Monday, June 2, 2014

WES8 deployment with ConfigMgr 2012 SP1 or R2 (part 2)

A few months ago I did a blogpost about WES8 deployment with ConfigMgr 2012 SP1 or R2. Nothing special you can say? But the point is Microsoft changed something in ADK8.x and WES8.x, so deployment with ConfigMgr isn't working as expected anymore. This because of OSDSetupHook. After the "Setup Windows and ConfigMgr" task sequence step deployment ends. No error message, no additional packages installed, nothing. This is not the case on WES7, which is still deploying fine. Let's have a look.


The reason for this can be found on Microsoft TechNet.
Windows ADK Release Notes mentions: Changes in Out-Of-Box (OOBE) Experience.
Oobe.cmd and Setupcomplete.cmd are disabled if an OEM product key is used. This is to ensure that end-users reach Start as quickly as possible. If you have any tools or services that use this infrastructure, these must be changed to tasks that occur after the OOBE.

Add a Custom Script to Windows Setup mentions: In Windows 8, oobe.cmd and Setupcomplete.cmd are disabled if an OEM product key is used. This is to ensure that end users reach Start as quickly as possible. Any tools or services that use this infrastructure need to be moved to post Out-Of-Box Experience (OOBE) tasks.
FirstLogonCommands mentions: In Windows 8 and Windows 8.1, oobe.cmd and Setupcomplete.cmd are disabled if an OEM product key is used. This is to ensure that end users reach Start as quickly as possible. Any tools or services that use this infrastructure need to be moved to post Out-Of-Box Experience (OOBE) tasks.

Run a Custom Script after Windows Setup Completes:
You can make additional customizations after Windows Setup completes by adding commands to the %WINDIR%\Setup\Scripts\SetupComplete.cmd file. This file enables you to install additional applications, run custom Windows scripts (cscript/wscript), or make other modifications to the system before a user logs on. Setupcomplete.cmd functionality differs from the RunSynchronous and RunAsynchronous commands in the following way: Setupcomplete.cmd runs after Windows Setup completes, whereas the RunSynchronous and RunAsynchronous commands run during Windows Setup. Commands in the Setupcomplete.cmd file are executed with local system permission.

To understand the order of operations when adding a custom script after Setup:
1. After Windows is installed but before the logon screen appears, Windows Setup searches for the SetupComplete.cmd file in the %WINDIR%\Setup\Scripts\ directory.
2. If a SetupComplete.cmd file is found, the file is executed. Otherwise, installation continues in the standard manner. Windows Setup logs the action in the Setupact.log file. Setup does not verify any exit codes or error levels in the script after it executes SetupComplete.cmd.
Note: You cannot reboot the system and resume running SetupComplete.cmd. When a computer joins a domain during installation, the Group Policy that is defined in the domain is not applied to the computer until Setupcomplete.cmd is finished. This is to make sure that the Group Policy configuration activity does not interfere with the script.


Looking in the setupact.log file you will see the following:
[msoobe.exe] OEM license detected, will not run SetupComplete.cmd
[msoobe.exe] TASK: End successfully running task RunSetupFinalTask


Solutions for above changes are:
1. Use a Windows 8.x KMS GVLK Client Setup Key for Win8.x Enterprise x86/x64 and all Progs in Setupcomplete.cmd are installed. Source: KMS Client Setup Keys
2. Rename the SetupComplete.cmd file to FirstLogon.cmd and replace the Sysprep.xml file by the following one. That way FirstLogon.cmd will start OSDSetupHook again.
=========================
<unattend xmlns="urn:schemas-microsoft-com:unattend">
     <settings pass="generalize">
         <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
             <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
         </component>
         <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
             <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
         </component>               
     </settings>
        
        
         <settings pass="oobeSystem">
                 <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                         <FirstLogonCommands>
                                 <SynchronousCommand wcm:action="add">
                                         <Order>1</Order>
                                         <CommandLine>C:\Windows\Setup\Scripts\FirstLogon.cmd</CommandLine>
                                 </SynchronousCommand>
                         </FirstLogonCommands>
                 </component>
                 <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                         <FirstLogonCommands>
                                 <SynchronousCommand wcm:action="add">
                                         <Order>1</Order>
                                         <CommandLine>C:\Windows\Setup\Scripts\FirstLogon.cmd</CommandLine>
                                 </SynchronousCommand>
                         </FirstLogonCommands>
                 </component>               
         </settings>
 </unattend>

=========================
Source: My Digital Life Forums
3. Use another tooling besides of ConfigMgr to start SetupComplete.cmd after deployment, like ThinKiosk which can be downloaded for free usage (Community Edition only).
Source: ThinScale Technology

To be continued till doing another project with ConfigMgr and Thin client deployment.

2 comments:

  1. Hi,
    Thanks for publishing an article. I need some informations on Option 2.

    I have a build which has "setupcomplete.cmd" under "C:\windows\setup\scripts" folder which has command "del /q /f C:\Windows\system32\sysprep\sysprep.xml" in it.

    i) After renaming "setupcomplete.cmd" to "FirstLogon.cmd", do I need to modify the contents of "FirstLogon.cmd" file? i.e with any other specific commands OR can i

    just leave it as it is?
    ii) Currently I am capturing the image using SCCM image capture media method. While deploying, I am providing sysprep.xml as a part of OSD task sequence (Install

    Operating System - Apply Operating System.). So I need to modify my current sysprep.xml in the TS by including sysnchronous first logon command in it to resolve this

    issue, Right?
    iii) I did not get how FirstLogon.cmd will start OSDSetupHook again. Can you explain liitle bit?

    Regards
    Shashidhar

    ReplyDelete
    Replies
    1. Hi Shashi,
      I assume that your FirstLogon.cmd must contain the following line:

      %windir%\system32\osdsetuphook.exe /execute

      Regards,
      Thomas

      Delete