October, 2008

If you are trying to install multiple software packages using a ConfigMgr task sequence "Install Software" step, where each of the package and program combinations is stored in a task sequence variable (e.g. PACKAGES001=XXX00001:Install), you might find that they don't work.  If you go digging through the SMSTS.LOG, you'll see messages like this:

No matching policy assignments received.
Policy download failed, hr=0x80004005

This is because you have to give ConfigMgr permission to install a package that isn't advertised to the computer.  (ConfigMgr always tries to be "secure by default" and making this the default would violate that principle.)  This is done using the "Allow this program to be installed from the Install Software task sequence without being advertised" checkbox on each program's properties.  The explanation given in the ConfigMgr documentation (http://technet.microsoft.com/en-us/library/bb680842.aspx) is:

Important

The program specified must have the Allow this program to be installed from a list of software packages in the "Install Software" task sequence step without being advertised option selected or the installation will fail. This option can be selected when adding a program to an existing package in the New Program Wizard. Alternatively, you can specify this option by right-clicking an existing program, selecting clicking Properties, and then clicking the Advanced tab.

So, before you can install a dynamic list of packages, you need to check this box on every program that you are planning to install this way.  Depending on how many programs you have, this could be rather painful via the ConfigMgr console.  So in MDT 2008 Update 1, we included a new sample script to help with this (a script I forgot to mention in my previous post).  Look in the "C:\Program Files\Microsoft Deployment Toolkit 2008\Samples" folder for a file named EnableProgramsForTS.vbs.  You will need to make a few edits toward the top of this script before it will work in your environment:

sProviderServer = ""
sSiteCode = "CEN"
sNamespace = "root\sms\site_" & sSiteCode
sUsername = ""
sPassword = ""

Change these values to specify the proper connection details for your ConfigMgr site (whichever site owns packages that need updating, typically the central primary site) and then run it.  (Don't specify a username and password if you are running the script on the ConfigMgr server.  These values are always optional, but when making a local WMI connection they can't be specified.)  The script will check the "Allow" box for every program on every package.

If there is a subset of programs that you want to enable, you can tweak the script as required.  (Of course if the criteria is too complex it's probably easier to just use the UI.)

A few people have asked about the script updates that were made in MDT 2008 Update 1.  Here's the quick summary listing all the scripts that were modified in MDT 2008 Update 1 and a very brief description of the changes made to each:

• DeployWiz_Definition_ENU.xml.  If the deployment type is blank, show the deployment type wizard pane even if directed to skip it.
• DeployWiz_Initialization.vbs.  Better handle task sequences that reference OSes that no longer exist.  For new computers, filter out task sequences that aren't for the current architecture of Windows PE.  Don't display the application selection pane if there are no "Install Application" steps in the task sequence.
• DeployWiz_Validation.vbs.  Preserve the preconfigured DeploymentType value while clicking through task sequences.
• LiteTouch.wsf.  Add hooks for the LTI OEM preloading process.  Send proper "beginning" events to the management pack.
• LTIApply.wsf.  Set the right image path, pointing to the locally-cached image, when performing multicast Windows Vista or Server 2008 deployments.
• LTICleanup.wsf.  Changes to support the LTI OEM preloading process.
• LTISysprep.wsf.  For Windows XP and Server 2003, set the local Administrator password to blank before running sysprep.
• ZTIBackup.wsf.  When capturing a Windows XP or Server 2003 image, remove the boot folder and bootmgr file so that they don't confuse ConfigMgr 2007 if the image is later used with ConfigMgr.
• ZTIBcdUtility.vbs.  Fixed a problem when running BCDEDIT on a non-English OS.  (See http://support.microsoft.com/?id=952573.)
• ZTIDiskpart.wsf.  Changes to support the LTI OEM preloading process (don't repartition and reformat the disk if the deployment point is on it).
• ZTIDiskUtility.vbs.  Use DiskIndex instead of Index when querying WMI for disk information.
• ZTIGather.wsf.  Fixed logic for setting SMSDP variable.  Modified computer name assignment logic so that logging and management pack behaviors are more consistent.
• ZTIGather.xml.  Added OSDComputerName property.  Fixed ADDSUserPassword to be ADDSPassword.
• ZTIMediaHook.wsf.  Added logic to wait for an advertisement after adding a new unknown computer.
• ZTIMoveStateStore.wsf.  If the "move" process fails, try to copy the state store directory.
• ZTISCCM.wsf.  Cache the MDT files package content even in Windows PE, as long as there is a place to put it, to avoid later network access issues.
• ZTIStorageDrivers.wsf.  Don't do anything when installing an image (only for unattended installs of Windows XP and Server 2003).  Use XCOPY to copy mass storage drivers, removing read-only attributes.  Remove "IDE CD-ROM" entry from unattend.txt that caused problems on non-English OSes.
• ZTIStorageDriversSysprep.wsf.  Fixed a variety of errors related to the processing of TXTSETUP.OEM files.  Added "hdc"-class drivers to the selection criteria.
• ZTIUtility.vbs.  Modified the management pack event file creation logic.  Changed the computer name assignment logic to be more consistent, especially during ConfigMgr deployments.  Properly build SQL connection strings when specifying named pipes and a port.
• ZTIWindowsUpdate.wsf. Add logic to opt in to Microsoft Update.  Restore the original state of the Window Update Agent when done performing updates.

There are also two new scripts:

• LTIOEM.wsf.  Load a Lite Touch media deployment point onto the hard disk.
• ZTIOEM.wsf.  Save and restore needed task sequence variables to support the split two-part OEM task sequence templates.

Remember a few years ago when it was a big deal if you had a Microsoft certification?  Microsoft Certified Systems Engineer (MCSE) was the big one, with the Microsoft Certified Systems Administrator (MCSA) being the "baby brother".  MCSA was about managing and troubleshooting; MCSE was about designing and implementing.

As always, time marches on, Microsoft releases new products, and certifications are updated.  This time around, they were also renamed.  First up is the replacement for MCSA, now called "Microsoft Certified IT Professional: Server Administrator."  This version focuses on Windows Server 2008, including all the new functionality in the new version.  The details for this certification are at http://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/server/default.mspx.  Three exams are required:

• Exam 70-640: TS: Windows Server 2008 Active Directory, Configuring.  All about Active Directory (including RODC, backup and recovery, trusts, DNS, replication), Certificate Services, Lightweight Directory Services, Rights Management Services, Federation Services, Group Policy, and more.
• Exam 70-642: TS: Windows Server 2008 Network Infrastructure, Configuring.  All about DNS, DHCP, DFS, WSUS, NAP, WDS, NLB, performance monitoring, network monitoring, IP configuration (including subnetting IPv4 and configuring IPv6), and more.  Finally, an exam that doesn't dwell on WINS :-)
• Exam 70-646: PRO: Windows Server 2008, Server Administrator.  All about clustering, disk configuration, NLB, software deployment mechanisms, patching, firewall configuration, product capabilities, upgrade scenarios (especially around forest and domain functional levels), and more.

Those are the tests I took in the past week, so I've now officially upgraded my MCSA certification (the hard way - there is an upgrade path you can take too, described at http://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/transition/default.mspx, but what's the fun in that?).  Now it's on to the next certification, "Microsoft Certified IT Professional: Enterprise Administrator," described at http://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspx.  There are five exams required for that one:

• Exam 70-640: TS: Windows Server 2008 Active Directory, Configuring.  See above, already done for the MCITP: Server Administrator certification.
• Exam 70-642: TS: Windows Server 2008 Network Infrastructure, Configuring.  See above, already done for the MCITP: Server Administrator certification.
• Exam 70-643: TS: Windows Server 2008 Applications Infrastructure, Configuring.  I took this one in the past week too, so I'm ahead on the game.  This one is all about IIS, FTP, SMTP, SSL and certificate requirements, Windows SharePoint Services, Windows Deployment Services, Hyper-V, Terminal Services (including the new gateway and remote app capabilities), Windows Media Services (including rights management), and NLB again.
• Exam 70-620: TS: Windows Vista, Configuring, or Exam 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops.  See my previous blog posts on those, already completed both.
• Exam 70-647: PRO: Windows Server 2008, Enterprise Administrator.  Basically, anything goes from the previous four exams, with more of a focus on architecture, design, and deployment.

So 70-647 is the next one on my list.  Then maybe I'll take a break for a while.  Or maybe not, there are still more certifications to be had :-)  It's great having a testing center right across the street from my office.

It really does exist, and today we admitted it at the Professional Developer's Conference in Los Angeles.  See http://www.microsoft.com/presspass/events/pdc/default.mspx for all the PDC-related news, and the refocused Windows Team Blog at http://windowsteamblog.com/ for more specifics on Windows 7.  (If you missed it, there was also a posting about Windows Vista and Server 2008 SP2 last week too.)

There is also an "Engineering Windows 7" blog at http://blogs.msdn.com/e7/ that offers interesting details from the Windows 7 engineering processes. 

I'm just glad there's now all kinds of pre-beta software for me to be using again.  Things were too boring after the Windows Vista and Server 2008 releases - what challenge is there in using RTM software :-)

We are hard at work on a new version of the Microsoft Deployment Toolkit to support Windows 7.  More details on that will be disclosed at the TechEd EMEA conference next week in Barcelona.

The dates were posted to the TechEd website, http://www.microsoft.com/events/teched2008/default.mspx, saying that TechEd 2009 would again be one week instead of two as was done last year in Orlando (and as is still done in Europe for TechEd EMEA).  This year it will be earlier too, May 11-15, and be located in Los Angeles.  I can't remember ever having a TechEd conference in LA before, nor can I remember it ever occurring earlier than June.

This also means that there is only one week in between TechEd 2009 in Los Angeles and MMS 2009 in Las Vegas.  My suggestion: make it a three-week trip and take a week of vacation between the two :-)  It's a nice four-hour drive between the two (well, depending on how long it takes to escape the LA traffic), through the mountains and the desert.