 R2 to this topic:


    Categories: MDT

    VSS “System Writer” missing? No CryptSvc or CAPI errors? No problem! - Fri, 07/18/2014 - 21:25

    I had a set of Windows 2008R2 servers today that were having trouble backing up the system state via Windows Server Backup – they would fail with the error “System writer is not found in the backup”. I scoured the ‘net and talked to colleagues, and all of the resolutions I could find involved re-registering components, re-securing things in the Cryptography Service (prompted by CAPI or CryptSvc errors in the event log), setting ownership on WinSXS folders, etc. I did not have any such errors in my logs to indicate a permissions issue – in fact, I saw no errors at all (usually good – not so much when something is broken!). However, every time I ran “vssadmin list writers”, indeed the system writer was missing.

    After taking a procmon, I noticed that the last thing that was searched were some setupapi.ev* files in \Windows\Inf:

    I decided, on a whim, to replace these files with files from another server I had that was working – I stopped the VSS and CryptSvc services (the system writer is part of CryptSvc, so says Microsoft), and copied the three setupapi.ev* files from a working server to one that wasn’t. I then restarted the CryptSvc and VSS services, and ran vssadmin list writers – lo and behold, the System Writer was back! Procmon looked very different too:

    Of course, once I knew what was broken, finding out how to fix this became easy. I hate when that happens…

    Categories: MDT

    Virtualization Fabric Design Considerations Guide

    Virtual PC Guy's WebLog - Wed, 07/09/2014 - 20:55

    The Hyper-V documentation team recently released the Virtualization Fabric Design Considerations Guide.

    You can download this document here:

    Document Overview:

    This guide details a series of steps and tasks that you can go through to design a virtualization fabric that is able to host many virtual machines. Although all virtualization fabrics contain storage and servers for hosting virtual machines, in addition to the networks that connect them, every organization’s virtualization fabric design will likely be different. Throughout the steps and tasks, the guide presents the relevant design and configuration options available to you to meet functional and service quality (such as availability, scalability, performance, manageability, and security) requirements.

    Please look it over – and let us know if you have any feedback!


    Categories: MDT

    PowerShell is King – Create the “missing” VM on all the lab machines

    The Deployment Bunny - Wed, 07/09/2014 - 14:26

    Lets assume that you are running a class and suddenly someone raise the hand and say “I’m missing one of the VMs…” That is far from god, but wait a minute, what about PowerShell to the rescue?, of course, so here it is:

    Code snip below:

    $servers = 1..21 | ForEach-Object {
    “VIAMONSTRA{0:D3}” -f $_

    foreach ($Server in $Servers)
        Invoke-Command -ComputerName $Server -ScriptBlock {
            #$VMName = "FS01"
            #$VMMemory = 2048MB
            #$VMDiskSize = 60GB
            #$VMNetwork = "Internal"
            #$VMLocation = "C:\VMs"
            #New-VM -Name $VMName -Generation 2 -MemoryStartupBytes $VMMemory -SwitchName $VMNetwork -Path $VMLocation -NoVHD | Out-Null
            #New-VHD -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" -SizeBytes $VMDiskSize | Out-Null
            #Add-VMHardDiskDrive -VMName $VMName -Path "$VMLocation\$VMName\Virtual Hard Disks\$VMName-Disk1.vhdx" | Out-Null

    Categories: MDT

    Back to Basic–Where to find Drivers for Servers and Clients

    The Deployment Bunny - Tue, 07/08/2014 - 04:16

    During one of the sessions today (at the Geek Week in Redmond) we talked about drivers and where to find them. This is absolutely nothing “new” or amazing, its more of a “note to attendees” kind of post.

    HP Clients

    The HP SoftPaq Download Manager from HP. The tools has the ability to download drivers for every business model that is supported into a repository, which you can then export drivers from. It also provides .CVA files that gives you instructions on how to silently execute drivers and tools that needs to be installed as an application. HP also provides .CAB files for some newer models.

    Dell Clients

    Dell have a really great webpage with ready made .CAB files, ready for download. It also includes Windows PE drivers, be sure to pick the correct version. A general rule is to NOT add any Windows PE driver unless you really NEED them, in other words. If you get any IP address and you can see the disk using diskpart, you don’t NEED any drivers.

    Lenovo Clients

    For Lenovo a nice tool is the ThinkVantage Update Retriever. The tool is pretty straightforward, just create a repository folder, download all the drivers for your models. The most important thing here is that you should not grab the drivers from that folder, instead you should use the to tool to export them.

    (For fun, search for it and you will ALWAYS find at least one dog…

    HP Servers

    For HP Servers the best way I have found so far is to install the HP Proliant in the operating system during deployment using (scripts or MDT/SCCM applications/Packages or in SCVMM as Host Command line post OSD)

    That means that I usually don’t import other drivers then Network and Storage drivers in the deployment solution, since the Support Pack will take care of the rest.

    The HP Proliant Service Pack:

    However, you do need Windows PE Drivers and the easiest way to find them is to look somewhere else. You will find them in the HP Scripting Toolkit for Windows.

    Dell Servers

    I have to be honest, I do deploy more HP servers then Dell servers, but when I do I use the standard webpage to download drivers. For servers Dell provides Driver Application Packages, which will install all the drivers for that particular model. Download it and run it as a part of the TaskSequence or do it Post OSD.

    What about System Center Integration?

    Yes, there are ready made applications for System Center Integration.

    For HP it is called Insight Management:

    For Dell it is called OpenManage Integration Suite for Microsoft System Center:


    Categories: MDT

    Nice to Know–Presenting applications in the MDT Wizard based on location

    The Deployment Bunny - Mon, 07/07/2014 - 18:09

    A friend (You know how you are…) asked me today “I need to have different application bundles in the MDT Wizard based on location, any ideas?” and since I cant refuse to help a friend, here is a solution.

    Use WizardSelectionProfile, Selection Profile and Default Gateway

    So here is a step by step, kind of.

    Configure CustomSettings.ini

    You need to add DefaultGateway to the customsettings.ini to match your environment. So it should look something like this:



    WizardSelectionProfile=Wizard – HQ

    WizardSelectionProfile=Wizard – BO

    Create the Application folder

    In the Deployment Workbench, create a Application folder, where you can store the applications that should be available at the BO site, something like this.

    Create your WizardSelectionProfile’s

    In the Deployment Workbench, Advanced Settings, Selection Profiles – Create a Selection Profile called “Wizard – HQ”. It should contain everything that should be selectable at the HQ site. In this case the folder is not available at HQ.

    In the Deployment Workbench, Advanced Settings, Selection Profiles – Create a Selection Profile called “Wizard – BO”. It should contain everything that should be selectable at the BO site. In this case all folders are available.

    Test and verify.

    That should be it, so the net result would be something like this:

    Running the Wizard at the BO

    and running at HQ will give you this.


    Categories: MDT

    PowerShell is King–Test RDP Connection and Connect

    The Deployment Bunny - Wed, 07/02/2014 - 07:52

    So, during the class today we talked about simple but useful things you could do with PowerShell. So we had a very simple situation, during reboot of servers everyone asked “how long time does it take to reboot the server?” Since this is real servers, with a real firmware the correct answer will “Longer then you would like it to take…”. So, ping the machine, wait to you get the response is what IT pros does, or could a very simple PowerShell function be a better way?

    Using this method it will use the Test-NetConnection until it succeeds accessing TCP 3389 and then fire up MSTC.exe and connect, simple and neat.

    Download it from:

    Run it (or load it as a module)

    Execute the following command from the PowerShell prompt like this:


    Categories: MDT