The Realm of the Verbal Processor

Dynamic OSD using the MDT Database (2 of 5)

This is the second of a five part series on utilizing the MDT integration into Configuration Manager to improve your Operating System Deployment functionality. These processes will make your OSD setup much more dynamic. The series will be:

1. Assumptions and creating the MDT database
2. Dynamic OSD using the MDT Database
3. Application Replacement #1…this post is the reason I started the series. Deals with necessary modifications to the RetrievePackages stored procedure.
4. Application Replacement #2. Populating the PackageMapping table.
5. OSD and the MDT Database…connecting all the dots from the previous four posts. Setting up a task sequence to use the MDT database.

In the first post in this series, we set up the MDT database in our already functional Configuration Manager environment. (Check the assumptions section of the previous post.) Now let’s look at populating the database with information that will make our OSD process much more dynamic.

Populate the MDT Database:

The MDT database can be used to customize the deployment of systems. Customization can be based on Location, Make/Model, Roles, or tied to a specific Computer via Asset Tag or MAC address. The customizations available are numerous and include software installation as well as various AD and OS settings.

Configure Locations

Locations in the MDT database are set up based on Default Gateway.

1. Select Location, then click “New”.
2. Give a descriptive name and enter in all Default Gateways associated with this location. At deployment time, any computer using one of these default gateways will have specific settings applied.
3. Switch to the “Details” tab. Not all settings are appropriate for client deployments (some are server settings). Additionally, some settings are better applied based on other criteria than by location. Settings that would be logical to set for location based configuration include:
   • MachineObjectOU – the OU that the computer will be joined into (if the computer account doesn’t already exist in AD). Note: The MachineObjectOU setting needs to be in LDAP format, but should NOT include “LDAP://”.
     • Right: OU=ClientComputers,DC=Demolab,DC=COM
     • Wrong: LDAP://OU=ClientComputers,DC=Demolab,DC=COM
   • AdminPassword – use if different local admin passwords are used based on location
   • WSUSServer – use this if standalone WSUS is implemented instead of a Configuration Manager SUP. This will enable updates to be applied during the Task Sequence when used in conjunction with the ZTIWindowsUpdate.wsf script that is part of the MDT package.
   • TimeZoneName (Vista and above…don’t use “TimeZone” as it is for XP only). The list of acceptable entries in TimeZoneName can be found here.
   • OSDSITECODE – used to set the Configuration Manager site code to use for a new computer. Only use if necessary.
4. Switch to the “Administrators” tab. This could be used to add a domain group to the local admin group on the system based on location. In my opinion, don’t use this options…set it with Group Policy instead.

Configure Make and Model Settings

Useful settings here include:

1. Bitlocker settings if necessary
2. Disk settings
3. Display settings (xresolution, yresolution, BitsPerPel, Vrefresh)
4. Configuration Manager Packages
   • “Bad” drivers (i.e. drivers that must be installed as applications) Add them as applications here…better way of ongoing management than manually editing the task sequence for stuff like this.
   • Note that the program name is case sensitive!

When setting up the Make/Model information it will be necessary to determine the exact Make/Model that MDT recognizes. Run the following command lines to get make and model:

• wmic computersystem get manufacturer
• wmic computersystem get model

Configure Roles

Roles are useful for installing applications based on the role of the user or computer. Roles can be assigned to Computers/Locations/Make-Model.

1. Set up a new Role.
2. Switch to the “ConfigMgr Packages” tab and add each Configuration Manager package/program that should be installed for this role in the format of: ABC00000:ProgramName. Note that the program name is case sensitive.
3. Roles will need to be assigned either manually via the Deployment Workbench (see the Computer section below) or by setting the “Role” Task Sequence variable at deployment time. The Task Sequence variable can be set via an HTA, Collection variable, or some other method. The “Role” variable will need to be set to the exact name of the MDT role. Any computer with this role assigned will have these programs automatically installed during the Task Sequence.

Configure Specific Computers

Computers can be manually added to the MDT database and have roles/settings applied to them at deployment time. Ideally this will be populated via a spreadsheet and injected via PowerShell or some other method. You can choose from Asset Tag, UUID, Serial Number or MAC address as the identifying information. You only need to specify one of the four. After doing that, you can tie any desired settings (Details tab), ConfigMgr Packages, Roles or Administrators to this particular computer.

Summary

Setting up customizations in the MDT database provides a method for keeping your deployment task sequences cleaner as well as making them more streamlined. This also enables you to allow someone who does not necessarily have rights inside Configuration Manager to set up customizations for computer deployments. In my opinion, the Location, Make/Model, and Role based configurations make for significantly more powerful OSD deployments. They are DEFINITELY more flexible.

Now that we have the big pieces in place, the next post in this series will show you how to set up the application replacement / package mapping feature.

April 11, 2012 - Posted by Jarvis | ConfigMgr, MDT 2010