Jump to content


TrialandError

Established Members
  • Posts

    91
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by TrialandError

  1. Right, but have you opened a shell as the local system account and ran the powershell script? https://www.anoopcnair.com/how-to-run-application-or-process-from-system-context-or-account/
  2. What account are you running the task as? Have you tested running as the system account to make sure it works the same as when you manually run it?
  3. MdKnightR I haven't forgotten about you. I had a drive fail in my lab so I rebuilt it with some SSD's. Have you had a chance to test anyweb's suggestion?
  4. I drilled through your log file and the .ini file is definitely working as the /PostOOBE switch is correctly set to C:\Temp\SetupComplete.cmd. But obviously your custom script is not running even though the PostOOBE phase completes successfully. I am still testing on my end. I apologize for not being clearer. Don't edit the setupconfig.ini file to look to %WINDIR%\Setup\Scripts\, leave the default settings but place your SetupComplete.cmd file in %WINDIR%\Setup\Scripts\ prior to the upgrade. This is a long shot and is independent of SCCM. Per https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup, this script will run before the logon screen appears. Even in your setupact.log this file is created and runs. I have to ask, why not just use an upgrade task sequence? You can run your script during the TS and you have much more granularity. Another option is using AppLocker to stop the built in apps from launching.
  5. I'm pretty sure its normal for the WSUS directory to get cleaned up after the upgrade completes. The setupconfig.ini gets cached in %WINDIR%\panther so it can survive reboots. You had SetupComplete.cmd and 2 other files in C:\temp and the SetupConfig.ini file that was copied to the machine before the upgrade had: PostOOBE=C:\Temp\SetupComplete.cmd correct? Can you post the C:\Windows\Panther\UnattendGC\Setupact.log (remove any machine names\domain info) of one of the machines that upgraded yet didn't run your script? I am going to test some when I get back to my lab to see if I can replicate your issue but in the mean time, can you copy your SetupComplete.cmd to %WINDIR%\Setup\Scripts\ and then try the upgrade? Windows should run this after the install but before the logon screen ever comes up.
  6. Welcome MdKnightR, Have you tried placing your SetupComplete.cmd in a different directory such as C:\Windows\Temp and then editing the .ini file to show the new location? The Temp directory's may get cleared as well so you may need to try a custom location.
  7. spgsitsupport Have you tried re-creating the boot images? I'm assuming your 1511 boot images were updated to 10.0.15063.0 since you say all of the options are there. If they are not on that version and you can edit them, then I would say something is odd about your ADK install.
  8. Glad it's working for you but your NAA having domain administrator privileges is not a good idea. I realize you are only testing but the NAA accounts credentials are stored in wmi (albeit encrypted) and a bad actor could leverage it against you. Been a while since I've looked but I think you only need your NAA to be a member of domain users assuming IIS doesn't have any restrictions. You can even disable local logons. IIRC, the NAA is being deprecated in the new cm release anyhow.
  9. Have you defined the network access account? I've seen that error at applying the OS phase because my NAC didn't have the correct privileges. You have multiple issues going on so can you give some more info about your environment? You said it's a new 1702 install but what OS are you deploying? Is MDT integrated? Are you pxe booting or using media? Will F8 bring up the cmd window in winpe before you start the task sequence?
  10. It is much simpler and easier to troubleshoot when you have one or two task sequences. I tattoo the registry during the TS and include the TS name and version. Anytime I make a major change to the TS, the version # also gets updated. That way if an issue is discovered I can quickly gather all machines that were imaged with that version. With rolling out Win 10, we publish a schedule and communicate with departments ahead of time then deploy the TS with a Powershell Frontend that allows the users to install now, defer, schedule, etc. We get much better feedback when the end users feel that they have some control over the deployment process and as such have really started leaning on Software Center or Powershell Frontends.
  11. Sounds like your boot images didn't update when you updated the ADK. Check out this post.
  12. You don't have to use .msi files, they are just easier because SCCM will auto detect information from them when you create an application. First step is going to be figuring out the install parameters outside of SCCM. Once you have that down then getting it into SCCM is a preference thing. You can either manually specify the application information or build a package. I would not buy a packager until I'd exhausted all other methods. https://technet.microsoft.com/en-us/library/gg682159.aspx https://technet.microsoft.com/en-us/library/gg682112.aspx
  13. This is one of the reasons I like CM so much....there are so many ways to accomplish this and it all depends on you and your environment. I would personally create a collection containing all devices with 'X' software version installed. Once a new version comes out, deploy it to this collection and as the devices are upgraded, they will drop out of the original collection. You would just need to pay attention if you have any stringent reporting requirements. Of course you could also play around with supersedence and deployment requirements but that is a little more complicated.
  14. Can you post the ClientLocation.log and LocationServices.log as well? Have you tried putting a pause step in the TS before this step and opening up a cmd prompt and verifying you can access the MP? Does the Nagios application install correctly in other task sequences? My first thought was NIC driver but you stated that there are a couple reboots before the failure so the driver is loading for the package installs. FQDN of the MP is correct right?
  15. Starting in SCCM 1511 you have the option of enabling the new Software Center through the client settings. The new Software Center will show application deployments to both user and computers as well as Update and Device Compliance. In SCCM 2012 application deployments to users showed in the Application Catalog and application deployments to computers showed in Software Center. Glad I could help! New Shortcut Path: C:\Windows\CCM\ClientUX\SCClient.exe Old Shortcut Path: C:\Windows\CCM\SCClient.exe
  16. What version are you running? Do the deployments show in the application catalog?
  17. Take one computer that you are seeing this behavior on and check to see if it is a member of any collection that has reoccurring maintenance windows. I have seen some of our win8 embedded clients exhibit the same behavior when they were inadvertently added to a collection with maintenance windows. Are you installing windows updates as part of the task sequence?
  18. MDT is not looking for any files. 'WinPE 10 x64' is a folder that was created to store the new Boot image that is being created by the MDT Wizard. At this step you just need to fill in the UNC path.
  19. Good write up here... https://sccmentor.com/2016/09/21/in-place-upgrade-sccm-cb-1602-site-server-from-windows-2008-r2-to-2012-r2/
  20. I cannot find any documentation supporting that claim. I just did a fresh 1703 install and both IE and Edge were both available. Do you have a script running that removes built in apps? It may be uninstalling IE inadvertently.
  21. I recently completed a migration from an 2012 R2 hierarchy and didn't have any major issues. @BWin, unless you are just wanting to start fresh, you can actually do an in-place upgrade to 2012 which is now supported by MS. I started with this guide and took the entire process one step at time. Both the new and old environments can co-exist so there's no pressure to cut everything over all at once. Are there any specific worries or hurdles?
  22. Jhille, IE 11 is installed in Windows 10 by default. Are you trying to set a default browser or remove the Edge icon from the taskbar?
  23. If both versions installed then something is up with your detection settings. Either way I had a similar situation come up last year when upgrading the Imprivata client. I created a 'Global Condition' based on a powershell script as my deployment requirement. Basically the 'Global Condition' would return 1 of 2 results which each deployment type depended on. As an example, using the script below as your GC, the ESR deployment type could only run if the GC returned a value of 'Resistance' and the RR deployment type would run if the GC returned 'Empire'. I tested A LOT but in the end I was able to upgrade > 2k computers with no issues. $FFVER = (Get-ItemProperty 'HKLM:\SOFTWARE\WOW6432Node\Mozilla\Mozilla Firefox\').CurrentVersion if($FFVER -eq '54.0 (x86 en-US)') {write-host 'Resistance'} else {write-host 'Empire'}
  24. Sorry its taken me so long to respond....been a busy week! Can you post your smsts log as well? How are you joining the PC to the domain - are you using the 'Apply Network Settings' step? We joined the PC to a workgroup in the 'Apply Network Settings' step, then added a 'Run Command Line' step to ping the loopback, then used the 'Join Domain or Workgroup' step to join the domain. For us it was all about timing. Certain model laptops with SSD's were more prone to this behavior than other were.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.