Windows 7 SCCM Deploy

From richud.com
Jump to navigation Jump to search


Some quick notes on what I did to get the SCCM client from a USB stick to quickly network boot and automate the manual clicking crap...

Files

Copy these 4 files (from the USB SCCM client deployment stick [this is what I was provided with as source]). I lower-cased these, except BCD.

wimboot comes from http://ipxe.org/howto/sccm

├── BCD
├── bootmgr
├── boot.sdi
├── boot.wim
└── wimboot

-rw-r--r-- 1 xxxx xxxx         16384 Jul 27 17:44 BCD
-rw-r--r-- 1 xxxx xxxx        383562 Jul 14  2009 bootmgr
-rw-r--r-- 1 xxxx xxxx       3170304 Jun 10  2009 boot.sdi
-rw-r--r-- 1 xxxx xxxx     179937121 Aug  4 14:19 boot.wim
-rwxr-xr-x 1 xxxx xxxx         34576 Dec  8  2014 wimboot

Extracting from ISO

7z seems to work on most and bsdtar on some types of ISO

7z x W10_Deploy.iso -o/tmp/W10
#or
bsdtar xf W10_Deploy.iso -C /tmp/W10

Install wimtools

  • Adding in Ubuntu 14.04.2, nothing newer (15.xx) has repo at the time of writing for it.
sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get install wimtools

Mount boot.wim

This mounts into a /tmp/a

mkdir /tmp/a
wimmountrw /path/to/boot.wim /tmp/a

File changes

(If you want to do it the VB way then follow the iPXE sccm guide else do this just using a batch file.)

1a) Copy the root /sms folder off the USB stick to /tmp/sms and lower-case everything, otherwise they wont merge/overwite into the boot.wim.

pushd /tmp/sms
find ./ -exec rename 'y/A-Z/a-z/' {} \;
pushd /tmp/a/sms
find ./ -exec rename 'y/A-Z/a-z/' {} \;

1b) Copy/overwrite /tmp/sms folder from the USB stick over the mounted boot.wim /sms folder. Should end up like structure like /tmp/a/sms/bin/x64. (Ignore errors about ownership/preserving permissions etc.)

cp -a /tmp/sms/ /tmp/a/

2) Delete /tmp/a/Windows/system32/winpeshl.ini

3) Overwrite /tmp/a/Windows/system32/startnet.cmd with the below

startnet.cmd

This is essentially taken from VB code from the aforementioned ipxe sccm howto and batch'd. It will also scrub the disk before it starts as old MBR's and RAID metadata tend to break SCCM (at least where I work!) (This can be loaded in afterwards with latest wimboot, so changes dont need a rebuild, dont do this step!)

@echo off

echo ** Show Disks
echo list disk > list.txt
diskpart /s list.txt

echo ** Removing any USB Storage
devcon64 disable "USBSTOR\DISK"

echo ** Show Disks
diskpart /s list.txt


echo ** Wiping Disk 0
echo select disk 0 > wipe.txt
echo clean >> wipe.txt
diskpart /s wipe.txt

echo ** Show Disks
diskpart /s list.txt

echo ** Starting WinPEinit
wpeinit

echo ** Starting DNScache
net start dnscache

echo ** Patching Ramdisk
reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v PEBootType /t REG_SZ /d "Ramdisk:OpticalDrive" /f

echo ** Starting Autoclicker
start "" auto-sccm.exe

echo ** Starting SCCM
pushd "%SYSTEMDRIVE%\sms\bin\x64"
TsmBootStrap.exe /env:WinPE /configpath:%SYSTEMDRIVE%\sms\data

exit

Auto-clicker

Auto clicker to go to Next > pick latest advertised task sequence > Next

  • F1 hotkey gives command prompt
  • Your system may well differ from this as I imagine ours is peculiar! Caveat emptor!

This is auto-sccm.au3 that will compile (x64) to auto-sccm.exe - put in to mounted boot.wim thusly /tmp/a/Windows/system32/auto-sccm.exe

#include <MsgBoxConstants.au3>
#include <GUIListView.au3>


Opt("WinTitleMatchMode", 3) ; exact title match

Dim $title[4]
Dim $id[4]

;Next >
$title[0]="Task Sequence Wizard"
$id[0]=1025

;SysListView32
$title[1]="Task Sequence Wizard"
$id[1]=430

;Next >
$title[2]="Task Sequence Wizard"
$id[2]=1025

;Finish
$title[3]="Task Sequence Wizard"
$id[3]=1026

HotKeySet("{F1}", "hotk")

Func hotk()
	ShellExecute ( "cmd.exe" , "/k" )
EndFunc

Func shutit()
	If WinExists($title[$i]) And ControlCommand($title[$i], "",$id[$i],"IsVisible","" ) And ControlCommand($title[$i], "",$id[$i],"IsEnabled","" ) Then

		If $i == 0 Then
			ControlClick($title[$i],"",$id[$i])
			$i+=1
		ElseIf $i == 1 Then
			$j = ControlListView($title[$i], "",$id[$i], "GetItemCount")
			;MsgBox(0,$id[$i],$title[$i] & $j);
			ControlListView($title[$i], "",$id[$i], "Select", $j-1)
			$h = ControlGetHandle($title[$i], "",$id[$i])
			_GUICtrlListView_ClickItem($h,$j-1)
			$i+=1
		Else
			ControlClick($title[$i],"",$id[$i])
			$i+=1
		EndIf
			
	EndIf
EndFunc

$i = 0
While 1
	shutit()
	If $i == UBound($title) Then
		Exit(0)
	EndIf
	Sleep(1000)
WEnd

Exit

Unmount boot.wim

wimunmount /tmp/a --commit

Without --commit it wont save changes!

PXE boot via Pxelinux/Syslinux

pxelinux/syslinux needs to be 4.06 or newer (I think) Ubuntu 14.04.2 has 4.05 so you will need to get updated deb's (I couldn't find a ppa)

I Updated using .deb updates (6.03) from here -

http://www.ubuntuupdates.org/package/core/utopic/main/base/syslinux-common

http://www.ubuntuupdates.org/package/core/utopic/main/base/syslinux

http://www.ubuntuupdates.org/package/core/utopic/main/base/pxelinux

N.B the structural paths have changed and you now need to use lpxelinux.0 not pxelinux.0 if you are chainloading from iPXE via http.


Sample pxelinux boot menu entry, my files are in /os/sccm/.

LABEL -> Windows 7 SCCM Direct
    com32 /syslinux/linux.c32
    append /os/sccm/wimboot initrdfile=/os/sccm/bootmgr,/os/sccm/BCD,/os/sccm/boot.sdi,/os/sccm/boot.wim

PXE boot from iPXE

  • BCD needs to be uppercase on the right hand side bit of the initrd.
#!ipxe

:retry_dhcp
echo ** DHCP Request **
dhcp && goto boot_sccm || goto ask_shell

:ask_shell
prompt --key 0x02 --timeout 2000 Press Ctrl-B for the iPXE shell... && shell || goto retry_dhcp

:boot_sccm
echo ** Booting SCCM **
set base-url http://YOURSERVER/os/sccm
kernel ${base-url}/wimboot || goto boot_sccm
initrd ${base-url}/bootmgr bootmgr
initrd ${base-url}/BCD BCD
initrd ${base-url}/boot.sdi boot.sdi
initrd ${base-url}/boot.wim boot.wim
boot

WinPE BSOD'd with latest HP G1's preinstalled with Windows 8, stop error 0x00000050 from iastor.sys. This is due to it not liking the RAID metadata (I think). Therefore you have to erase it first.

I got around this by creating a pxelinux menu entry that booted a minimal linux (my 'Cyclone' system actually) that wipes the start and end sector of the drive, then copies ipxe.usb via dd to the hard drive. This has the menu entry above built in that then boots and runs. You can build it by pulling ipxe git , then doing this, assuming above script is saved as sccm.script.

#build it
make CC="gcc -m32 -O3" -j4 ARCH=i386 bin/ipxe.usb EMBED=sccm.script
#to write to target at some point
dd if=ipxe.usb of=/dev/sda

Other

Updated sccm certs

Replace sms/data/variables.dat with new file

AHCI/RAID drivers

You may need to add some AHCI/RAID drivers, this is easiest done in Wincrap. e.g.

http://www.microsoft.com/en-us/download/details.aspx?id=5753

KB3AIK_EN.iso

Dism /Get-WimInfo /WimFile:c:\wim\boot.wim
mkdir c:\mount
Dism /Mount-Wim /wimfile:c:\wim\boot.wim /index:1 /MountDir:c:\mount
Dism /Image:c:\mount /Add-Driver /Driver:c:\pathto\drivers /Recurse
Dism /unmount-wim /commit /mountdir:c:\mount
  • Note KB3AIK_EN.iso didn't mount in 'archive mounter' and file roller couldn't cope with it - I think it only worked in 'disk image mounter'
  • If you have used wimtools in linux to edit the image and end up with Error 5: Access Denied later trying to mount in Windows it could be caused by having duplicate filenames in different cases, NTFS allows it, Windows not so much.

Comments

blog comments powered by Disqus