N-2 WIM and Task Sequence Managment

, ,

After my experience at MMSDE and talking with not only other attendees, but speakers that I knew of and those that were new to me, I felt like I could add something that could help others out there as I have been helped along the way.

Managing multiple WIM files and task sequences can be genuinely time consuming, especially if you have been doing it manually.  That was why I’ve been automating as much as possible over the last year.  Extracting WIM files, making them patch current every month, and then building and capturing WIM files with various versions of Office.  Most of which I have been able to script through trial and error as I got a chance to.

What I wanted to share is my script for updating our Operating Systems and Upgrade packages using the N-2 method.  It is my latest script, but it can help set up your WIM files in the same way and see when I will post the other processes in the near future.   I do not currently have a lab environment to get screenshots yet, but that will also change as I figure out which way to go.

For this script, you can run this on any machine that has the Admin Console installed on it.

These are all examples of how the script is currently set up, to give you an idea for naming conventions for static packages that you can use and customize the script for your own environment.

NEW_1809_WIM

_PROD_1809_WIM

1_PREV_1809_WIM

2_PREV_1809_WIM

For the upgrade packages, it is similar, however they are based on language using EN-US as the example.

NEW_1809_en-us

_PROD_1809_en-us

1_PREV_1809_en-us

2_PREV_1809_en-us

NEW would be your newly updated WIM files and the _PROD your current WIM files.  1_PREV the previous month, and 2_PREV being two versions older.

Here are the steps to acquire your OSD WIM package ID’s:

#=+=+=+=+=+=+=+= OSD WIMS =+=+=+=+=+=+=+=
$NEWWIM = (Get-CMOperatingSystemImage -Name “NEW_*$OSVersion*WIM”)
$NEWWIMID = ($NEWWIM.package.ID)

$PRODWIM = (Get-CMOperatingSystemImage -Name “_PROD_*$OSVersion*WIM”)
$PRODWIMID = ($PRODWIM.package.ID)

$PREV1WIM = (Get-CMOperatingSystemImage -Name “1_PREV_*$OSVersion*WIM”)
$PREV1WIMID = ($PREV1WIM.package.ID)

$PREV2WIM = (Get-CMOperatingSystemImage -Name “2_PREV_*$OSVersion*WIM”)
$PREV2WIMID = ($PREV2WIM.package.ID)

Similarly, the following commands will find your upgrade packages:

#=+=+=+=+=+=+=+= Upgrade Packages =+=+=+=+=+=+=+=
# Using the US-EN version as an example
$NEW_ENUS = (Get-CMOperatingSystemInstaller -Name “NEW_*$OSVersion*en-us”)
$NEW_ENUSID = ($NEW_ENUS.package.ID)

$PROD_ENUS = (Get-CMOperatingSystemInstaller -Name “_PROD_*$OSVersion*en-us”)
$PROD_ENUSID = ($PROD_ENUS.package.ID)

$PREV1_ENUS = (Get-CMOperatingSystemInstaller -Name “1_PREV_*$OSVersion*en-us”)
$PREV1_ENUSID = ($PREV1_ENUS.package.ID)

$PREV2_ENUS = (Get-CMOperatingSystemInstaller -Name “2_PREV_*$OSVersion*en-us”)
$PREV2_ENUSID = ($PREV2_ENUS.package.ID)

Using the values obtained above, we first change the names of the OSD and Upgrade packages.

#=+= OSD =+=
Set-CMOperatingSystemImage -Id $PREV2WIMID -NewName “RETIRED_$OSVersion _WIM” -Description “RETIRED”
Set-CMOPeratingSystemImage -Id $PREV1WIMID -NewName “2_PREV_$OSVersion _WIM” -Description “2-Previous Month”
Set-CMOperatingSystemImage -Id $PRODWIMID -NewName “1_PREV_$OSVersion _WIM” -Description “1-Previous Month”
Set-CMOperatingSystemImage -Id $NEWWIMID -NewName “_PROD_$OSVersion _WIM” -Description “Current Month”

#=+= Upgrade =+=
Set-CMOperatingSystemInstaller -Id $PREV2_ENUSID -NewName “RETIRED_$OSVersion _en-us” -Description “RETIRED”
Set-CMOPeratingSystemInstaller -Id $PREV1_ENUSID -NewName “2_PREV_$OSVersion _en-us” -Description “2-Previous Month”
Set-CMOperatingSystemInstaller -Id $PROD_ENUSID -NewName “1_PREV_$OSVersion _en-us” -Description “1-Previous Month”
Set-CMOperatingSystemInstaller -Id $NEW_ENUSID -NewName “_PROD_$OSVersion _en-us” -Description “Current Month”

This will cycle the WIM packages to make the NEW the _PROD and the others trickle down to where 2_PREV becomes RETIRED.

(Note, one of my other processes that I will post will automatically use the RETIRED package and rename them NEW when building the new WIM files.)

Now, this next step you will have to customize the script for your environment.  This will update your task sequences with the _PROD packages.

#=+=+=+=+=+=+=+= Update Task Sequences =+=+=+=+=+=+=+=
# If managing multiple versions, you can set an if ($OSVersion = XXX) also and have the following steps between {}.
#=+= OSD =+=
$PRODWIM = (Get-CMOperatingSystemImage -Name “_PROD_*$OSVersion*WIM”)

Set-CMTSStepApplyOperatingSystem -TaskSequenceId XXXXXXXX -ImagePackage $PRODWIM -ImagePackageIndex 1 #Change XXXXXXXX to your task sequence ID.

#=+= Upgrade =+=
$PROD_ENUS = (Get-CMOperatingSystemInstaller -Name “_PROD_*$OSVersion*en-us”)

Set-CMTSStepUpgradeOperatingSystem -TaskSequenceId XXXXXXXX -UpgradePackage $PROD_ENUS #Change XXXXXXXX to your task sequence ID.

And that’s it.

I have uploaded the script to GitHub so you can grab it instead of copying and pasting from above.

https://github.com/shotgn22/osd

Thank you for reading this far.

My name is Scott Graves, I have been doing IT since 1995 and am currently heavy into OSD, Task Sequences and Upgrades.  I have set up a Twitter (@shotgn22) if you have any questions.  Thank you Adam Gross of ASquareDozen.com and Chris Buck of this page for taking the time to answer my questions the past few days.

Lockstate Object

, , ,
LockState

This comes from something that one of my PFE buddies showed me during a visit to Kuwait. From time to time you will have an object locked out by one of your team members whom left for the day. Another scenario that is common would be the SCCM Console crashed and when you to to modify the object SCCM will think the object is still being edited.

In my screenshot below we see that my zero touch task sequence has been locked out by “BuckC”

Launch SQL MGNT Studio > Connect to your database > New Query

Find the LockID for the object you are trying to delete by running the following

SELECT * FROM SEDO_LockState WHERE LockStateID <> 0

This will display ID’s of all items locked, locate the relevant user that has locked out the object.

In my case I will run

DELECT from SEDO_LockState where LockStateID <> 0 and assigneduser like ‘%buckc’

We can now open and modify my Zero Touch task sequence.

note: if anybody is interested I can provide task sequence in a future blogpost. The task sequence moves a machine from windows 7 to widows 10, converting from Legacy BIOS to UEFI partitioned w/ GPT. This also enables secure boot,device guard, credential guard.

 

ALSO SEE : Slow WinPE Boot Speed